kroonika.delfi.ee Open in urlscan Pro
185.20.100.193 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-rah...
Submission: On December 07 via manual (December 7th 2022, 5:42:17 pm UTC) from EE — Scanned from DE

Summary HTTP 669 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 113 IPs in 13 countries across 93 domains to perform 669 HTTP transactions. The main IP is 185.20.100.193, located in Harjumaa, Estonia and belongs to EKSPRESS-DIGITAL, EE. The main domain is kroonika.delfi.ee.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 4th 2022. Valid for: a year.

This is the only time kroonika.delfi.ee was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	185.20.100.193 185.20.100.193	199328 (EKSPRESS-...) (EKSPRESS-DIGITAL)
43	185.20.100.192 185.20.100.192	199328 (EKSPRESS-...) (EKSPRESS-DIGITAL)
30	185.20.100.195 185.20.100.195	199328 (EKSPRESS-...) (EKSPRESS-DIGITAL)
5	37.157.6.236 37.157.6.236	198622 (ADFORM) (ADFORM)
7	2a02:26f0:6c0... 2a02:26f0:6c00:2bf::268b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
27	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	104.111.230.79 104.111.230.79	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 21	147.75.85.120 147.75.85.120	54825 (PACKET) (PACKET)
3 44	37.157.2.237 37.157.2.237	198622 (ADFORM) (ADFORM)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1 4	146.59.21.56 146.59.21.56	16276 (OVH) (OVH)
3	20.54.110.135 20.54.110.135	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2400:52e0:1e0... 2400:52e0:1e00::713:1	200325 (BUNNYCDN) (BUNNYCDN)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:215... 2600:9000:2156:f600:6:c108:980:93a1	16509 (AMAZON-02) (AMAZON-02)
1	146.59.30.100 146.59.30.100	16276 (OVH) (OVH)
1	51.144.7.192 51.144.7.192	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	52.209.1.10 52.209.1.10	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
17 17	52.58.152.6 52.58.152.6	16509 (AMAZON-02) (AMAZON-02)
5	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
16 35	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
3 30	37.157.2.239 37.157.2.239	198622 (ADFORM) (ADFORM)
12 12	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
8 8	159.65.194.197 159.65.194.197	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	146.0.227.110 146.0.227.110	29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH)
10 10	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 5	2a05:d018:d29... 2a05:d018:d29:3602:2799:7e74:3a60:9ac2	16509 (AMAZON-02) (AMAZON-02)
1	3.69.57.166 3.69.57.166	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
3	147.75.83.64 147.75.83.64	54825 (PACKET) (PACKET)
9	193.200.125.237 193.200.125.237	43811 (TELIA-LIE...) (TELIA-LIETUVA)
3	193.200.125.15 193.200.125.15	43811 (TELIA-LIE...) (TELIA-LIETUVA)
2	20.85.30.134 20.85.30.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2400:52e0:1e0... 2400:52e0:1e00::1049:1	200325 (BUNNYCDN) (BUNNYCDN)
1	52.205.79.164 52.205.79.164	14618 (AMAZON-AES) (AMAZON-AES)
3 12	52.222.209.55 52.222.209.55	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:224... 2600:9000:2240:1c00:11:1ed0:3900:21	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700:440... 2606:4700:4400::6812:271f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2010	15169 (GOOGLE) (GOOGLE)
7 14	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
10	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
3	52.222.228.76 52.222.228.76	16509 (AMAZON-02) (AMAZON-02)
1 2	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
12	104.111.239.153 104.111.239.153	16625 (AKAMAI-AS) (AKAMAI-AS)
3	104.111.219.144 104.111.219.144	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
3	104.111.243.142 104.111.243.142	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
23	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
6	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	85.206.141.183 85.206.141.183	43811 (TELIA-LIE...) (TELIA-LIETUVA)
6	185.89.208.11 185.89.208.11	29990 (ASN-APPNEX) (ASN-APPNEX)
3	35.158.81.23 35.158.81.23	16509 (AMAZON-02) (AMAZON-02)
3	2602:803:c003... 2602:803:c003:200::21	26667 (RUBICONPR...) (RUBICONPROJECT)
6	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	212.77.99.29 212.77.99.29	12827 (WIRTUALNA...) (WIRTUALNAPOLSKA GDANSK)
3	185.89.211.84 185.89.211.84	29990 (ASN-APPNEX) (ASN-APPNEX)
3	185.86.139.116 185.86.139.116	201081 (SMARTADSE...) (SMARTADSERVER)
4	216.52.2.30 216.52.2.30	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
3	2a02:2638:1::1a 2a02:2638:1::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	148.251.121.152 148.251.121.152	24940 (HETZNER-AS) (HETZNER-AS)
3	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
3	2606:4700::68... 2606:4700::6812:372	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7 14	172.64.154.237 172.64.154.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.57.214.50 52.57.214.50	16509 (AMAZON-02) (AMAZON-02)
2	184.30.21.51 184.30.21.51	16625 (AKAMAI-AS) (AKAMAI-AS)
3	193.200.125.19 193.200.125.19	43811 (TELIA-LIE...) (TELIA-LIETUVA)
6	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
15	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	44.239.16.115 44.239.16.115	() ()
1	34.102.146.192 34.102.146.192	() ()
1	2600:9000:225... 2600:9000:2250:4a00:a:e047:752:5701	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638::2 2a02:2638::2	() ()
1	2a02:2638::b 2a02:2638::b	() ()
1 2	34.120.107.143 34.120.107.143	() ()
2	2a00:1450:400... 2a00:1450:4001:802::200a	() ()
2	2a00:1450:400... 2a00:1450:4001:806::2003	() ()
4	2a00:1450:400... 2a00:1450:4001:829::200e	() ()
5	2a00:1450:400... 2a00:1450:4001:802::200e	() ()
1	2a00:1450:400... 2a00:1450:4001:82b::200e	() ()
1 1	151.101.2.49 151.101.2.49	() ()
1 1	3.219.110.236 3.219.110.236	() ()
2 2	213.155.156.180 213.155.156.180	() ()
1	35.186.253.211 35.186.253.211	() ()
3 3	64.74.236.31 64.74.236.31	() ()
1 1	108.128.75.67 108.128.75.67	() ()
1	174.137.133.49 174.137.133.49	() ()
2	2a00:1450:400... 2a00:1450:4001:80f::2003	() ()
1	178.250.0.160 178.250.0.160	() ()
1	2606:4700::68... 2606:4700::6811:180e	() ()
4	2a02:2638:1::17 2a02:2638:1::17	() ()
1 1	172.105.232.22 172.105.232.22	() ()
1 1	2600:9000:223... 2600:9000:223f:d800:1b:5138:8a40:93a1	() ()
2 2	76.223.111.18 76.223.111.18	() ()
1	185.86.137.107 185.86.137.107	() ()
2 2	193.0.160.129 193.0.160.129	() ()
2 3	2001:678:cb4:... 2001:678:cb4:bbbb::11	() ()
2 2	34.91.62.186 34.91.62.186	() ()
1	34.96.105.8 34.96.105.8	() ()
2 3	51.89.9.253 51.89.9.253	() ()
9	2600:9000:223... 2600:9000:223f:b600:f:4f64:8940:93a1	() ()
6	104.18.36.94 104.18.36.94	() ()
6	23.79.143.124 23.79.143.124	() ()
4 9	69.173.144.165 69.173.144.165	() ()
3	212.77.98.32 212.77.98.32	() ()
1	35.244.159.8 35.244.159.8	() ()
33	35.157.85.119 35.157.85.119	() ()
1 15	185.80.39.216 185.80.39.216	() ()
2 4	52.46.130.91 52.46.130.91	() ()
1 1	35.214.223.115 35.214.223.115	() ()
2 2	34.111.151.213 34.111.151.213	() ()
2	104.18.33.19 104.18.33.19	() ()
2 2	18.156.0.31 18.156.0.31	() ()
4 4	52.30.188.40 52.30.188.40	() ()
1 2	34.202.6.86 34.202.6.86	() ()
1 1	35.205.207.25 35.205.207.25	() ()
2 2	162.19.80.91 162.19.80.91	() ()
1	173.231.180.197 173.231.180.197	() ()
1 2	67.220.228.201 67.220.228.201	() ()
1	2620:1ec:21::14 2620:1ec:21::14	() ()
3 3	194.213.62.34 194.213.62.34	() ()
3 3	178.250.2.151 178.250.2.151	() ()
6 6	3.124.13.195 3.124.13.195	() ()
669	113

42 185.20.100.193 (Harjumaa, Estonia)

ASN199328 (EKSPRESS-DIGITAL, EE)
PTR: proxy2.delfi.ee

kroonika.delfi.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.delfi.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
h.delfi.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.delfi.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ee-production-portal-root-3dc.s3.delfi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.delfi.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ts.delfi.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 185.20.100.192 (Harjumaa, Estonia)

ASN199328 (EKSPRESS-DIGITAL, EE)
PTR: proxy1.delfi.ee

g1.nh.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
af1.nh.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 185.20.100.195 (Harjumaa, Estonia)

ASN199328 (EKSPRESS-DIGITAL, EE)
PTR: proxy4.delfi.ee

ee-production-portal-root-3dc.s3.delfi.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.6.236 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:6c00:2bf::268b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.230.79 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-79.deploy.static.akamaitechnologies.com

appleid.cdn-apple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 147.75.85.120 (Schiphol, Netherlands) 1 redirects

ASN54825 (PACKET, US)

api.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stats-collector.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
csyn-r.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 37.157.2.237 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.59.21.56 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip56.ip-146-59-21.eu

sgaee.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.54.110.135 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

s.delfi.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::713:1 (Slovenia)

ASN200325 (BUNNYCDN, SI)

l.getsitecontrol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:f600:6:c108:980:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.zlick.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.30.100 (France)

ASN16276 (OVH, FR)
PTR: ip100.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.144.7.192 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.cintnetworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.209.1.10 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-1-10.eu-west-1.compute.amazonaws.com

api.zlickpay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 52.58.152.6 (Frankfurt am Main, Germany) 17 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-152-6.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 142.250.185.66 (United States) 16 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 37.157.2.239 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.89.210.82 (Frankfurt am Main, Germany) 12 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 159.65.194.197 (Amsterdam, Netherlands) 8 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.0.227.110 (Ascension Island) 1 redirects

ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.29.132.245 (United Kingdom) 10 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a05:d018:d29:3602:2799:7e74:3a60:9ac2 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.69.57.166 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-57-166.eu-central-1.compute.amazonaws.com

a.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.75.83.64 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

p1cluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
comcluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 193.200.125.237 (Lithuania)

ASN43811 (TELIA-LIETUVA, LT)

keytarget.adnet.lt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.200.125.15 (Lithuania)

ASN43811 (TELIA-LIETUVA, LT)

banners.adnetmedia.lt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.85.30.134 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

j.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1049:1 (Slovenia)

ASN200325 (BUNNYCDN, SI)

s2.getsitecontrol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.79.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-79-164.compute-1.amazonaws.com

events.getsitectrl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.222.209.55 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-209-55.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2240:1c00:11:1ed0:3900:21 (United States)

ASN16509 (AMAZON-02, US)

d3div1mtym39ic.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:4400::6812:271f (United States)

ASN13335 (CLOUDFLARENET, US)

macro.adnami.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:2638::1c (France) 7 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 162.19.138.119 (France)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.228.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-228-76.fra56.r.cloudfront.net

aax-dtb-cf.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.234 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.111.239.153 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-153.deploy.static.akamaitechnologies.com

c.aaxads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
l3.aaxads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.219.144 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-219-144.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.19.138.117 (France)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.243.142 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-243-142.deploy.static.akamaitechnologies.com

www.aaxdetect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

c21lg-d.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.206.141.183 (Vilnius, Lithuania)

ASN43811 (TELIA-LIETUVA, LT)
PTR: 85-206-141-183.static.zebra.lt

cc-endpoint.digitalmatter.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.89.208.11 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: prebid.ams3.adnexus.net

prebid.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.158.81.23 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-81-23.eu-central-1.compute.amazonaws.com

hb.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

adnet-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 212.77.99.29 (Poland)

ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL)
PTR: ssp.wp.pl

ssp.wp.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.211.84 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs-simple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.139.116 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.52.2.30 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:1::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 148.251.121.152 (Braunlage, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: egon

rtb.adxpremium.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 172.64.154.237 (United States) 7 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.214.50 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-214-50.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.30.21.51 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-21-51.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.200.125.19 (Lithuania)

ASN43811 (TELIA-LIETUVA, LT)

bid-collector.digitalmatter.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.239.16.115 (None, )

ASN- ()

id.sharedid.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (None, )

ASN- ()

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:4a00:a:e047:752:5701 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (None, )

ASN- ()

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::b (None, )

ASN- ()

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (None, ) 1 redirects

ASN- ()

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2003 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::200e (None, )

ASN- ()

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::200e (None, )

ASN- ()

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (None, )

ASN- ()

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (None, ) 1 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.219.110.236 (None, ) 1 redirects

ASN- ()

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.180 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.74.236.31 (None, ) 3 redirects

ASN- ()

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.75.67 (None, ) 1 redirects

ASN- ()

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (None, )

ASN- ()

rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.160 (None, )

ASN- ()

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (None, )

ASN- ()

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::17 (None, )

ASN- ()

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.105.232.22 (None, ) 1 redirects

ASN- ()

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:d800:1b:5138:8a40:93a1 (None, ) 1 redirects

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (None, ) 2 redirects

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.107 (None, )

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.129 (None, ) 2 redirects

ASN- ()

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:678:cb4:bbbb::11 (None, ) 2 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.91.62.186 (None, ) 2 redirects

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (None, )

ASN- ()

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.253 (None, ) 2 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:223f:b600:f:4f64:8940:93a1 (None, )

ASN- ()

js.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.36.94 (None, )

ASN- ()

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.79.143.124 (None, )

ASN- ()

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.144.165 (None, ) 4 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 212.77.98.32 (None, )

ASN- ()

std.wpcdn.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (None, )

ASN- ()

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 35.157.85.119 (None, )

ASN- ()

ih.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 185.80.39.216 (None, ) 1 redirects

ASN- ()

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.46.130.91 (None, ) 2 redirects

ASN- ()

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.223.115 (None, ) 1 redirects

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.151.213 (None, ) 2 redirects

ASN- ()

dmp.brand-display.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.33.19 (None, )

ASN- ()

dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (None, ) 2 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.30.188.40 (None, ) 4 redirects

ASN- ()

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.202.6.86 (None, ) 1 redirects

ASN- ()

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.205.207.25 (None, ) 1 redirects

ASN- ()

ads.avads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.80.91 (None, ) 2 redirects

ASN- ()

gu.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.231.180.197 (None, )

ASN- ()

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.220.228.201 (None, ) 1 redirects

ASN- ()

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (None, )

ASN- ()

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 194.213.62.34 (None, ) 3 redirects

ASN- ()

bbnaut.ibillboard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.2.151 (None, ) 3 redirects

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.124.13.195 (None, ) 6 redirects

ASN- ()

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tracking-a.dsp.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
81	adform.net 7 redirects s1.adform.net — Cisco Umbrella Rank: 7620 adx.adform.net — Cisco Umbrella Rank: 4061 cm.adform.net — Cisco Umbrella Rank: 1674 track.adform.net — Cisco Umbrella Rank: 3622 dmp.adform.net — Cisco Umbrella Rank: 4690 c1.adform.net	270 KB
72	delfi.ee kroonika.delfi.ee g.delfi.ee — Cisco Umbrella Rank: 278955 ee-production-portal-root-3dc.s3.delfi.ee — Cisco Umbrella Rank: 499804 h.delfi.ee — Cisco Umbrella Rank: 906881 api.delfi.ee — Cisco Umbrella Rank: 431321 www.delfi.ee — Cisco Umbrella Rank: 584483 s.delfi.ee — Cisco Umbrella Rank: 654543 ts.delfi.ee — Cisco Umbrella Rank: 666921	4 MB
53	doubleclick.net 16 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 39 stats.g.doubleclick.net — Cisco Umbrella Rank: 98 cm.g.doubleclick.net — Cisco Umbrella Rank: 234 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 203	568 KB
52	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 109 tpc.googlesyndication.com — Cisco Umbrella Rank: 144 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com	420 KB
45	adscale.de hb.adscale.de — Cisco Umbrella Rank: 16547 js.adscale.de ih.adscale.de	47 KB
43	nh.ee g1.nh.ee — Cisco Umbrella Rank: 391038 af1.nh.ee — Cisco Umbrella Rank: 530639	1 MB
33	criteo.com 10 redirects gum.criteo.com — Cisco Umbrella Rank: 429 mug.criteo.com — Cisco Umbrella Rank: 2441 bidder.criteo.com — Cisco Umbrella Rank: 763 rtb.fr.eu.criteo.com ads.eu.criteo.com cat.fr.eu.criteo.com dis.criteo.com	87 KB
31	casalemedia.com 8 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 539 ssum-sec.casalemedia.com dsum-sec.casalemedia.com dsum.casalemedia.com ssum.casalemedia.com	26 KB
31	cxense.com 1 redirects cdn.cxense.com — Cisco Umbrella Rank: 5719 api.cxense.com — Cisco Umbrella Rank: 9728 scdn.cxense.com — Cisco Umbrella Rank: 13156 p1cluster.cxense.com — Cisco Umbrella Rank: 10884 comcluster.cxense.com — Cisco Umbrella Rank: 6956 id.cxense.com — Cisco Umbrella Rank: 14334 stats-collector.cxense.com — Cisco Umbrella Rank: 125680 csyn-r.cxense.com — Cisco Umbrella Rank: 57526	108 KB
21	amazon-adsystem.com 6 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 333 aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 552 s.amazon-adsystem.com aax-eu.amazon-adsystem.com	25 KB
19	criteo.net static.criteo.net — Cisco Umbrella Rank: 675 csm.eu.criteo.net	1 MB
18	rubiconproject.com 4 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 498 eus.rubiconproject.com pixel.rubiconproject.com token.rubiconproject.com	37 KB
18	adnxs.com 12 redirects ib.adnxs.com — Cisco Umbrella Rank: 238 prebid.adnxs.com — Cisco Umbrella Rank: 1850 secure.adnxs.com	17 KB
17	bidswitch.net 17 redirects x.bidswitch.net — Cisco Umbrella Rank: 322	5 KB
14	gstatic.com www.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com fonts.gstatic.com	299 KB
14	google.com apis.google.com — Cisco Umbrella Rank: 110 adservice.google.com — Cisco Umbrella Rank: 87 www.google.com — Cisco Umbrella Rank: 2	115 KB
12	aaxads.com c.aaxads.com — Cisco Umbrella Rank: 3001 l3.aaxads.com — Cisco Umbrella Rank: 4063	422 KB
11	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 476 cdn.id5-sync.com — Cisco Umbrella Rank: 1107	70 KB
10	openx.net 1 redirects adnet-d.openx.net — Cisco Umbrella Rank: 207125 oajs.openx.net rtb.openx.net google-bidout-d.openx.net u.openx.net	2 KB
10	mathtag.com 10 redirects sync.mathtag.com — Cisco Umbrella Rank: 509	6 KB
9	4dex.io script.4dex.io — Cisco Umbrella Rank: 2005 mp.4dex.io — Cisco Umbrella Rank: 2214	75 KB
9	adnet.lt keytarget.adnet.lt — Cisco Umbrella Rank: 468078	846 KB
8	bidtheatre.com 8 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2422	4 KB
7	yahoo.com 4 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 495 ups.analytics.yahoo.com	3 KB
6	m6r.eu 6 redirects tracking.m6r.eu tracking-a.dsp.m6r.eu	3 KB
6	indexww.com js-sec.indexww.com cdn.indexww.com	5 KB
6	adxpremium.services rtb.adxpremium.services — Cisco Umbrella Rank: 9776	7 KB
6	wp.pl ssp.wp.pl — Cisco Umbrella Rank: 9391	1 KB
6	digitalmatter.ai cc-endpoint.digitalmatter.ai — Cisco Umbrella Rank: 591275 bid-collector.digitalmatter.ai — Cisco Umbrella Rank: 194617	867 B
6	adnami.io macro.adnami.io — Cisco Umbrella Rank: 14869	89 KB
6	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1399 j.clarity.ms — Cisco Umbrella Rank: 10286 c.clarity.ms — Cisco Umbrella Rank: 2123	21 KB
5	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 436 fonts.googleapis.com	4 KB
5	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 364	1 KB
5	gemius.pl 1 redirects sgaee.hit.gemius.pl — Cisco Umbrella Rank: 760941 ls.hit.gemius.pl — Cisco Umbrella Rank: 10826	22 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 7808 www.google.de — Cisco Umbrella Rank: 5234	2 KB
4	bidr.io 4 redirects match.prod.bidr.io	2 KB
4	lijit.com ap.lijit.com — Cisco Umbrella Rank: 635	1 KB
4	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1555 ssbsync.smartadserver.com	2 KB
4	zlickpay.com api.zlickpay.com	976 B
3	ibillboard.com 3 redirects bbnaut.ibillboard.com	609 B
3	wpcdn.pl std.wpcdn.pl	49 KB
3	onetag-sys.com 2 redirects onetag-sys.com	823 B
3	turn.com 2 redirects ad.turn.com r.turn.com	1 KB
3	zemanta.com 3 redirects b1sync.zemanta.com	2 KB
3	googletagservices.com www.googletagservices.com	141 KB
3	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6154	538 B
3	adnxs-simple.com ib.adnxs-simple.com — Cisco Umbrella Rank: 9834	11 KB
3	media.net c21lg-d.media.net — Cisco Umbrella Rank: 2133	888 B
3	aaxdetect.com www.aaxdetect.com — Cisco Umbrella Rank: 5839	969 B
3	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1209	1 KB
3	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1308	51 KB
3	cloudfront.net d3div1mtym39ic.cloudfront.net	134 KB
3	adnetmedia.lt banners.adnetmedia.lt — Cisco Umbrella Rank: 616638	35 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 116	218 B
3	getsitecontrol.com l.getsitecontrol.com — Cisco Umbrella Rank: 19416 s2.getsitecontrol.com — Cisco Umbrella Rank: 33157	63 KB
3	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 3572 onesignal.com — Cisco Umbrella Rank: 1232	73 KB
3	delfi.net ee-production-portal-root-3dc.s3.delfi.net — Cisco Umbrella Rank: 704551	36 KB
2	dyntrk.com 2 redirects gu.dyntrk.com	843 B
2	demdex.net 1 redirects dpm.demdex.net	2 KB
2	brand-display.com 2 redirects dmp.brand-display.com	591 B
2	simpli.fi 2 redirects um.simpli.fi	1 KB
2	rfihub.com 2 redirects a.rfihub.com p.rfihub.com	2 KB
2	3lift.com 2 redirects eb2.3lift.com	955 B
2	de17a.com 2 redirects d5p.de17a.com	646 B
2	teads.tv a.teads.tv — Cisco Umbrella Rank: 1457	782 B
2	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1048	317 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	112 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 38	20 KB
1	linkedin.com px.ads.linkedin.com	922 B
1	adgrx.com cm.adgrx.com	282 B
1	avads.net 1 redirects ads.avads.net	370 B
1	loopme.me 1 redirects csync.loopme.me	272 B
1	blismedia.com tr.blismedia.com	173 B
1	smaato.net 1 redirects s.ad.smaato.net	442 B
1	appier.net 1 redirects a.c.appier.net	560 B
1	cloudflare.com cdnjs.cloudflare.com	5 KB
1	e-volution.ai rtb2-useast.e-volution.ai	233 B
1	yieldmo.com 1 redirects ads.yieldmo.com	469 B
1	fksnk.com 1 redirects fksnk.com	614 B
1	everesttech.net 1 redirects sync-tm.everesttech.net	535 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2603	1 KB
1	openxcdn.net oa.openxcdn.net	8 KB
1	sharedid.org id.sharedid.org	903 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 296	551 B
1	getsitectrl.com events.getsitectrl.com — Cisco Umbrella Rank: 23670	857 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1148	356 B
1	vidoomy.com a.vidoomy.com — Cisco Umbrella Rank: 8385	357 B
1	admixer.net 1 redirects inv-nets.admixer.net — Cisco Umbrella Rank: 2903	581 B
1	cintnetworks.com c.cintnetworks.com — Cisco Umbrella Rank: 10936	257 B
1	zlick.it cdn.zlick.it	31 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 942	692 B
1	cdn-apple.com appleid.cdn-apple.com — Cisco Umbrella Rank: 3599	17 KB
0	chocolateplatform.com Failed cs.chocolateplatform.com Failed
669	93

	Domain	Requested by
38	track.adform.net	3 redirects af1.nh.ee kroonika.delfi.ee
35	cm.g.doubleclick.net	16 redirects 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
33	ih.adscale.de	js.adscale.de ih.adscale.de
30	cm.adform.net	3 redirects kroonika.delfi.ee
30	af1.nh.ee	adx.adform.net kroonika.delfi.ee af1.nh.ee
30	ee-production-portal-root-3dc.s3.delfi.ee	kroonika.delfi.ee ee-production-portal-root-3dc.s3.delfi.ee
23	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
23	pagead2.googlesyndication.com	kroonika.delfi.ee pagead2.googlesyndication.com ee-production-portal-root-3dc.s3.delfi.ee tpc.googlesyndication.com securepubads.g.doubleclick.net 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
17	stats-collector.cxense.com	ee-production-portal-root-3dc.s3.delfi.ee
17	x.bidswitch.net	17 redirects
17	api.delfi.ee	kroonika.delfi.ee ee-production-portal-root-3dc.s3.delfi.ee
15	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
15	static.criteo.net	keytarget.adnet.lt securepubads.g.doubleclick.net static.criteo.net ads.eu.criteo.com
15	securepubads.g.doubleclick.net	keytarget.adnet.lt securepubads.g.doubleclick.net kroonika.delfi.ee
14	gum.criteo.com	7 redirects static.criteo.net
13	g1.nh.ee	kroonika.delfi.ee g1.nh.ee
12	c.amazon-adsystem.com	3 redirects c.amazon-adsystem.com
12	g.delfi.ee	kroonika.delfi.ee g.delfi.ee ee-production-portal-root-3dc.s3.delfi.ee af1.nh.ee
10	mug.criteo.com	kroonika.delfi.ee
10	sync.mathtag.com	10 redirects
10	ib.adnxs.com	10 redirects
9	js.adscale.de	keytarget.adnet.lt js.adscale.de ih.adscale.de
9	c.aaxads.com	kroonika.delfi.ee c.aaxads.com
9	keytarget.adnet.lt	kroonika.delfi.ee keytarget.adnet.lt
8	ssum-sec.casalemedia.com	4 redirects js-sec.indexww.com ssum-sec.casalemedia.com
8	www.google.com	kroonika.delfi.ee tpc.googlesyndication.com 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
8	match.adsby.bidtheatre.com	8 redirects
7	id5-sync.com	keytarget.adnet.lt cdn.id5-sync.com
6	eus.rubiconproject.com	keytarget.adnet.lt eus.rubiconproject.com
6	rtb.adxpremium.services	keytarget.adnet.lt
6	ssp.wp.pl	keytarget.adnet.lt
6	prebid.adnxs.com	keytarget.adnet.lt
6	script.4dex.io	keytarget.adnet.lt script.4dex.io
6	macro.adnami.io	keytarget.adnet.lt macro.adnami.io
6	adx.adform.net	kroonika.delfi.ee s1.adform.net keytarget.adnet.lt
6	cdn.cxense.com	kroonika.delfi.ee scdn.cxense.com cdn.cxense.com keytarget.adnet.lt
5	pixel.rubiconproject.com	keytarget.adnet.lt
5	encrypted-tbn0.gstatic.com	6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
5	pr-bh.ybp.yahoo.com	2 redirects ssum-sec.casalemedia.com
5	match.adsrvr.org	kroonika.delfi.ee ssum-sec.casalemedia.com
5	s1.adform.net	kroonika.delfi.ee
4	token.rubiconproject.com	4 redirects
4	match.prod.bidr.io	4 redirects
4	s.amazon-adsystem.com	2 redirects ssum-sec.casalemedia.com
4	csm.eu.criteo.net	ads.eu.criteo.com
4	ap.lijit.com	keytarget.adnet.lt
4	cdn.id5-sync.com	kroonika.delfi.ee securepubads.g.doubleclick.net
4	api.zlickpay.com	ee-production-portal-root-3dc.s3.delfi.ee
4	sgaee.hit.gemius.pl	1 redirects ee-production-portal-root-3dc.s3.delfi.ee sgaee.hit.gemius.pl kroonika.delfi.ee
4	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	kroonika.delfi.ee	ee-production-portal-root-3dc.s3.delfi.ee
3	tracking-a.dsp.m6r.eu	3 redirects
3	tracking.m6r.eu	3 redirects
3	dis.criteo.com	3 redirects
3	ssum.casalemedia.com	3 redirects
3	bbnaut.ibillboard.com	3 redirects
3	cdn.indexww.com	ssum-sec.casalemedia.com
3	std.wpcdn.pl	ssp.wp.pl
3	js-sec.indexww.com	keytarget.adnet.lt
3	u.openx.net	keytarget.adnet.lt
3	onetag-sys.com	2 redirects
3	b1sync.zemanta.com	3 redirects
3	encrypted-tbn3.gstatic.com	6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
3	www.googletagservices.com	0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
3	bid-collector.digitalmatter.ai	keytarget.adnet.lt
3	htlb.casalemedia.com	keytarget.adnet.lt
3	mp.4dex.io	keytarget.adnet.lt
3	prebid-eu.creativecdn.com	keytarget.adnet.lt
3	bidder.criteo.com	keytarget.adnet.lt
3	prg.smartadserver.com	keytarget.adnet.lt
3	ib.adnxs-simple.com	keytarget.adnet.lt
3	adnet-d.openx.net	keytarget.adnet.lt
3	fastlane.rubiconproject.com	keytarget.adnet.lt
3	hb.adscale.de	keytarget.adnet.lt
3	cc-endpoint.digitalmatter.ai	keytarget.adnet.lt
3	l3.aaxads.com	kroonika.delfi.ee
3	c21lg-d.media.net	c.aaxads.com
3	www.aaxdetect.com	kroonika.delfi.ee c.aaxads.com
3	lb.eu-1-id5-sync.com	keytarget.adnet.lt
3	secure.cdn.fastclick.net	kroonika.delfi.ee
3	aax-dtb-cf.amazon-adsystem.com	c.amazon-adsystem.com
3	storage.googleapis.com	keytarget.adnet.lt
3	d3div1mtym39ic.cloudfront.net	kroonika.delfi.ee
3	banners.adnetmedia.lt	kroonika.delfi.ee
3	www.facebook.com	kroonika.delfi.ee
3	ts.delfi.ee	kroonika.delfi.ee
3	s.delfi.ee	ee-production-portal-root-3dc.s3.delfi.ee kroonika.delfi.ee
3	api.cxense.com	ee-production-portal-root-3dc.s3.delfi.ee scdn.cxense.com
3	ee-production-portal-root-3dc.s3.delfi.net	ee-production-portal-root-3dc.s3.delfi.ee
2	aax-eu.amazon-adsystem.com	1 redirects
2	gu.dyntrk.com	2 redirects
2	dpm.demdex.net	1 redirects ssum-sec.casalemedia.com
2	ups.analytics.yahoo.com	2 redirects
2	secure.adnxs.com	2 redirects
2	dsum.casalemedia.com	ssum-sec.casalemedia.com
2	dmp.brand-display.com	2 redirects
2	um.simpli.fi	2 redirects
2	ad.turn.com	2 redirects
2	eb2.3lift.com	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	d5p.de17a.com	2 redirects
2	www.gstatic.com	6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
2	fonts.googleapis.com	6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
2	oajs.openx.net	1 redirects
2	0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	a.teads.tv	keytarget.adnet.lt
2	btlr.sharethrough.com	keytarget.adnet.lt
2	c.clarity.ms	1 redirects
2	j.clarity.ms	ee-production-portal-root-3dc.s3.delfi.ee
2	connect.facebook.net	ee-production-portal-root-3dc.s3.delfi.ee connect.facebook.net
2	www.clarity.ms	ee-production-portal-root-3dc.s3.delfi.ee www.clarity.ms
2	l.getsitecontrol.com	ee-production-portal-root-3dc.s3.delfi.ee
2	www.google-analytics.com	ee-production-portal-root-3dc.s3.delfi.ee
2	cdn.onesignal.com	ee-production-portal-root-3dc.s3.delfi.ee cdn.onesignal.com
2	apis.google.com	ee-production-portal-root-3dc.s3.delfi.ee apis.google.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	h.delfi.ee	kroonika.delfi.ee
1	px.ads.linkedin.com
1	cm.adgrx.com	ssum-sec.casalemedia.com
1	ads.avads.net	1 redirects
1	c1.adform.net	1 redirects
1	p.rfihub.com	1 redirects
1	csync.loopme.me	1 redirects
1	tr.blismedia.com	9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
1	r.turn.com
1	a.rfihub.com	1 redirects
1	ssbsync.smartadserver.com	6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
1	s.ad.smaato.net	1 redirects
1	a.c.appier.net	1 redirects
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	cat.fr.eu.criteo.com	ads.eu.criteo.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	rtb2-useast.e-volution.ai	0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
1	ads.yieldmo.com	1 redirects
1	rtb.openx.net	0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
1	fksnk.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	encrypted-tbn1.gstatic.com	9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
1	encrypted-tbn2.gstatic.com	6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
1	ads.eu.criteo.com	0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
1	rtb.fr.eu.criteo.com	kroonika.delfi.ee
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	id.sharedid.org	securepubads.g.doubleclick.net
1	c.bing.com	1 redirects
1	dmp.adform.net	kroonika.delfi.ee
1	csyn-r.cxense.com	1 redirects
1	events.getsitectrl.com	ee-production-portal-root-3dc.s3.delfi.ee
1	s2.getsitecontrol.com	l.getsitecontrol.com
1	id.cxense.com	scdn.cxense.com
1	comcluster.cxense.com	cdn.cxense.com
1	p1cluster.cxense.com	cdn.cxense.com
1	www.google.de	kroonika.delfi.ee
1	odr.mookie1.com	kroonika.delfi.ee
1	a.vidoomy.com	kroonika.delfi.ee
1	inv-nets.admixer.net	1 redirects
1	stats.g.doubleclick.net	ee-production-portal-root-3dc.s3.delfi.ee
1	c.cintnetworks.com	kroonika.delfi.ee
1	ls.hit.gemius.pl	sgaee.hit.gemius.pl
1	cdn.zlick.it	ee-production-portal-root-3dc.s3.delfi.ee
1	onesignal.com	cdn.onesignal.com
1	scdn.cxense.com	ee-production-portal-root-3dc.s3.delfi.ee
1	www.delfi.ee	ee-production-portal-root-3dc.s3.delfi.ee
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	appleid.cdn-apple.com	ee-production-portal-root-3dc.s3.delfi.ee
0	cs.chocolateplatform.com Failed	6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
669	169

This site contains links to these domains. Also see Links.

Domain
track.adform.net
delfimeedia.ee
ilmateade.delfi.ee
www.delfi.ee
www.delfimeedia.ee
www.piletitasku.ee
kroonika.ee
www.zlick.it
lehed.delfi.ee
ekspress.delfi.ee
epl.delfi.ee
api.cxense.com
delfi.ee
telli.delfimeedia.ee
www.facebook.com
www.instagram.com

Subject Issuer	Validity	Valid
*.delfi.ee Sectigo RSA Domain Validation Secure Server CA	`2022-07-04` - `2023-08-03`	a year	crt.sh
*.nh.ee Sectigo RSA Domain Validation Secure Server CA	`2022-07-04` - `2023-08-03`	a year	crt.sh
s3.delfi.ee R3	`2022-11-26` - `2023-02-24`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.cxense.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-17` - `2023-04-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
s3.delfi.net R3	`2022-11-26` - `2023-02-24`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
appleid.cdn-apple.com Apple Public EV Server RSA CA 2 - G1	`2022-04-19` - `2023-05-19`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2022-09-13` - `2023-09-25`	a year	crt.sh
s.delfi.ee R3	`2022-11-15` - `2023-02-13`	3 months	crt.sh
*.getsitecontrol.com Go Daddy Secure Certificate Authority - G2	`2022-03-05` - `2023-04-06`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-16` - `2022-12-15`	3 months	crt.sh
cdn.zlick.it Amazon	`2022-10-18` - `2023-11-15`	a year	crt.sh
c.cintnetworks.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2022-11-04` - `2023-05-04`	6 months	crt.sh
*.zlickpay.com Amazon	`2022-08-25` - `2023-09-22`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
keytarget.adnet.lt Sectigo RSA Organization Validation Secure Server CA	`2022-05-05` - `2023-05-07`	a year	crt.sh
*.adnetmedia.lt Sectigo RSA Organization Validation Secure Server CA	`2022-10-10` - `2023-11-07`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
*.getsitectrl.com Amazon	`2022-01-13` - `2023-02-11`	a year	crt.sh
storage.googleapis.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-31` - `2023-01-26`	3 months	crt.sh
*.id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon	`2022-06-15` - `2023-06-15`	a year	crt.sh
*.aaxads.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
secure.cdn.fastclick.net DigiCert TLS RSA SHA256 2020 CA1	`2022-12-02` - `2023-12-02`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
*.aaxdetect.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2022-02-20` - `2023-02-22`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2022-11-23` - `2023-11-22`	a year	crt.sh
*.digitalmatter.ai Sectigo RSA Organization Validation Secure Server CA	`2022-09-26` - `2023-10-19`	a year	crt.sh
prebid.adnxs.com GeoTrust TLS RSA CA G1	`2022-05-26` - `2023-06-26`	a year	crt.sh
*.adscale.de Amazon	`2022-04-09` - `2023-05-08`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.wp.pl RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-10` - `2023-03-15`	a year	crt.sh
*.adnxs-simple.com GeoTrust ECC CA 2018	`2022-02-25` - `2023-03-28`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
*.adxpremium.services Sectigo RSA Domain Validation Secure Server CA	`2022-08-26` - `2023-08-05`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.sharethrough.com Amazon	`2022-07-14` - `2023-08-12`	a year	crt.sh
teads.tv R3	`2022-10-27` - `2023-01-25`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-08` - `2023-02-04`	3 months	crt.sh
id.sharedid.org Amazon	`2022-11-08` - `2023-12-07`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2022-12-02` - `2023-03-02`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2022-11-29` - `2023-02-27`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-07` - `2023-03-12`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-14` - `2023-01-13`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.e-volution.ai Sectigo RSA Domain Validation Secure Server CA	`2022-09-29` - `2023-10-30`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-01` - `2023-02-04`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2022-10-16` - `2023-01-14`	3 months	crt.sh
*.wpcdn.pl RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-05-13` - `2023-05-15`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-11-08` - `2023-05-03`	6 months	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-01` - `2023-03-28`	a year	crt.sh

This page contains 71 frames:

Primary Page: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Frame ID: 77F6ECA1F7F8AC2ECF238A9F68E27D8D
Requests: 151 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221129/r20190131/zrt_lookup.html
Frame ID: F2E78CE9F086A205BA0B8C23747D00F8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5295995486288553&output=html&adk=1812271804&adf=3025194257&lmt=1670434923&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670434922996&bpp=3&bdt=612&idt=251&shv=r20221129&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4787487231949&frm=20&pv=2&ga_vid=879261953.1670434923&ga_sid=1670434923&ga_hid=562613694&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777876%2C42531848%2C44778780%2C31071168&oid=2&pvsid=3411371172332950&tmod=1001134465&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=270
Frame ID: 586444C4F4E06B3D9AC3AE88CEBC3D69
Requests: 1 HTTP requests in this frame

Frame: https://adx.adform.net/adx/?mid=562978&mkw=channel_vue,channel_kroonika,logged_out,kroonika_article,article_120110364,category_91159439,kroonika_120110364,kroonika_mitmesugust,template_default&mkv=channel:kroonika,category:kroonika__mitmesugust,network:4g,screen_width:1600,screen_height:1200,locale:et_EE,position:pos_001,chn_pos:kroonika_001&adid=9dc66174-6f4a-4677-98bc-59fa92eca791
Frame ID: D4966DDE80B068F39A748DA9AFBD93A1
Requests: 2 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: D1B9A91E54FA7641E61DDE3A2221FB56
Requests: 1 HTTP requests in this frame

Frame: https://cdn.cxense.com/sp1.html
Frame ID: ABAB7C7AA53945E7B7A1E877F9829FAA
Requests: 4 HTTP requests in this frame

Frame: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Frame ID: AE601F31F42F221A047EAF249E1BD082
Requests: 8 HTTP requests in this frame

Frame: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Frame ID: 0F49F68A2A783A399A85F5CD25A45AB1
Requests: 8 HTTP requests in this frame

Frame: https://s1.adform.net/banners/scripts/extensions/delfi/responsive.js?bn=60128054
Frame ID: 8E46492AB093E1417B88A22C5D519249
Requests: 9 HTTP requests in this frame

Frame: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Frame ID: 38732641037F8C3AADB1E1CDED503E46
Requests: 12 HTTP requests in this frame

Frame: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Frame ID: DDBF47885C3F622E560E196E88A4F6BE
Requests: 8 HTTP requests in this frame

Frame: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Frame ID: 760DDBFCF1E8C4C7438655DEC739BFF8
Requests: 13 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/146996/3171744/scroller.js?bn=59608988;v=1
Frame ID: BAB0566A3D896504BFBC767F2BEBD3CC
Requests: 13 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/146996/2932089/siteheader.js?bn=59586400;v=1
Frame ID: 7437BA3F227C17BC99500449BE96802E
Requests: 17 HTTP requests in this frame

Frame: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Frame ID: 5313CC286E842205A7808FCF9AE0A62B
Requests: 54 HTTP requests in this frame

Frame: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Frame ID: 7DD99B93D9605AAA3AF55347895C6361
Requests: 56 HTTP requests in this frame

Frame: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Frame ID: 432F436A20E6AEE799E8AA8A8B49F12D
Requests: 64 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 89527DC1D87C93C9C0D57DE3DC2F79A9
Requests: 1 HTTP requests in this frame

Frame: https://af1.nh.ee/Banners/Elements/Files/146996/12122730/12122730.js?ADFassetID=12122730&bv=257
Frame ID: 71EDD68C091AAE3F6850F0A3E41EFB0C
Requests: 3 HTTP requests in this frame

Frame: https://af1.nh.ee/Banners/Elements/Files/264064/12029198/main/12029198.js?ADFassetID=12029198&bv=770
Frame ID: 4AF34FB491C771BD5AFF5D0113940FB5
Requests: 3 HTTP requests in this frame

Frame: https://af1.nh.ee/Banners/Elements/Files/2029728/12034605/main/12034605.js?ADFassetID=12034605&bv=516
Frame ID: 599586F46407FBBAE1A3678B7D1B3401
Requests: 6 HTTP requests in this frame

Frame: https://c.aaxads.com/aacxs.php?flg=AAXEYBR49&fv=1&fy=37&ke=1&suylg=218%2C79%2C213%2C368%2C310%2C206%2C54%2C292%2C263%2C264%2C195%2C330%2C369%2C89%2C29%2C355%2C356%2C306%2C23%2C282&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Frame ID: 9A990D2C08525D4415344A2B0CCD2A4F
Requests: 2 HTTP requests in this frame

Frame: https://c.aaxads.com/aacxs.php?flg=AAXEYBR49&fv=1&fy=37&ke=1&suylg=218%2C79%2C213%2C368%2C310%2C206%2C54%2C292%2C263%2C264%2C195%2C330%2C369%2C89%2C29%2C355%2C356%2C306%2C23%2C282&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Frame ID: 2A244364AA0DE87A916678E885C89B34
Requests: 2 HTTP requests in this frame

Frame: https://c.aaxads.com/aacxs.php?flg=AAXEYBR49&fv=1&fy=37&ke=1&suylg=218%2C79%2C213%2C368%2C310%2C206%2C54%2C292%2C263%2C264%2C195%2C330%2C369%2C89%2C29%2C355%2C356%2C306%2C23%2C282&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Frame ID: CA6811FF5126D6E65EE8654E2BB4201C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 86821CB3007300B4A06E3A6E162FC74E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8E891BBEA821E48E83C574DD1416E5E1
Requests: 2 HTTP requests in this frame

Frame: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: 6184F922E32E120F89C57F4EB5BA2A51
Requests: 1 HTTP requests in this frame

Frame: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: F1E36E2280740011600BED47DB337BD2
Requests: 1 HTTP requests in this frame

Frame: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: 55698FC2E5C1B507318E56ABCC899A03
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 355CD26DB442A88C0D749ACC428186AF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 68FE50D32741A93240DC900277BDC081
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 469443C9B729D24EA6549F490A1F8426
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F2D6C38A7F311C77D5DF1C3397FF243E
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8A854F71F053683B1D1497AD3C202C2C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BA199828F5BB5801E838A4BAC20E762E
Requests: 2 HTTP requests in this frame

Frame: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: A72EF5A0280263E2074D57528EC07DE3
Requests: 9 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=kroonika.delfi.ee
Frame ID: 3DB95329C3A91F84C592EEB6FAEA8D8C
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=kroonika.delfi.ee
Frame ID: 70EEF43747D4FC300CA4AAB111AF0A4C
Requests: 2 HTTP requests in this frame

Frame: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: 1FD38852FD51C647CE822659FC085A25
Requests: 16 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5DQcAAGuVQCJ7LIAAO618K-IaxqqL-tw220bA&u=%7Cnk96nItqpCnP5TFjWtHDOYlG6jIjvtdv7L7wTxZrQD4%3D%7C&c1=UbEogq-ADiNBjPo1rbOP0Ehtz6KQg1hE74PursDfbSrTTODPyqm-FFa-X_uCmy4tCZpjpvEIbRNSvdMGQwUM-NcO5HPl8ue5ZO08dZykgxvdR63nXohYatHJo1U1ZhvL3Y2gXduHj7KaX3ZRJKsjAOKNOSEFegYQXB1gZLNIxqIOGWhc_sUZdxPjE4I2LwgSk0vNzK-PmJ6LrKQdZ3UGTVSWPPywIJXDAkU2O9TOkkZWzhVrqZra08RLcyHAw0sCBdhMLhFaHicSwf85uHNldovBS8NxXggMIMhV6HGDXdu73WLwl6miKR0XrS_y4P0uSiA98kgO3md2NwuvXK6xda05Ts0sx6_NMU4lK8fIkUSMvR245X37d5n3DmHMjHw6BYBS0UFHdQaHGSaWCLmK56ppPX0viRZbfaqv4gKRa-TcaGwuGyw6DTYmg8641_ojXSF80x7Z54Se6Qcqbm09cIK3vK6tUsfmrbZgA0b59cgmAHla9wFJQVA3pyCKDTTyPi9kmM6OYrzDYrlWcluNE5ilKXR7yWZKFG7GiPabSwBoZ-g8xwiEdlyLy5qXh6fbzt6_lTxtqa3V5KBEM1dox4jUvott5rDyygv97ToJGuwg-tvIDJ4zpNBHZ5bVx_ldNFrPy4t7JRs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKtKncNCQY9TyGsjlnsEP1_WOsAzJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTMxODI4NTgwODk5OTMxOTbIAQmpAjSmC2Z_rrE-4AIAqAMBqgTwAk_Q6za8JITAWhURVJwlj8I0HkAFaiNwPqVUcvdJxV92PcIKq4KT5IGuZ6GKI8xXxNywHK1MOpoS-iqWLgRbFhGTqcjxN5txzCbuoLLYoJghPgM_UlZSOIO1QtnmqGt1HoN-RUKBpNI5xXmbvtbGyelqKJiBT6gnWHOjs7DySAfm5iIzFZwPCLjZ5BKFK0oOllBgJB1tCkQZNnQUjtbKYETOfuPk9vqU2SBO4YvPqqO-Q4fRszuHzHNV9H2ccyxvzmiHqyo1ABBJPTut83kgR_ve8RJ49_cH1JbWM4Pm4d-KTtQLtyminE8ACQmuvJ1pypg5QZVTRRfgD5ikI-aKzgd_qug4E9R4N8jl3pV0ZZDiIXxdpPqinQxGNfIMUNF2y3qdk3IcCB-B430RPuJbQrowtD4se99U5cPGXdhaMoDAncV5DAJxCWIphOrIuvD0tvwcAfBo9aZ4XlBr21-8Fhga6H4T4ISnQ6HM_3_Az1nE4AQBgAbn44zkhL36rt8BoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNjczNzI1NjI2OTI1Njg4NvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2QqcMjwfw-F3QzOZwTgTP5Wlqr5Q%26client%3Dca-pub-3182858089993196%26adurl%3D
Frame ID: 3752228304EDC06F2F2A6CFCD2BA49A8
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0C7347451C9087DB3E476483F4AA2D0B
Requests: 9 HTTP requests in this frame

Frame: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: 00732880ACF8F40A39D08232E6A9C431
Requests: 18 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=kroonika.delfi.ee
Frame ID: 61B0F75CA47082594FF984769DDC1E24
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 09CF6804B5F2BBD5815DEBE166AF5E7D
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8123AC4E9CE9527406B3A37A18AE9A3D
Requests: 9 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 9FDFD4EEFB136CFD1D3AC3F42C53384C
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=kroonika.delfi.ee
Frame ID: 0AD2D578E71E78EBA752DEE327EB8471
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js
Frame ID: 67BA97CD48F77AEA7580ABF105F20147
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js
Frame ID: D3FDD7477F4445BD9530C36FF05849F5
Requests: 1 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
Frame ID: E14F24DE309D8A6168554DEF9CB2E119
Requests: 3 HTTP requests in this frame

Frame: https://ssp.wp.pl/bidder/usersync?tcf=2&pvid=97658695437786660000&sn=mc_adapter
Frame ID: 0C4A4168D5AD9B2F3DF14BF27E0D9FFB
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Frame ID: 0439D3B023CC44FD11BECA39D6B8AEEB
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 53521980C143A970301150AB8853F7E9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1
Frame ID: E4B24D582522068033C029E1F08E12BD
Requests: 10 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
Frame ID: AA8BE4FE4DA648B8FB700890D7EB13AD
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1
Frame ID: 1BBA79E92F18539B95B0359F7DB81C55
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Frame ID: B9922CB92A875374B134BD69E23BF2C7
Requests: 1 HTTP requests in this frame

Frame: https://ssp.wp.pl/bidder/usersync?tcf=2&pvid=33412073619599438000&sn=mc_adapter
Frame ID: 8562FD3EF2C5890AB24986BF004D9C97
Requests: 2 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 67F69BB8D913FC02613E2CC2F97A12D0
Requests: 1 HTTP requests in this frame

Frame: https://ssp.wp.pl/bidder/usersync?tcf=2&pvid=50571521353600100000&sn=mc_adapter
Frame ID: C8A3CB60FA4CC652D74DE9CA8BEAE10F
Requests: 2 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
Frame ID: 12E1CB75D570077C3973E1EF2062062B
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1
Frame ID: CD2221C2105D714C08B517DE7B5307D5
Requests: 2 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 7B32CC2FF2F004C65A67C49781D6DB73
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13408460
Frame ID: AB17AE1FEC15791BD3D96DCC19ED9D0F
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Frame ID: 9C9B9657FDFDF05847A6622D875E578B
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: F3FDC2E6FFDE5B9521E68291B6BAC4C6
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 53137429092D47DFA9355CBDD2394A37
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 1AA4C86516EAD7DD414F51A270519E81
Requests: 10 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Frame ID: FC62017B78372A39BE5D942D9F13D953
Requests: 11 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Frame ID: C65124141882FCABB2B99DFA94EECC4A
Requests: 11 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Frame ID: EB7036DFEB84B9235D58DF6E89208D2D
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Eesti üks tuntumaid onlyfansitare paljastas, kui palju ta tänu platvormile raha on teeninud - Kroonika

Detected technologies

Apple Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

appleid\.auth\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

669
Requests

82 %
HTTPS

34 %
IPv6

93
Domains

169
Subdomains

113
IPs

13
Countries

10719 kB
Transfer

19791 kB
Size

55
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://track.adform.net/C/?bn=59608988;crtbwp=vR5KWVVM5-81;crtbdata=fg2VYS8DBV1aLwvbXEkxDcjcd8PPeqZ7wXyML_GWQf8TE7tZt6XS_Yp-BrszzkeawPg7Qp89DyWBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;ccsid=94578;adfibeg=0;cdata=_H6XRAaKynXJx8PKI9--GWMnIDgbIZYXCrMcc6RtkaddKw_57esI4r80wNI6bl8i20ex1NiNs48kuWXXnSlQMikGJC9oIaMubxJFVmzrJUW_i-H68_0QU5Qp8ybucFIOzTiDkEl_89O2CQzOOrItQSN1na2XH0q_h9IZaKpqa9wGLTwmjjSz3b519wvZ-tzuFfRjGmTzFDONEyII0Wcqrycg6Lpz7F4FzrYG7minzej0mncS3IRucuCQ8S0B9Ykj2PCIyf_fkQnYUxhbt1BR9zZDQFpKVfccUfs7j8mSQ2k2vFB7EbTuZFCeLvG1goHL5kfDaBvrSVdnpXOwdque_ojQhFFFJ3weBjT52URoWfSjRd1ctES2hNL4Ad98s9F-6JLnDHikmR6EtcJhjoKj7MWDBRFqji17m8MgAuYTnPQ2KhRN7S0kfd6UonKUuVNmnMI-TU6MMiCHzcqkzU6pprPwQB6sObO-8na5v1hQttS09JzQCPhy8_jUQJijlOZkXu39f2So0pixl2BDZPBywSLdS7_tUdwlrNgG7e8CrIUzafct_dRr5FAuyUWx1P63XU3g5QgDz9CGDkyQjcMYmSOfrzRF5QQHTi10vIC8lFlTysIQ6HHIWRa5bGHAP-lJ5NgYMmEr4DjhdboTbySxnTZz3W2iXU3KUB7R6cT5Yo7Z3GkKvKNPw0CvLJQMWGLfv_QAZN_Th9RRzx8C0v0Df1I6O6xDI7MjdlABjW33gFIp3-HcdHOt-updcmWt7qMwSbu78j-dvUpbiAsMEzVJ0ylDWvC8xYectuQuQ-ovW-HE3KVYHVhY8cY0BDMr89dQ2t29WSu65SRDzVNQlB_pG-Q-VoNNzZNd4UFuhV40q881;;fc=1;CREFURL=https%3a%2f%2fkroonika.delfi.ee%2fartikkel%2f120110364%2feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud;C=1

Search URL Search Domain Scan URL

URL: https://track.adform.net/C/?bn=59586400;crtbwp=Q8yR5Xr0r8Y1;crtbdata=0fQ_vxSbAMBashRmZO8bEfb9Ug5ClusafUciiG6vDQeYRUDsCGVo_Ip-BrszzkeaHJdyrb0uc7GBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;ccsid=87883;adfibeg=0;cdata=yb0I91JNWK9ytBZlOkVB4y0y9ATXlRpx7pEmRnXkACRdKw_57esI4r80wNI6bl8i20ex1NiNs48kuWXXnSlQMikGJC9oIaMubxJFVmzrJUW_i-H68_0QU_cO8jJC2-uKT6lHz-rWbGIR2uK9RgtQRn6xyidQDEg2h9IZaKpqa9wGLTwmjjSz3b519wvZ-tzuT3M9xwnPVkMS9g99BydCWbI90eaXTLWvWTkmKmpQvEpEtoEgILvUAGoWX5PbYkRxWYYi3St_TRPYUxhbt1BR9zZDQFpKVfccUfs7j8mSQ2k2vFB7EbTuZFCeLvG1goHL5kfDaBvrSVdnpXOwdque_ojQhFFFJ3weBjT52URoWfSjRd1ctES2hNL4Ad98s9F-6JLnDHikmR6EtcJhjoKj7MWDBRFqji17m8MgAuYTnPQ2KhRN7S0kfd6UonKUuVNmnMI-TU6MMiCHzcqkzU6pprPwQB6sObO-8na5v1hQttS09JzQCPhy8_jUQJijlOZkXu39f2So0pixl2BDZPBywSLdS7_tUdwlrNgG7e8CrIUzafct_dRr5FAuyUWx1P63XU3g5QgDz9CGDkyQjcMYmSOfrzRF5QQHTi10vIC8lFlTysIQ6HHIWRa5bGHAP-lJ5NgYMmEr4DjhdboTbySxnTZz3W2iXU3KUB7R6cT5Yo7Z3GkKvKNPw0CvLJQMWGLfv_QAZN_Th9TI3F5qhSp21WqSR2OJpOyZe9VzeHN4GLUp3-HcdHOt-updcmWt7qMwSbu78j-dvUpbiAsMEzVJ0ylDWvC8xYectuQuQ-ovW-HE3KVYHVhY8cY0BDMr89dQ2t29WSu65SQnAAy844wKPeQ-VoNNzZNd4UFuhV40q881;;fc=1;CREFURL=https%3a%2f%2fkroonika.delfi.ee%2fartikkel%2f120110364%2feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud;C=1

Search URL Search Domain Scan URL

URL: https://delfimeedia.ee/andmekaitsetingimused/
Title: siin

Search URL Search Domain Scan URL

URL: https://ilmateade.delfi.ee/?utm_source=Delfi&utm_medium=top_navigation_link
Title: Ilmateade

Search URL Search Domain Scan URL

URL: https://www.delfi.ee/
Title: Delfi

Search URL Search Domain Scan URL

URL: https://www.delfi.ee/vihje/
Title: Saada vihje

Search URL Search Domain Scan URL

URL: https://www.delfimeedia.ee/kontakt/
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://delfimeedia.ee/kontakt/reklaam/#veebi_reklaam
Title: Reklaam

Search URL Search Domain Scan URL

URL: https://www.piletitasku.ee/et/
Title: Piletitasku

Search URL Search Domain Scan URL

URL: https://kroonika.ee/kogupakett?utm_source=Telli&utm_medium=nupp&utm_campaign=KR
Title: Telli

Search URL Search Domain Scan URL

URL: https://www.delfi.ee/telli?utm_source=mobile&utm_medium=button&utm_campaign=telli_mobile&utm_id=telli_kogupakett
Title: Telli kogupakett

Search URL Search Domain Scan URL

URL: https://track.adform.net/C/?bn=52259268;adfibeg=0;cdata=rjreUYWL-46m6y-81BNOaoYD-pZwoOmU3RvGPYPYxtybs4XJ67soYMYNLCoyA1zLEQKcaNO0ejHhjhbJe4UWM37rxu7csQJn42yxz8f6pj97vl3M5zAlMr6gt9BFh3T9aEmMJs5tJqhhLguOglqNOzv46zE34a37gK0xnpFwMG980gOmTRKIvIHjyqXw2O427T20Z2ej74-DEFa6NCnW4TefmU3-P9ZxVNbr-plk2qRttCMB9g_hUCwAuo8Rwg4OCm3MFsyOHlPXrtZrqFWKT9rE01gCaF03UHPwyIz74lC5eV3wRC05cuwMUt6wJEZEkIRoSHcCJ7zWp3UWiC9Mguolsoc0XRtMJRcp-ut49U1LaBTZ4QyY0aqOe8rCaqGd09hL3k_bPbGS8CsGBaIbzNVcK2sbPZjy6n1xq3qwpgiFBaDEWumjanR2kRdAk-11wtChDNy9DqSafUh-Bn43rUNOM0-QQmcTb-MMkid4eMyM_hF8VWtiFhhDDlLD_Qb8wHaQLfFPPytXWjexHruDzAfobiOY6O6bPcdKjYVGDD4XEO9iAgOIUwKkExDjowHFk1CHLWrDYYa3vbmxRMcZxF33905iDd4FfE08EwGcN4ZYoi7_DioSf-f3WhYs11QbI1m1XwDtHZSwyFJFxfF5eAblBMO4KiKeez1sO19_mVFnGoM5qu9kxAbOcgIuzDyg6Pwp-RDbhRd3kTAYXjU6Ah6RIES8NB3jb1miT2SBHEezGrrztGf5srp6zx29YGDQRstwCrAWbgd8z5wCAW_BeCha6ZgE-tpnv2kFQnC-5ziEvyKO-pBfCpEKpumoN8k9sDGqsNfoKp7WVrR97z0U7E4il2OYoiRN5gMDLy_2GfjGyH7soK0q4XmDXUOZVk06AwUCpn6BwiBaRcsyvrdvgIMfWT29q8v6BaRxlZ9KaWlZa5lz3IagSZeSikMzgNUdvSWT-sOAjOeyru2c0ucjnI6hdJSbN5OzNl2ieWKiuEXNO35Z3VL-FxJ6-PiqYBW7BVnPkDZ0PiS6tMbP7YGjJjL7LulNqCM1HR__vnBVhdHFRuAtzyp8hsEEMENfWYFbmj_iVtPeF4tbYJWdm_R30Vu6GRG1eaL7dxLWTIba7PZHiGfQ2y7Nw7RnKmF9Bj9nOgfOndqL4SLKqWCdQ5N6d8vYEFKE629sXJAAWOVkSmAFgxcH6WRe07Q8FOy_bSzqS_M6L508BuEtcGRbgNiE5eGiNy8P3WAAncc96kImOqBB_xJyovJuLGDx61f-toIYOqAn4rfMVNM5AsdQ00-uZdW9VN4Sc-7FMzc1suIxyitJ5GwnqPgqfQ-aM7jRVufr2itEtwD_WRo4Bo71maeTR6Zi_T6-TjI6w0Jq8vgeDvJc3TE1KNGr3k4qoyAzKZkDdg-J8sXi9yAEaNDFis0oadEP7NukkLVkZbsZprL41RtxIYNC2GjF-nDNiQDTFlJ__FzyrmfEp375fyBg6KjiwpW3ULjs2o4dPIw_2_5ptI1yvADdE82PXjytyDQSXowcfKGO2na0F3f_vyfnaXZNgUqGdUZ0JT5n3Iy8ozBFA-o02wQ6pB3-EHnUdxXEjXpvYz6aot-4kCA3L7sAPztmhtX8_uisA_ifoT50YZR-UVvHI-iYzuzNxkJh9bjQv7oA5QGSj49LTyaM5CEjKPruqDjiQd24XfDjWRS2J7JE3IOepF6UitprERev1WfigFxPM-pAK-py3lpHOof8DNEhpC4N4rWAx3PY2p_rEBqH8T3mzQMuY7HpeZXYVmmQKbTBKbC7suB5-77Y_BuObNbczGGiVNrjNtDZEAhJV_cORJQXsRz3WVFwyiYRatAbbXbLT7gwLjzLccw1;;CREFURL=https%3a%2f%2fkroonika.delfi.ee%2fartikkel%2f120110364%2feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Search URL Search Domain Scan URL

URL: https://track.adform.net/C/?bn=52259268;adfibeg=0;cdata=rjreUYWL-46m6y-81BNOaoYD-pZwoOmU3RvGPYPYxtybs4XJ67soYMYNLCoyA1zLEQKcaNO0ejHhjhbJe4UWM37rxu7csQJn42yxz8f6pj97vl3M5zAlMr6gt9BFh3T9aEmMJs5tJqhhLguOglqNOzv46zE34a37gK0xnpFwMG980gOmTRKIvIHjyqXw2O427T20Z2ej74-DEFa6NCnW4TefmU3-P9ZxVNbr-plk2qRttCMB9g_hUCwAuo8Rwg4OCm3MFsyOHlPXrtZrqFWKT9rE01gCaF03UHPwyIz74lC5eV3wRC05cuwMUt6wJEZEkIRoSHcCJ7zWp3UWiC9Mguolsoc0XRtMJRcp-ut49U1LaBTZ4QyY0aqOe8rCaqGd09hL3k_bPbGS8CsGBaIbzNVcK2sbPZjy6n1xq3qwpgiFBaDEWumjanR2kRdAk-11wtChDNy9DqSafUh-Bn43rUNOM0-QQmcTb-MMkid4eMyM_hF8VWtiFhhDDlLD_Qb8wHaQLfFPPytXWjexHruDzAfobiOY6O6bPcdKjYVGDD4XEO9iAgOIUwKkExDjowHFk1CHLWrDYYa3vbmxRMcZxF33905iDd4FfE08EwGcN4ZYoi7_DioSf-f3WhYs11QbI1m1XwDtHZSwyFJFxfF5eAblBMO4KiKeez1sO19_mVFnGoM5qu9kxAbOcgIuzDyg6Pwp-RDbhRd3kTAYXjU6Ah6RIES8NB3jb1miT2SBHEezGrrztGf5srp6zx29YGDQRstwCrAWbgd8z5wCAW_BeCha6ZgE-tpnv2kFQnC-5ziEvyKO-pBfCpEKpumoN8k9sDGqsNfoKp7WVrR97z0U7E4il2OYoiRN5gMDLy_2GfjGyH7soK0q4XmDXUOZVk06AwUCpn6BwiBaRcsyvrdvgIMfWT29q8v6BaRxlZ9KaWlZa5lz3IagSZeSikMzgNUdvSWT-sOAjOeyru2c0ucjnI6hdJSbN5OzNl2ieWKiuEXNO35Z3VL-FxJ6-PiqYBW7BVnPkDZ0PiS6tMbP7YGjJjL7LulNqCM1HR__vnBVhdHFRuAtzyp8hsEEMENfWYFbmj_iVtPeF4tbYJWdm_R30Vu6GRG1eaL7dxLWTIba7PZHiGfQ2y7Nw7RnKmF9Bj9nOgfOndqL4SLKqWCdQ5N6d8vYEFKE629sXJAAWOVkSmAFgxcH6WRe07Q8FOy_bSzqS_M6L508BuEtcGRbgNiE5eGiNy8P3WAAncc96kImOqBB_xJyovJuLGDx61f-toIYOqAn4rfMVNM5AsdQ00-uZdW9VN4Sc-7FMzc1suIxyitJ5GwnqPgqfQ-aM7jRVufr2itEtwD_WRo4Bo71maeTR6Zi_T6-TjI6w0Jq8vgeDvJc3TE1KNGr3k4qoyAzKZkDdg-J8sXi9yAEaNDFis0oadEP7NukkLVkZbsZprL41RtxIYNC2GjF-nDNiQDTFlJ__FzyrmfEp375fyBg6KjiwpW3ULjs2o4dPIw_2_5ptI1yvADdE82PXjytyDQSXowcfKGO2na0F3f_vyfnaXZNgUqGdUZ0JT5n3Iy8ozBFA-o02wQ6pB3-EHnUdxXEjXpvYz6aot-4kCA3L7sAPztmhtX8_uisA_ifoT50YZR-UVvHI-iYzuzNxkJh9bjQv7oA5QGSj49LTyaM5CEjKPruqDjiQd24XfDjWRS2J7JE3IOepF6UitprERev1WfigFxPM-pAK-py3lpHOof8DNEhpC4N4rWAx3PY2p_rEBqH8T3mzQMuY7HpeZXYVmmQKbTBKbC7suB5-77Y_BuObNbczGGiVNrjNtDZEAhJV_cORJQXsRz3WVFwyiYRatAbbXbLT7gwLjzLccw1;;fc=1;CREFURL=https%3a%2f%2fkroonika.delfi.ee%2fartikkel%2f120110364%2feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Search URL Search Domain Scan URL

URL: https://track.adform.net/C/?bn=60128054;crtbwp=17nOlXG9bA41;crtbdata=zDPfQtTlILnAFm4IWGSiGXSPQeLRTAvsNwjstQE-jkv9Zx1PIK_JqYp-BrszzkeamUdWmEljizyBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;ccsid=96330;adfibeg=0;cdata=aW7RCjag03zrJNUgXL-ODjehcpKth9DdYbWCpzxTRERdKw_57esI4r80wNI6bl8i20ex1NiNs48kuWXXnSlQMikGJC9oIaMuK3aPavyklkW_i-H68_0QU4S-G2W0i8kUXKJ9key9GpjHYF5FFJuWdZckfaqMwPLmh9IZaKpqa9wGLTwmjjSz3b519wvZ-tzuaxQFKMC_L_wO5DoxwVw93Gx7JNctIJiiU9tnbo9tMGVUHPS6J_-j37gUNSg5OoRK7x7FPBJ6yWfYUxhbt1BR9zZDQFpKVfccUfs7j8mSQ2k2vFB7EbTuZFCeLvG1goHL5kfDaBvrSVdnpXOwdque_ojQhFFFJ3weBjT52URoWfSjRd1ctES2hNL4Ad98s9F-6JLnDHikmR6EtcJhjoKj7MWDBRFqji17m8MgAuYTnPQ2KhRN7S0kfd6UonKUuVNmnMI-TU6MMiCHzcqkzU6pprPwQB6sObO-8na5v1hQttS09JzQCPhy8_jUQJijlOZkXu39f2So0pixl2BDZPBywSLdS7_tUdwlrNgG7e8CrIUzafct_dRr5FAuyUWx1P63XU3g5QgDz9CGDkyQjcMYmSOfrzRF5QQHTi10vIC8lFlTysIQ6HHIWRa5bGHAP-lJ5NgYMmEr4DjhdboTbySxnTZz3W2iXU3KUB7R6cT5Yo7Z3GkKvKNPw0CvLJQMWGLfv_QAZN_Th9SYpL4usoK00HKS1TEcm_u_Kd_h3HRzrfrqXXJlre6jMEm7u_I_nb1KW4gLDBM1SdMpQ1rwvMWHnLbkLkPqL1vhxNylWB1YWPHGNAQzK_PXUNrdvVkruuUkYdPk-iSA7DLkPlaDTc2TXeFBboVeNKvP0;;fc=1;CREFURL=https%3a%2f%2fkroonika.delfi.ee%2fartikkel%2f120110364%2feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Search URL Search Domain Scan URL

URL: https://www.delfi.ee/kogupakett
Title: Mis on Delfi Kogupakett?

Search URL Search Domain Scan URL

URL: http://www.zlick.it/kkk
Title: Vaata lähemalt »

Search URL Search Domain Scan URL

URL: https://lehed.delfi.ee/tingimused
Title: üldtingimustega

Search URL Search Domain Scan URL

URL: https://ekspress.delfi.ee/artikkel/120109356/hittsaade-villa-langes-jogeva-teismelise-ohvriks-kes-on-nuud-nii-advokaatide-kui-ka-prokuratuuri-huviorbiidis

Search URL Search Domain Scan URL

URL: https://ekspress.delfi.ee/artikkel/120109356/hittsaade-villa-langes-jogeva-teismelise-ohvriks-kes-on-nuud-nii-advokaatide-kui-ka-prokuratuuri-huviorbiidis/kommentaarid
Title: (177)

Search URL Search Domain Scan URL

URL: https://epl.delfi.ee/artikkel/120106278/metsaring-narkodiiliga-tunga-saanud-tolmuimejate-muugiagent-viis-alaealised-metsa-ja-sidus-puu-kulge

Search URL Search Domain Scan URL

URL: https://epl.delfi.ee/artikkel/120106278/metsaring-narkodiiliga-tunga-saanud-tolmuimejate-muugiagent-viis-alaealised-metsa-ja-sidus-puu-kulge/kommentaarid
Title: (131)

Search URL Search Domain Scan URL

URL: http://api.cxense.com/public/widget/click/xKqCE83EpFd4rSfTI_qDTIZ-EJ1A4SkyB38ZmvAxnuOMbhGYdEi07XCdNC0zp3w16m3fBXY8aW_zsS2578DyXMkWAl2YeVjNu_WeZLU2YhfJU0jZuhvWkcti1ZIMOpgtV0YXMW9OfWBCUQXkSCRlppVJGYvlbUPycVUjV3un9TZ-bZAlKz1BrFtZrCO1qHXc2fcHLRTr5bFo0xeaF43V_vxt07ImwVvxlMvhe22XK9uSuUrBLcYNzy67xI5_qvg-MGuX7WvRGXCgQmbDYah7QZCdfTHxcoyw4ytIbM419rKCceZ0R7HMCn9x9R0R3GAvMv3_loiTVtO7qCXJIX4f1h5c-BvxshW991sG5EdX_XbHnYQ_Sv7Xv0QY5iSU3jFgjsyLafY8NThamTD6BqAjv_Y4w72qj1hAlkAWpz3OzF9w5xmCaJM9zsQRqIGSrRipcy8r_839BGGZzAoMZBo5dVSJzJmW_fIFNoirIX0SbemrlK2mN9gFm2dDWl4RtNsAMUN-YftlePiIq4bNGeawLKTESSEmTXkS6Z0rSMzFSU1YWQXHGcE7o7B-ZzwT_R4RRi5Bi-qf55v8haoHv4FmGtle9GbcwAxsuI_j6WusQG9bclHaQOJvcpW_KQ0

Search URL Search Domain Scan URL

URL: http://api.cxense.com/public/widget/click/xuiw3KDU1ZGdYjKGT1h98p6zfC7zkq8yw36XFX6AB9mDJ7e_hMyQZ7Wc1f-wk8FE9PcyuDFE5cQG4xNCBl2_pJ8euVdN583tdi_0Q4R4K4ynvHlhzGdKY8vUX7hQnJhn1WOat-CCdHDtEadXiLWsSV8N9eM3FaOzq-x-DoVRv8Yhv3XBk7Oc_dMg3mh9ZKWlvrfJ8CYxpot-YJvXSEiOT7e23HQgCs4QX-ZK4Q16pjSouco9ZlXyjI70Aq1J6WstiXUuHupMcS2mefT0xdUX_XRl6w1cuLJI-VtGssRHcXUgT1PaQ6l1u4nLYMUeYRVaa8Wg4FgJgHE5bNcicLCjJIrk2fCAa8xMuJh166sth7BO0Lf4BFpif2GAySFegkSsvEzaWF49PbUZT7k-9PEYtNy-yFefQDFgMvj8tdQqWtE8v6agFHmf2Ri0oy3c1uyPoWjaYrcEFLEqern7D1wPSQf12sfH5XfNiK9LUIAYVvvnTBWFXi9z5O-ggcWbPrmffrz0S_dNP_6DHX91foBu1wox-49eJwCUm4voQu-aV4fCu1wG8SBTmy4RlBYo9Utty848AJGP6Q6gEctoPKQIh64SGy4x_FzctctQJP6xA4FiijgFhR0icu7JWEOg0Aw0

Search URL Search Domain Scan URL

URL: http://api.cxense.com/public/widget/click/5aAd8H9CKdGZQQryti9IJ5-lnzYF8OGqKnOm0TU2ovdtjT4kpDgkxeCoKusQVyWZUukvyMUDRF3Rl6HfLBhdj6M7pW_U0Xx0JG-txrA4kVOjDPur2zVvG-cGyc-NYao4TWgH8WF7lYvEoMBg2gaB0YkO0MABYrFk6dVq0WZBwqmQoA-R0K4dhsw3YFtOY3uz_tGjfIUF3o2p2Vv8K0ycz0YLx5Adu1QRJiGJg7ETmBorVCUm1pNNroAdXvpqG8nAma9p2dGRUJ5vm-QrfHin1mGh-gvJOJrPI6GPxjsLHBNX0geh_doXQsdw8xQ8Uqom5w85gT9Ei_ZtbMhoeE5FbKrzJzmfRbyae9iYlqEZyU5so_K_h_YIbP2QTiDfkyr1HSiQEFkXv_OZw9DWYXJPH4ICHONYOM1PKI8TDg5kaZcB3a5nc4TxXCbHhDFMSK70CfNNANk94NKKHJp-lzJDZe3D0q4deELVenvaPQKwCP2fGkk4BEuADKKpqKkhGoBo2iOVkq_TW-IMRnCy4av_cNtNiUBEwIM0_F4Sazuamz4Tyj4WMsEq6AV0udE1fPTVXXhR0DV1KzQvC_4itxZ5HDOySntkMboPNVv2cajELHdy7erhZ8lSSOBb0

Search URL Search Domain Scan URL

URL: http://api.cxense.com/public/widget/click/lyeZXQ7yv6qFKoZ7zcAWGSBfnVN5TPV8k_3o9l704Y1Pl7QXoLAwKphjr97Rw8yGGJOcU1taOEbF5y60hNrvsk0S288y2g792ztQvKq_Ctir7TVXwPtfvQKDnzg1nRJa22FCXYc_Q608FEC0kI0wPbC2M1DNTJe-okh9YKVLfsRlYGH4yeEOXMvniQwo_3IR8-HDMzey6sBaxvR3zqwaT7sT4GjEQnUIyYbTIFyFYzdMzo8mDxTii_KBNN0VF6d-KXQJmys8EwVnDNY3EPkBZM_awYMcHGcfvzXUBegsno4LvIWHQKBBBLRF9rKxv24tStig_kspKFVKMDeqgf_hIs5Bj8yZGEN7tuifTq1D8sJzKgPcUXSoaT2uM15CRt7LGP5evndFC1ecq9wJaKu3pi0PRzEQ5wLfZO0Ag_H8RxT0PkFYNr4hgB-fmCCzUPEgU8yuJ_lWaWQHtC4Ha58gacAPpHPoaRz29Xn5-beyndGLur3zKjkrOhIZ4u5e3LRZv9G0werdIlahZAEBJFLihBKtpnrgN6Y7ULo97hihpIOtcCxyiEoCoRm9JH-whm8xMtshgVJ4_3TplNzl122jYbgra9gz8YgzW6YOWiwP15lR9t1cAFT7HSFRKXsRPnQ0

Search URL Search Domain Scan URL

URL: http://api.cxense.com/public/widget/click/QM9vHGafqjwmR8sAqlvK3wVzuUeKSUWRcjOXB7jSizt6tHya49J4jkrmJOlDmRUXlSJom_XlUdA49zHpqsknQSYNKx4l5loc3YFjfvWaFhXSEAnfhONg3oDYMshJuwAC5zDmIbKSFPKFWn_Z8ewypzoeIIKMlAgCvefCUjR6Kr1VAiiJx4Gd9BvQ3P7OdWt72faho-HCUKfZcRfJLb5As__UWFMUMER-SEo3UTjCh1svEf_GTIacvadBPUs0KF8Z7estnn-Pmt9_G48NiXj0hSWO82O6PeyQ1MQXPhml5zVZcozXthUfr7ul2jgJNNWN9kvxj9nWs2lRMA2j4hRlVOt4hU69-pANT93vq03OpXi7odXxmS_F5fWsr75KVLobUd1wkSpLiqTq-XfvpUQNh6lQxSuW02wdrWPM_9YvUaxeCQQKGTjeqsX1nQxCZQLPgtNMSvgsqyqVd0B21m0HJDIG1S9s4voPIg_kr17ssPYAok5O0zmeBeYhnI3dD7RJPseE393g2qxmPbf8YmkRrIx1bn0KD17wGkfegSPVRhYd0HEDljkEj6PBa7e8bFr2VncrFPuXWL8kOMTZQdZmoQhui1-4DWr4yq35v-l3h9z9qF9utRvUraKE0

Search URL Search Domain Scan URL

URL: http://api.cxense.com/public/widget/click/MgeH7sIzMkqXV2sPKZ_kJeYyDi1jm9V1lhKWyJta78qGSSA8wPlmgfhWucPdJtPpMzWGNSRhmciW10kCkepc83-SEyJP_8Xgl4U2L3Ot35o_oe9H5NQzPzrkzRUUg--MemR1tT5KWzruwyaoOfJF1-ShfO2T2zOq5QbS2Tr0cxhLRIgbWJLYo6w6gXJOBPk2eti5s8phc5mO-w68N3RETEIw5dkvTeMiBbUCUL2sUwkXGpW3FrpBzdZAszuCOqOd5Ytdm0TTe7SIML9vMv7Rnu6aGgHM88gVbDpVKMBw_dYsyHHnNPR-KfuWTR69daHNLcbMaS-xDvPL6nQ8J_ECLvPbX7mBF7R9nnh6BgVpIWIzDNO2L7dwSuDtpx7Jte5Zl3-XI7GQRCi3Cv8TwdAHciplfSvXF3RDT_zgLJv9zZ4Z2TVtoQHljMX_BcQ1ts0vZDLscOzqykGYGHajeyxvjfZZc1hYVN1H6oDACnA42mhohQ3cQZ0k3qI2uSBtDQedexXTi65UDnyu__PO5TZJEdsib4GlwkYDWByJ_xtyN1J9fUjxnmZcnlvl8dA32d_NStl6-veMZjPjm3_ARfCTR9zfuTpTC392weJcJqAOglcOJ5NZR54oR96E2D6JHSPa0

Search URL Search Domain Scan URL

URL: https://delfi.ee/a/120105880

Search URL Search Domain Scan URL

URL: https://delfi.ee/a/120109882

Search URL Search Domain Scan URL

URL: https://delfi.ee/a/120109062

Search URL Search Domain Scan URL

URL: https://delfimeedia.ee/kontakt/reklaam/#veebi_reklaam?utm_source=Delfi&utm_medium=footer_link
Title: Reklaam

Search URL Search Domain Scan URL

URL: https://www.delfimeedia.ee/kontakt/?utm_source=Delfi&utm_medium=footer_link
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://telli.delfimeedia.ee/kroonika?utm_source=telli&utm_medium=button&utm_campaign=footer
Title: Tellimine

Search URL Search Domain Scan URL

URL: https://delfimeedia.ee/uldtingimused/?utm_source=Delfi&utm_medium=footer_link
Title: Üldtingimused

Search URL Search Domain Scan URL

URL: https://www.delfimeedia.ee/talent/?utm_source=Delfi&utm_medium=footer_link
Title: Tööpakkumised

Search URL Search Domain Scan URL

URL: https://www.facebook.com/kroonika.ee/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/kroonika/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 118

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adform HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=

Request Chain 119

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

Request Chain 120

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fcm.adform.net%252fpixel%253fadform_pid%253d16%2526adform_pc%253d%24UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

Request Chain 121

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=8276ccb9-6a23-45aa-951e-86f1fd5aa442

Request Chain 123

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adform HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=

Request Chain 124

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEMkVfJItIyEd4_PVK8gKMus&google_cver=1&adform_v=1

Request Chain 125

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fcm.adform.net%252fpixel%253fadform_pid%253d16%2526adform_pc%253d%24UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

Request Chain 126

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

Request Chain 128

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adform HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&gdpr=&consent=&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dadform%26bsw_param%3Ddac85cfd-3846-4399-8517-b216496d2bad%26gdpr%3D%26consent%3D%26gdpr_pd%3D%26expires%3D7 HTTP 302
https://x.bidswitch.net/sync?dsp_id=354&user_id=75f23369f4bd4e28a8e1b24bd94e6883&ssp=adform&bsw_param=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&consent=&gdpr_pd=&expires=7 HTTP 302
https://cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1

Request Chain 129

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEPK48j77saZbnJG9fOB8GS0&google_cver=1&adform_v=1

Request Chain 130

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

Request Chain 131

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

Request Chain 133

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dadform%26bsw_param%3Ddac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=cac86390-d06d-4600-a01f-5cc7edd249b2&expires=30&ssp=adform&bsw_param=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent= HTTP 302
https://cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

Request Chain 135

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

Request Chain 136

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

Request Chain 138

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=adform&ssp_user_id=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-en0vXf5E2plTFqbgu7mg8lXDep_eK47X55BMaQ--~A&expires=5 HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=dac85cfd-3846-4399-8517-b216496d2bad

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

Request Chain 140

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

Request Chain 141

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

Request Chain 143

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=

Request Chain 144

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

Request Chain 145

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

Request Chain 146

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

Request Chain 148

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=dac85cfd-3846-4399-8517-b216496d2bad&ssp=adform&gdpr=&gdpr_consent=

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

Request Chain 150

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

Request Chain 151

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

Request Chain 153

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dadform%26bsw_param%3Ddac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=29536390-d06d-4600-9ba7-cbb2e58a7763&expires=30&ssp=adform&bsw_param=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent= HTTP 302
https://cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

Request Chain 155

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

Request Chain 156

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

Request Chain 159

https://sgaee.hit.gemius.pl/_1670434924203/rexdot.js?l=106&sendf=8&id=15ZLa_rGmEYLSnLok8gDurd8HeI8L4dc_pjMCJKah1D.A7&et=view&hsrc=2&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=DifHABptqVCOeTqEKb7Wg0lpzKYehbH8JkHmVnfHNqD.87LD10qV70j3imGge3ForjFvOj337K3e7Kj7KKxOSRRe7kJi/d6yRoQSP_qrIY/&fpdata=fOnaLYnALRylOfOTZKZOpfvH58raiMc.UvNciTPFHrX.A7&ltime=305&inner=_ver%3D331%7C_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D&exid=6390d06b35733c61&fpcap= HTTP 301
https://sgaee.hit.gemius.pl/__/_1670434924203/rexdot.js?l=106&sendf=8&id=15ZLa_rGmEYLSnLok8gDurd8HeI8L4dc_pjMCJKah1D.A7&et=view&hsrc=2&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=DifHABptqVCOeTqEKb7Wg0lpzKYehbH8JkHmVnfHNqD.87LD10qV70j3imGge3ForjFvOj337K3e7Kj7KKxOSRRe7kJi/d6yRoQSP_qrIY/&fpdata=fOnaLYnALRylOfOTZKZOpfvH58raiMc.UvNciTPFHrX.A7&ltime=305&inner=_ver%3D331%7C_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D&exid=6390d06b35733c61&fpcap=

Request Chain 225

https://c.amazon-adsystem.com/aax2/apstag.js HTTP 301
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js

Request Chain 232

https://c.amazon-adsystem.com/aax2/apstag.js HTTP 301
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js

Request Chain 239

https://c.amazon-adsystem.com/aax2/apstag.js HTTP 301
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js

Request Chain 260

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkroonika.delfi.ee%2F&domain=kroonika.delfi.ee&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=t-wrbHxFRkhEVlB3a0EwR0JzaXhmaVAyV0d1bGFVcWRzUFpmWmJ1V1lxT1k2RnNlUnNJOFBrcmlWMTZuVUY4REgxSWRQdlBnR2RmOEVxWVNCWHgvT0p2T1dVMUhIdmo0aks0dTBYS3BNTjF4QzJSa1FSWHBjVTZxNEZaQi9UVzBCQ2xpRXQvNEVPb0tYd3FJODU3T2VDNks5SVY3STFkWkFYTlJKaGJYcjhqRmE5R1ZjREYxSVNHVUdZT3Rkbng4Y1NvOWZWR3UvSThDMkdPemcrOEZEL1hoZ0p6RHlEcDI1Umc2TW4zcFBkYjA2R1JSL0plSHd0TUFLMW41QkdRUlRYcHhXfA&cppv=2

Request Chain 267

https://csyn-r.cxense.com/?cxsite=1145189970857384309&partnerId=csr&cxckp=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1077&cid=1hp4d1gz1pjzn3oepuy6c44ld6

Request Chain 276

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkroonika.delfi.ee%2F&domain=kroonika.delfi.ee&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=RzwnOXx4SC9UL2xJZkQ5SlVxZHpxVUZWLzFaanNJSncwZlZvWUpFemxYaEFhc0h4Z3FtUTlCM3BsK2pnQk1MRnlMdUttWEt4SU1XT21ZaU5mdTJ4b3dzaElDaisya3FLcSszNlN2K2Y3WDFneTBsTW9LbFpLZE81SFhRYVBsMmJSYUVwbWVzQ1JYQ0NUUVBzeEZCMTVHZ2c2SS8zdlVFaU1LSDJOWFRFVlhBWWRiNUJMVXpEZWk5QlhXdFJXV2ZscU00L0ZEQjJ6NUptMlZ3STZCSzR2eFdxUXlONDIycFlMOXhHamlXWGl5djJhdElZdWRLbWJOWjczWVV4ZlVVU0xrcFpPfA&cppv=2

Request Chain 284

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkroonika.delfi.ee%2F&domain=kroonika.delfi.ee&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=MK-ryHxSLzYxR0MxUEUzV0ZIb2VKelVkUEw0eUc1cjlXenRMQVBQd3pOVUIyaE9FbTg3d3NyK0F6WW5OUk55bXdhbkFIWHdlbVBDOGtYOFoxK0tUK3VuT2o2ZjVlVzAzaE5SYXRJblh3TVJPYnN1cXVNWWZ0MjhjamhiMkMyVGNlcXVoNTlqYmQxVTlpNVZvVFpZUTAxK0MyRlZkZUJTTjJmM1pLdWkza0pOUzVOdHVrOUNsd0dDRGtlOGxpODk3bFYrUTlWMmRkaTVqeWpBVkRmOFQ0THZ5dERsMENlaXB5TG15Y0RMcXNhbGwrdUl2eExWK2VCMUNiK1RlL2RtdFE0VmRGfA&cppv=2

Request Chain 334

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=C08ADEC9225746F08A8EFD3CFC5BFF30&RedC=c.clarity.ms&MXFR=35211A3C4C396D1D1080084F48396305 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=C08ADEC9225746F08A8EFD3CFC5BFF30&MUID=3911E058642260700611F22B65496179

Request Chain 455

https://gum.criteo.com/sid/json?origin=publishertagids&domain=delfi.ee&sn=ChromeSyncframe&so=3&topUrl=kroonika.delfi.ee&bundle=mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3l6NVd0Wk9jWHlXS1RzbVhiWWpTY3h1TVMzWWtIVHlNemtKZHY0VUs5Y2lNJTJCQnRDVGxuJTJCNXpkNVhHMENVd2RWelpkYnklMkZqJTJGMzZ2UmdqczhoJTJCd0tTV0lieg&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=_W7vDXx3cGlIOTFlZy9KdTE0SThPdUd3YlZZcVZSZU5sYTgrNTY3clE0RnM5bDJQSmpXYzdSMmJBVTJJM1gyOHpCV0dieVJIQnR5ZEJBa2VPVTArcVJ5cS84SGhQQjZsQWFZNVdwVUNHdDdBMXk0MlBOWVFMV2tMR2FWUGt6YmlQMUNWVDhVdFJkcU5tdFFzY2cvNkJ3b0w2SEtDczlHOFJKTGo1U0Z3dFAwTU0wdzdueWE5Z3lUdzJIa1BkYkJTcm5ERjZqTUVqS0U0UUlPbDhkZ2FWR0NucExGWWlxRlhZVEtlWldGdzlCanZNM0RKTmp0a2dQMk1iTUtOU2R5Ty9WS2tvTWRodTFNcUhQT2o4OXVZbWtXSmx5Zz09fA&cppv=2

Request Chain 456

https://gum.criteo.com/sid/json?origin=publishertag&domain=delfi.ee&sn=ChromeSyncframe&so=3&topUrl=kroonika.delfi.ee&bundle=mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3l6NVd0Wk9jWHlXS1RzbVhiWWpTY3h1TVMzWWtIVHlNemtKZHY0VUs5Y2lNJTJCQnRDVGxuJTJCNXpkNVhHMENVd2RWelpkYnklMkZqJTJGMzZ2UmdqczhoJTJCd0tTV0lieg&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=mXme_XxGSC80bXN3RVNvT0R4Rk13RjhaNzdoR3hya1hacU9SbUxvbnI1SEMyOCsxTjZVZHFGSmgzWlFNMVpxNHcxTlVmbVh4Wng1bGJhYVl3QzBqb1lyNnBBY0lrTHVZZTV2ZkxjQ0JFb05HYXZJdEtzb3ZiWlNMNWcvYk8wQU53MldoVFNtdEsyeEhCb0FOcDd5RVpSdnFDZHFoY2Yyb01RV1pka2tpQWdQaER5eVB6OWRlZ3J4ZHlobVpGb21wbHYwbkZTUGdnQXlNM0xjZjZGWm5pUFNobm5uSWdMZGFRL1l3VDFHeU5KTGRlb2l1b2RJOTJmVm9pV1M1TFoxa1grWjhpOEl3V0RJTlBCWUl5bkN0TlM1VzR0UT09fA&cppv=2

Request Chain 469

https://oajs.openx.net/esp?url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&rid=esp&cc=1

Request Chain 499

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESECohVrC2nyKeAmYoY2S661I&google_cver=1&google_push=ASkJ3FaCLHe1a5hth4cStubBKjjd-LZdEB3Oxwjzxw_oRH7zHdQ0XCFS_cw-SMLlgxrmeSvYQUtT4Avg4bh7VF4cJ8oi_shOoFk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECohVrC2nyKeAmYoY2S661I&google_push=ASkJ3FaCLHe1a5hth4cStubBKjjd-LZdEB3Oxwjzxw_oRH7zHdQ0XCFS_cw-SMLlgxrmeSvYQUtT4Avg4bh7VF4cJ8oi_shOoFk

Request Chain 500

https://fksnk.com/cs/google?google_gid=CAESENiZ09WV5Ermvmcyt5EgTgE&google_cver=1&google_push=ASkJ3FYn5EWsSPLzIUhQE5iZ9RxvzO8YloPDTsHiRllOTyRPfuRmInWLv67IIvlDmMkNPhMB3ik0LComFUtVuTLQZqQjVqj4s9E4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RUYyRTc2MzM2MTkwNkU1MQ==

Request Chain 501

https://d5p.de17a.com/cookies/google?google_gid=CAESEMVsVdp3on65XDzvkA6KhiA&google_cver=1&google_push=ASkJ3FbKAfNon-dCNBXGbJXcU1uhRB0hTT6TzbNFmfZoQ4osOUzRVp-BbOAtDKS6v1ZdNnc1FlAlp0tvC5xODnaFfXdrATB5UTnL HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMVsVdp3on65XDzvkA6KhiA&google_cver=1&google_push=ASkJ3FbKAfNon-dCNBXGbJXcU1uhRB0hTT6TzbNFmfZoQ4osOUzRVp-BbOAtDKS6v1ZdNnc1FlAlp0tvC5xODnaFfXdrATB5UTnL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FbKAfNon-dCNBXGbJXcU1uhRB0hTT6TzbNFmfZoQ4osOUzRVp-BbOAtDKS6v1ZdNnc1FlAlp0tvC5xODnaFfXdrATB5UTnL

Request Chain 503

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESECFXBiLjNvIFO0y96phOLUM&google_cver=1&google_push=ASkJ3FaANWQA6dBdjq30HMZGCzjQF5gLCxsdRLSkqaFDC6tAPGyjmFYf5V9KyC-fRtwktWnsMtCnGD6Ga45I8as8wi-ilnrF4v_N HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESECFXBiLjNvIFO0y96phOLUM&google_push=ASkJ3FaANWQA6dBdjq30HMZGCzjQF5gLCxsdRLSkqaFDC6tAPGyjmFYf5V9KyC-fRtwktWnsMtCnGD6Ga45I8as8wi-ilnrF4v_N&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ASkJ3FaANWQA6dBdjq30HMZGCzjQF5gLCxsdRLSkqaFDC6tAPGyjmFYf5V9KyC-fRtwktWnsMtCnGD6Ga45I8as8wi-ilnrF4v_N&google_hm=Q3hlT0JqVVdSX1JKQ0ZGNG1sZV8=

Request Chain 504

https://ads.yieldmo.com/exptsync?google_gid=CAESEF4Aq2QmeaiAAVemsW3jM_0&google_cver=1&google_push=ASkJ3FZlPhhPjmwAna4hR9bkF8yphXY1xJYaYdYwIFREeCquQHm2lfcl7-oCABebJgO6iCi4mDjzmDFevC-ZlYVa_wll5np70oNI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ASkJ3FZlPhhPjmwAna4hR9bkF8yphXY1xJYaYdYwIFREeCquQHm2lfcl7-oCABebJgO6iCi4mDjzmDFevC-ZlYVa_wll5np70oNI&google_hm=ZzQ2YmI0ZTNmMTgzZDY5YjY5NzU=

Request Chain 507

https://gum.criteo.com/sid/json?origin=publishertag&domain=delfi.ee&sn=ChromeSyncframe&so=3&topUrl=kroonika.delfi.ee&bundle=mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3l6NVd0Wk9jWHlXS1RzbVhiWWpTY3h1TVMzWWtIVHlNemtKZHY0VUs5Y2lNJTJCQnRDVGxuJTJCNXpkNVhHMENVd2RWelpkYnklMkZqJTJGMzZ2UmdqczhoJTJCd0tTV0lieg&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=PHwzo3xERHFUb0VXa3FRZWFMcVZTWFZ3bU84NW4xa1ZIeml0ZXhjUGIyM0RmR1R6aHBDaGtlOTNhVlRwYVNUQnFkTGtBU2Nwa2NtNHIyemswc2NoUVVYUDUrOFpvQ09GZzR6VHJhc2VkQmYwUEswTG1SSkIySjZiblJaKzdyT0VtanE0ZDlKKy8xQXFMVm5Kb2FubW9IS3N4cFZDRkw0bm1HTXpxTXlVakFxdUJwdFVJVGZjZWJYaCttdVJrZWVRLzl3RGtQU2lTeHlPQmVnd0xzd3FlRWlleE9sZ2NoQS9GRVRGUjdCQXRLMGdOc0dPbzYzb1FlcmFiTElmR0FQRHJ1RlR3WEZLcG1saVR5NnVISTRxaTlnSENndz09fA&cppv=2

Request Chain 532

https://gum.criteo.com/sid/json?origin=publishertag&domain=delfi.ee&sn=ChromeSyncframe&so=3&topUrl=kroonika.delfi.ee&bundle=zApO1l9xVEZPOWxybUwxQlBQa1AySUhQTnUlMkJxVzJPc29iN2xRUkd5QTN6SmdUUmExJTJGVUFsVlNnRVI4YjIwYU0lMkZhNlpneGdXNloyVSUyQk5wNXVzbFlQZSUyRlA3VmJpaEclMkZ2cGEyaXJTZlpqJTJGekpUTERzcGF5TDJMTXhGRUhGNTUlMkJ0aVNnTW1GMmU4TGxTclVIb0N3b2JPcFBkV0NRJTNEJTNE&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=EEloyXxDZzFNMjB6VFJ5ZnF5SGJCTzVJcXJvc0dxYVZCN2VaMjdLSHlDaG5zdE95RlRhMUp1WVlrNjAxVlN0V3R3YkEvTytaeVpqSi9nVDlneTBYNG9CQ2ZGOWZhQ1FGL3Z4NlIvczVoaTVQNGdsTjRLQzZZaWpnRVpWUDIwb2Q3MUtsL3U5TkRjbmVETnlHTitUcC9saGt4ampITVFYeVppaDJJdGVGY2xvS2ZxKzZYQ0pVR0pqdzhFMTZLQ2xGQWJwOFBnSG1wR1J6d1hvR0RKL3M0aFZhQ0xLbVA1MFJjTWxFOHh3cFY0VVN6UG82MjJRdGFxMGZGM3loVHJoTnl2bkJjelc2QXhxM2hvVXVEK1F4cnhPck1TQT09fA&cppv=2

Request Chain 533

https://a.c.appier.net/gcm?google_gid=CAESEBLmwOlxEX5nMQQbxLKM_Wg&google_cver=1&google_push=ASkJ3FZ4E0uG6Z2NOCkvvPOBtMqsPbnUL2OuxKyL9hakQGR-eQMQjVnUIZHcvy0UKLFCSb21cYUKWhJqJXf9XtNMujyseOuO2-Lm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dlV5RDZzT2xDMS14SWNSRmN0Q1FZdw%3D%3D&google_push=ASkJ3FZ4E0uG6Z2NOCkvvPOBtMqsPbnUL2OuxKyL9hakQGR-eQMQjVnUIZHcvy0UKLFCSb21cYUKWhJqJXf9XtNMujyseOuO2-Lm

Request Chain 534

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_cver=1&google_push=ASkJ3FYrCCZdrgDku8-Ikky6p3YjoyzKqte6bmVTOhEp4k-pJiB2N5W0c1a8117hp0EuXV2wKhYkx_XbYz94wSh9gxfL9ZzBwrsR HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_push=ASkJ3FYrCCZdrgDku8-Ikky6p3YjoyzKqte6bmVTOhEp4k-pJiB2N5W0c1a8117hp0EuXV2wKhYkx_XbYz94wSh9gxfL9ZzBwrsR&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&google_nid=index&google_push=ASkJ3FYrCCZdrgDku8-Ikky6p3YjoyzKqte6bmVTOhEp4k-pJiB2N5W0c1a8117hp0EuXV2wKhYkx_XbYz94wSh9gxfL9ZzBwrsR

Request Chain 535

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEJQO7DC2Js5WAJsZ9QGFJOc&google_cver=1&google_push=ASkJ3FbIPmdwvws-YO0BSIUb4N9NLIYefLqFQtd_SXgg-wGiZqChYsKRAqJ16WCFMUZuwRxJ8V3nilwEcK5muOYlI-j7AK8UaCi1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FbIPmdwvws-YO0BSIUb4N9NLIYefLqFQtd_SXgg-wGiZqChYsKRAqJ16WCFMUZuwRxJ8V3nilwEcK5muOYlI-j7AK8UaCi1

Request Chain 536

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEFsZ7wK2vC2rjem5UC4K1pI&google_cver=1&google_push=ASkJ3FYL6jY2QeHKxj07E0UFgu42L9j5e3wUztCzvRLAGKFLoq9-rIOhGLpT69URyha29LrSZKX4y0P5Vwfykmy19Bo3A96jRQm_ HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ASkJ3FYL6jY2QeHKxj07E0UFgu42L9j5e3wUztCzvRLAGKFLoq9-rIOhGLpT69URyha29LrSZKX4y0P5Vwfykmy19Bo3A96jRQm_&google_gid=CAESEFsZ7wK2vC2rjem5UC4K1pI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU0MzM3NDQwODYzNzMxMjg2NjA0Mg%3D%3D&google_push=ASkJ3FYL6jY2QeHKxj07E0UFgu42L9j5e3wUztCzvRLAGKFLoq9-rIOhGLpT69URyha29LrSZKX4y0P5Vwfykmy19Bo3A96jRQm_

Request Chain 539

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEHOyfVealzt-Dhd7EaMAHnQ&google_cver=1&google_push=ASkJ3FY4k6RtgXTsXFoDq-OlcjW2DRrrrd4w8lVQDX8CnsbLLaJfcQPq1H0nlHZqgDgAYYW6cKo3ejbUq-baeOw-LrcP57OQedTMPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ASkJ3FY4k6RtgXTsXFoDq-OlcjW2DRrrrd4w8lVQDX8CnsbLLaJfcQPq1H0nlHZqgDgAYYW6cKo3ejbUq-baeOw-LrcP57OQedTMPg&google_hm=MjUxNTc5ODIwMDI5NDU0MDIxOA==

Request Chain 541

https://ad.turn.com/r/cs?pid=3&google_gid=CAESECtCFgYAZYJ1ZTh0vGMaoBE&google_cver=1&google_push=ASkJ3FayFWOdvOWPFZPI34QPDw-oUgYAqqj8RP1k7Ni_klVeNV0PwEhv3UB2WQQ6o7dJuTn5nhrIJ3j10q_KZM8yKhZ2YNhpjC9O HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzA4MTEzMDA1NjA2MTI4Mjk1Nw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECtCFgYAZYJ1ZTh0vGMaoBE&google_cver=1

Request Chain 542

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEBAjLX_zMbB_shqTFYutw7Q&google_cver=1&google_push=ASkJ3FanlJA9GBX4CRDvllalbwpez98gE-4-hYEuvxgJbN8r6lSFwTE9Kvib1cCccSJtVFS2WKumPuZ2qIuAatU0NfxDWof-SFLI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=KVNjkNBtRgCbp8uy5Yp3Yw&google_push=ASkJ3FanlJA9GBX4CRDvllalbwpez98gE-4-hYEuvxgJbN8r6lSFwTE9Kvib1cCccSJtVFS2WKumPuZ2qIuAatU0NfxDWof-SFLI

Request Chain 543

https://um.simpli.fi/gp_match?google_gid=CAESEDN7qs1HiHws2LhZlrALxCw&google_cver=1&google_push=ASkJ3FZ4Nv964z0rfvdyGzEDs_otgMHAzhKDJOGUlJl9xPFjtYWxi9YWCspTGefikY4D7IXnXcDlZ6r_AAVb-ljDyZEmHU1dLko HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=61F61CA7EF004EFC9293008926BEC4F4&google_push=ASkJ3FZ4Nv964z0rfvdyGzEDs_otgMHAzhKDJOGUlJl9xPFjtYWxi9YWCspTGefikY4D7IXnXcDlZ6r_AAVb-ljDyZEmHU1dLko

Request Chain 545

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_cver=1&google_push=ASkJ3FaA2FTjXmsbSw6JECB3Q4V5HrGoDfx9HwHU6E8WXVY1Mkyn_Q4ZW47S5QjJKfO6j99KcwkgUM3h5-Cbs8sFVtRq3OlJ8BkA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_push=ASkJ3FaA2FTjXmsbSw6JECB3Q4V5HrGoDfx9HwHU6E8WXVY1Mkyn_Q4ZW47S5QjJKfO6j99KcwkgUM3h5-Cbs8sFVtRq3OlJ8BkA&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&google_nid=index&google_push=ASkJ3FaA2FTjXmsbSw6JECB3Q4V5HrGoDfx9HwHU6E8WXVY1Mkyn_Q4ZW47S5QjJKfO6j99KcwkgUM3h5-Cbs8sFVtRq3OlJ8BkA

Request Chain 546

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDjYtZ6OkxenSXkZp0_DhzI&google_cver=1&google_push=ASkJ3FZJS4KZR6sHxSpH0_0dPMEumsZq1ukFNQrLG9LKjKvSE-FXjLjipai4jYfO5qsbDx_CnhavkDf8VVwQ7RyHzll_ibP99vCM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ASkJ3FZJS4KZR6sHxSpH0_0dPMEumsZq1ukFNQrLG9LKjKvSE-FXjLjipai4jYfO5qsbDx_CnhavkDf8VVwQ7RyHzll_ibP99vCM

Request Chain 547

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEDjYtZ6OkxenSXkZp0_DhzI&google_cver=1&google_push=ASkJ3FaKYCeGZWo_9MW2bkop6qOK4OujTo6HC_NbY2v4OjuwHhieWytv0hcjfcAWsnSkCKO6srJm2TXrwRSutNronoR3nk89m2AbCQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ASkJ3FaKYCeGZWo_9MW2bkop6qOK4OujTo6HC_NbY2v4OjuwHhieWytv0hcjfcAWsnSkCKO6srJm2TXrwRSutNronoR3nk89m2AbCQ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 566

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Frtb.adxpremium.services%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 303
https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402

Request Chain 574

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Frtb.adxpremium.services%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 303
https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402

Request Chain 584

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Frtb.adxpremium.services%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 303
https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402

Request Chain 598

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Y5DQceE0XKBdV2CiUqb5dAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGJrOi3iaLADtj6wzGaeCl8&google_cver=1

Request Chain 599

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_cver=1

Request Chain 600

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&dcc=t

Request Chain 602

https://csync.loopme.me/?redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=&gdpr_consent= HTTP 307
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=9ccf0cb2-7a2e-4686-abca-42859a6e2ac4&us_privacy=null&gdpr_consent=null&gdpr=null

Request Chain 603

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=a87ace9d-56a0-90a0-9b05e78b

Request Chain 605

https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=2515798200294540218

Request Chain 607

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8500468887705390744

Request Chain 608

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3081130056061282957

Request Chain 609

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://pr-bh.ybp.yahoo.com/sync/casale/Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB

Request Chain 610

https://match.prod.bidr.io/cookie-sync/ie HTTP 303
https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1 HTTP 303
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAJPdE7HIaEAACDlfaui4Q&expiration=1671644531

Request Chain 611

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138?gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138

Request Chain 612

https://c1.adform.net/serving/cookie/match?party=29 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=5084446025291268402&expiration=1671644531

Request Chain 613

https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=

Request Chain 614

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=61F61CA7EF004EFC9293008926BEC4F4

Request Chain 616

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8500468887705390744

Request Chain 617

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=29536390-d06d-4600-9ba7-cbb2e58a7763

Request Chain 618

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://pr-bh.ybp.yahoo.com/sync/casale/Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB

Request Chain 619

https://match.prod.bidr.io/cookie-sync/ie HTTP 303
https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1 HTTP 303
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAG0xE7HIaEAACBpgdIPyg&expiration=1671644531

Request Chain 620

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=18e8e313-cb29-f8cf-81279325

Request Chain 621

https://x.bidswitch.net/sync?ssp=index HTTP 302
https://ads.avads.net/sync/bsw?bidswitch_ssp_id=index&bidswitch_param=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=352&user_id=2ce4454c-7402-447f-ae4c-9aec278cb0bd&expires=2&ssp=index&bsw_param=dac85cfd-3846-4399-8517-b216496d2bad HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent=

Request Chain 622

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1 HTTP 302
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=&knw=0 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

Request Chain 631

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&dcc=t

Request Chain 632

https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MmQ2YTYyYTZmZWY1MmI0NmZiZmQwOGExNDkxZGU3ZTYyMWIyMDU0MA&gdpr=1

Request Chain 633

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEFyMrA-TicZlum9vDu1him8&google_cver=1

Request Chain 634

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&dcc=t

Request Chain 635

https://token.rubiconproject.com/token?pid=25470&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJEWFRSTE8tMUEtQUJaOA==&gdpr=1

Request Chain 637

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/4QnCJ8o8wFiICT2BzlHTfMn5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=1 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-NpTbiilE2oIS6ghm7uf5QNpawnRPKsEvStcIFg--~A

Request Chain 638

https://token.rubiconproject.com/token?pid=36584&gdpr=1 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LBDXTRLO-1A-ABZ8&gdpr=1

Request Chain 639

https://bbnaut.ibillboard.com/match/AdScale?partneruid=79de0293a7214c759e7d5acf33c1f5ff&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID HTTP 302
https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?tpid=101&tpuid=BBID-01-03451489316424477-16781436

Request Chain 640

https://bbnaut.ibillboard.com/match/AdScale?partneruid=79de0293a7214c759e7d5acf33c1f5ff&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID HTTP 302
https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?tpid=101&tpuid=BBID-01-03451489317058191-16781436

Request Chain 641

https://bbnaut.ibillboard.com/match/AdScale?partneruid=79de0293a7214c759e7d5acf33c1f5ff&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID HTTP 302
https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?tpid=101&tpuid=BBID-01-03451489317670341-16781436

Request Chain 642

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=edc84e659aac3bd5ab4f7c0a610b9e7c4aa4cdc46c9beb290da93bae40c996ad&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138

Request Chain 643

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=edc84e659aac3bd5ab4f7c0a610b9e7c4aa4cdc46c9beb290da93bae40c996ad&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138

Request Chain 644

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=edc84e659aac3bd5ab4f7c0a610b9e7c4aa4cdc46c9beb290da93bae40c996ad&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138

Request Chain 645

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=2c65de9d0abcc71fa5ca12c147c4d68466e4dcf1fae8e882dfc6480d87495196&tpid=108&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

Request Chain 646

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=2c65de9d0abcc71fa5ca12c147c4d68466e4dcf1fae8e882dfc6480d87495196&tpid=108&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

Request Chain 647

https://track.adform.net/serving/cookie/match/?party=9&uid=e3c048e41bd6e6caf2773882fa98197e4e1baa95f5a1d46d0627aa35a98205bb&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?tpid=42&tpuid=5084446025291268402

Request Chain 648

https://track.adform.net/serving/cookie/match/?party=9&uid=e3c048e41bd6e6caf2773882fa98197e4e1baa95f5a1d46d0627aa35a98205bb&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?tpid=42&tpuid=5084446025291268402

Request Chain 649

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=ca162b240dfc498361527012b9bc744aaaf38aed274eac8617d78c7672678b5e&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211

Request Chain 650

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=ca162b240dfc498361527012b9bc744aaaf38aed274eac8617d78c7672678b5e&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211

Request Chain 651

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=2c65de9d0abcc71fa5ca12c147c4d68466e4dcf1fae8e882dfc6480d87495196&tpid=108&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

Request Chain 652

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=391159c8074520fd337330b1027348197ba3fabe81581eb63dfe34355c7d1ac5&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

Request Chain 653

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=391159c8074520fd337330b1027348197ba3fabe81581eb63dfe34355c7d1ac5&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

Request Chain 654

https://track.adform.net/serving/cookie/match/?party=9&uid=e3c048e41bd6e6caf2773882fa98197e4e1baa95f5a1d46d0627aa35a98205bb&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?tpid=42&tpuid=5084446025291268402

Request Chain 655

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google_cver=1

Request Chain 656

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google_cver=1

Request Chain 657

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=ca162b240dfc498361527012b9bc744aaaf38aed274eac8617d78c7672678b5e&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211

Request Chain 658

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=391159c8074520fd337330b1027348197ba3fabe81581eb63dfe34355c7d1ac5&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

Request Chain 659

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fjs HTTP 302
https://tracking-a.dsp.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fjs&checkcookies=true HTTP 302
https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/js?tpid=48&tpuid=cf2387a8abe2000bb4e00b2ca89a9542

Request Chain 660

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fjs HTTP 302
https://tracking-a.dsp.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fjs&checkcookies=true HTTP 302
https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/js?tpid=48&tpuid=30d7fdeea37790599131c56082559596

Request Chain 661

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fimg HTTP 302
https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google_cver=1

Request Chain 662

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fjs HTTP 302
https://tracking-a.dsp.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fjs&checkcookies=true HTTP 302
https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/js?tpid=48&tpuid=37b9b4039961fb0ff0c37be0a46464b6

669 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud Show response
kroonika.delfi.ee/artikkel/120110364/ 723 KB
124 KB 114ms
33ms Document
text/html 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy2.delfi.ee

Software

DWS /

Resource Hash

ce048ff4460e839cd6adbce76d20e978fc2a7b0c24c3db950bf8e9743b37dd27

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://*.delfi.ee
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 289
content-encoding: gzip
content-length: 126447
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://*.delfi.ee
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 17:37:12 GMT
server: DWS
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-envoy-upstream-service-time: 343

GET
H2 200 inter.css
g.delfi.ee/portalcore/fonts/inter/ 5 KB
900 B 78ms
58ms Stylesheet
text/css 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 6b80602adff90338777660352c19a01224ee11ee235dd49ebcd908bf7f3e1a09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 07:51:23 GMT
server: DWS
age: 29265
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 714
expires: Fri, 23 Dec 2022 09:33:17 GMT

GET
H2 200 playfair-display.css
g1.nh.ee/fonts/playfair-display/ 6 KB
685 B 119ms
32ms Stylesheet
text/css 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nh.ee/fonts/playfair-display/playfair-display.css
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 93017475e5db031ecb307e0d1f1dd29e86424a736f090fffc567022e781162b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:31:40 GMT
content-encoding: gzip
last-modified: Thu, 10 Mar 2022 07:28:23 GMT
server: DWS
age: 29421
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 499
expires: Fri, 23 Dec 2022 09:29:45 GMT

GET
H2 200 roboto.css
g1.nh.ee/fonts/roboto/ 7 KB
743 B 118ms
31ms Stylesheet
text/css 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nh.ee/fonts/roboto/roboto.css
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 46ab61748e150272aab5c0224e72d0c8a3c6df9f40277db62a52f9f7b02ee637

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:29 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 09:51:17 GMT
server: DWS
age: 29493
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 556
expires: Fri, 23 Dec 2022 09:29:44 GMT

GET
H2 200 kroonika-root-variables-css.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 3 KB
3 KB 119ms
35ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/kroonika-root-variables-css.css

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

1d3308d3664defa392100a7f7591e688732248bf6b1de5354c7e18bb1c7efc3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:00 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 64c0757f-ffd5-1fff-b630-9440c9b75b50
age: 1
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 3330

GET
H2 200 main-root-styles.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 102 KB
102 KB 119ms
36ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/main-root-styles.css

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

e2528413d4b10519aae546fb2e84506b0a698aaad34dcc5aafafbdf08aa6703c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:39 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: af061c2a-f229-1fff-9eee-040973e279e8
age: 22
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 104491

GET
H2 200 / Show response
g.delfi.ee/scms/ 92 KB
33 KB 75ms
58ms Script
application/x-javascript 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/scms/?g=j
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 39235861d9bc9a21651d032048c05298d7018a1a70de913b10fd48902e0cd339

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:01 GMT
content-encoding: gzip
last-modified: Wed, 25 Nov 2015 13:19:47 GMT
server: DWS
age: 0
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=1800
accept-ranges: bytes
content-length: 33447
expires: Wed, 07 Dec 2022 18:12:01 GMT

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ 59 KB
25 KB 111ms
20ms Script
application/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8d3b4694f2e7d6dcf5af611841acb794ed26ec7efc51ad0fe332a89ab3953074

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:02 GMT
content-encoding: gzip
last-modified: Mon, 21 Nov 2022 11:50:07 GMT
server: nginx
x-amz-request-id: tx000009c67c493cf98fac1-00637b6786-32940f80-default
etag: W/"5fae11bd8facb45d9707cd5617753542"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 / Show response
g.delfi.ee/scms/ 40 KB
11 KB 74ms
59ms Script
application/x-javascript 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/scms/?g=afp.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 34f366db74b3f0394bfef7413c8416176c7a06946ef5352bc97a7f8d4f19da71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:33:21 GMT
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 10:11:54 GMT
server: DWS
age: 29320
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=1800
accept-ranges: bytes
content-length: 11482
expires: Wed, 07 Dec 2022 10:03:21 GMT

GET
H2 200 / Show response
g.delfi.ee/scms/ 3 KB
1 KB 73ms
59ms Script
application/x-javascript 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/scms/?g=topbar
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 128fe826f7377e487b7bf20d8a42b8f6c5acdb47def31508215d4e2a92a4e3a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:00 GMT
content-encoding: gzip
last-modified: Thu, 19 Dec 2019 07:46:40 GMT
server: DWS
age: 1
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=1800
accept-ranges: bytes
content-length: 1288
expires: Wed, 07 Dec 2022 18:12:00 GMT

GET
H2 200 c.js Show response
g1.nh.ee/js/ 698 B
630 B 114ms
32ms Script
application/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nh.ee/js/c.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 859ca09d35e47fed4262ed3230d408da83dc76731555d4a22663f8f54ab61b60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:16 GMT
content-encoding: gzip
last-modified: Thu, 13 Sep 2018 07:36:30 GMT
server: DWS
age: 29505
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 430
expires: Fri, 23 Dec 2022 09:29:44 GMT

GET
H/1.1 200
OK track_banners_init.js Show response
cdn.cxense.com/ 22 KB
6 KB 111ms
32ms Script
application/x-javascript 2a02:26f0:6c00:2bf::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/track_banners_init.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bf::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 528aa7f04513aa2d4ebac4dd0ef1e6d516673e863d62978ce1d4ac3403c57e0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Oct 2022 13:50:11 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6082
Expires: Wed, 07 Dec 2022 18:42:02 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
49 KB 199ms
120ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70f963c170ffa95c3c80d356973c4cf1fbc09c77e3a2d6de736e8dab00d6e49e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49361
x-xss-protection: 0
server: cafe
etag: 14480574376549961704
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 07 Dec 2022 17:42:02 GMT

GET
H2 200 runtime.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 8 KB
9 KB 204ms
125ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

2d0746ce1aec88d9be2d5458e94d180bff3235d6078d3a70ccc61c0a4e039423

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:45 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 96077c80-ffac-1fff-b454-9440c9becf54
age: 16
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 8528

GET
H2 200 app.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/commons/ 283 KB
284 KB 204ms
126ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/commons/app.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

bb3684ef7266f022db69060a75fa243a86e86dcf539820c520854d3ae5f8b737

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:41 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 94e1a0b7-ffae-1fff-961f-9440c9b71b40
age: 21
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 290051

GET
H2 200 app.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/ 882 KB
883 KB 235ms
158ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

17ae394bd965ee82cef7b085f5b7232cc26060988938b5d690a24339d1df3d18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:44 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 1db5299a-0830-1f3b-ba66-b8830381bef0
age: 17
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 903331

GET
H2 200 app.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 148 KB
148 KB 174ms
97ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.css

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

b711fcb1b4e8723829821f9e8cc508ddb8b0a55623bc3b47a450941a72c81d9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:42 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: eeadea87-41cd-1fb8-bce1-b8830381eeb0
age: 20
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 151559

GET
H2 200 app.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 863 KB
864 KB 238ms
163ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

c13284274710542c09b0d6c39e6fb7162bb7944a5317cd547925634c5f073a69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:42 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 96077a54-ffac-1fff-b454-9440c9becf54
age: 20
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 883726

GET
H2 200 ArticleBase.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ 338 B
549 B 233ms
158ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ArticleBase.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

b8fd48d8c0ed5817c939e37f573fe2d0638cc09f78623b2c551b9558505bf724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:45 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: eeadeb41-41cd-1fb8-bce1-b8830381eeb0
age: 16
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 338

GET
H2 200 Article.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ 4 KB
4 KB 236ms
162ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Article.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

6eb941bb31208b3eebc8182d024522793e98e421df67a8aacd5c58b2fb34e9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:40 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: c905e201-6e8c-1f9e-957f-9440c9b7a930
age: 22
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 3612

GET
H2 200 Issue.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Article/page/ 18 KB
18 KB 167ms
93ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Article/page/Issue.css

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

22f080b023be7a0cbc680fc6557813565dee0240af572361699b781ed7bc3cec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:48 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: eeadeb6b-41cd-1fb8-bce1-b8830381eeb0
age: 14
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 18355

GET
H2 200 Issue.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Article/page/ 107 KB
107 KB 232ms
159ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Article/page/Issue.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

25beacf40e60bd82db3bf5bdedf1c02926b2d90cedb3e4de012c3be7c4e14560

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:39 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 95f026bc-8aa2-1fe6-84c1-9440c9b74b80
age: 22
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 109169

GET
H2 200 ArticlePaywall.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 5 KB
5 KB 198ms
126ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ArticlePaywall.css

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

1559afe99a3b418b574da30c159bd0216b3bfec5d234a57918aa92585d6db63a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:19 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 4e2111b2-3082-1fec-a8df-9440c97bf980
age: 42
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 4746

GET
H2 200 ArticlePaywall.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 13 KB
13 KB 232ms
160ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ArticlePaywall.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

fb856ae545a76edae74c29c335663cf347bb52dcbb01fd6c2b73fc69e4d43add

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:36 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 1db52800-0830-1f3b-ba66-b8830381bef0
age: 26
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 13412

GET
H2 200 63.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 3 KB
3 KB 169ms
98ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/63.css

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

a9ac6046f8cce32bde5238fada9a022744bb9ade5f0a66a80d26174a11cf92e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:51 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 339592ca-284f-1ffd-b67f-9440c9b71b30
age: 11
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 2698

GET
H2 200 63.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 3 KB
3 KB 227ms
156ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/63.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

b95e80d32878064e552e0065b9dcb0976935ff1de538a06ce1efab1ad8476dca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:18 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 94e19ae7-ffae-1fff-961f-9440c9b71b40
age: 44
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 3150

GET
H2 200 kroonika-ua2.svg
h.delfi.ee/g/l/svg/ 5 KB
2 KB 41ms
33ms Image
image/svg+xml 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h.delfi.ee/g/l/svg/kroonika-ua2.svg
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 3d67c9582414f61f43a63b5da977376c2f07d8315af2d6c700cc0374d5539bc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:21:58 GMT
content-encoding: gzip
last-modified: Mon, 18 Apr 2022 13:32:19 GMT
server: DWS
age: 1203
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 2336
expires: Fri, 02 Dec 2022 09:33:17 GMT

GET
H2 200 2XSIWZ_home-v2.svg
g1.nh.ee/wd/f/16537/ 1 KB
821 B 32ms
32ms Image
image/svg+xml 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g1.nh.ee/wd/f/16537/2XSIWZ_home-v2.svg
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: cdd9258e1dff12b31b6033b9062f211ca59beba17e118ad46d2363b376b213d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:49:17 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 12:45:44 GMT
server: DWS
age: 3164
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 628
expires: Fri, 23 Dec 2022 09:29:44 GMT

GET
H2 200 KJ2QRM_home-active-v2.svg
g1.nh.ee/wd/f/16537/ 627 B
551 B 32ms
31ms Image
image/svg+xml 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g1.nh.ee/wd/f/16537/KJ2QRM_home-active-v2.svg
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 6f60b024b9991c6c8235adc277353ad6624bfa4f2c3384e1ee1e107131dcb5de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:49:17 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 12:45:44 GMT
server: DWS
age: 3164
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 358
expires: Fri, 23 Dec 2022 09:29:44 GMT

GET
H2 200 Inter-Regular.woff2
g.delfi.ee/portalcore/fonts/inter/ 98 KB
98 KB 103ms
37ms Font
font/woff2 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/portalcore/fonts/inter/Inter-Regular.woff2?v=3.11
Requested by: Host: g.delfi.ee
URL: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 77677cd3d62f53fce403b743c6ab0dfacf6109cfa5f2c511a57b0779222c76de

Request headers

Referer: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:47 GMT
last-modified: Fri, 28 Feb 2020 08:54:54 GMT
server: DWS
age: 15
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 100088
expires: Fri, 23 Dec 2022 09:33:16 GMT

GET
H2 200 Inter-SemiBold.woff2
g.delfi.ee/portalcore/fonts/inter/ 105 KB
105 KB 163ms
97ms Font
font/woff2 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/portalcore/fonts/inter/Inter-SemiBold.woff2?v=3.11
Requested by: Host: g.delfi.ee
URL: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: e9bb1331830a18e2504d966f1fa931e711cad726e454722f324d63534cec97d9

Request headers

Referer: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:34 GMT
last-modified: Fri, 28 Feb 2020 08:54:54 GMT
server: DWS
age: 28
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 107184
expires: Fri, 23 Dec 2022 09:33:16 GMT

GET
H2 200 Inter-Bold.woff2
g.delfi.ee/portalcore/fonts/inter/ 105 KB
105 KB 164ms
98ms Font
font/woff2 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/portalcore/fonts/inter/Inter-Bold.woff2?v=3.11
Requested by: Host: g.delfi.ee
URL: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 20fd98b18d523471ae687971086817766649ce25f32e438d14711561a95bc9e9

Request headers

Referer: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:34 GMT
last-modified: Fri, 28 Feb 2020 08:54:54 GMT
server: DWS
age: 28
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 107300
expires: Fri, 23 Dec 2022 09:33:16 GMT

GET
H2 200 Inter-Medium.woff2
g.delfi.ee/portalcore/fonts/inter/ 104 KB
104 KB 158ms
93ms Font
font/woff2 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/portalcore/fonts/inter/Inter-Medium.woff2?v=3.11
Requested by: Host: g.delfi.ee
URL: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: a3878d7a4119b2c2112f6cf5bb937b5ba10644b615e0ffe8bd202d68f04b5bab

Request headers

Referer: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:34 GMT
last-modified: Fri, 28 Feb 2020 08:54:54 GMT
server: DWS
age: 28
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 106680
expires: Fri, 23 Dec 2022 09:33:16 GMT

GET
H2 200 roboto-v29-latin-ext_latin_cyrillic-900.woff2
g1.nh.ee/fonts/roboto/ 49 KB
49 KB 101ms
31ms Font
font/woff2 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nh.ee/fonts/roboto/roboto-v29-latin-ext_latin_cyrillic-900.woff2
Requested by: Host: g1.nh.ee
URL: https://g1.nh.ee/fonts/roboto/roboto.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 061fb6f2a3fc5bbee2d0f8f7ba2c3e8842519cea2d35fde999769c8d775fe4cc

Request headers

Referer: https://g1.nh.ee/fonts/roboto/roboto.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:40:51 GMT
last-modified: Wed, 23 Feb 2022 07:47:34 GMT
server: DWS
age: 71
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 49952
expires: Fri, 23 Dec 2022 09:29:44 GMT

GET
H2 200 roboto-v29-latin-ext_latin_cyrillic-regular.woff2
g1.nh.ee/fonts/roboto/ 49 KB
49 KB 190ms
120ms Font
font/woff2 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nh.ee/fonts/roboto/roboto-v29-latin-ext_latin_cyrillic-regular.woff2
Requested by: Host: g1.nh.ee
URL: https://g1.nh.ee/fonts/roboto/roboto.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 659a8dee04b272c247129ff6513d23c16f4f9c183b5d64e7347815af8861a2a4

Request headers

Referer: https://g1.nh.ee/fonts/roboto/roboto.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:39:59 GMT
last-modified: Wed, 23 Feb 2022 07:47:34 GMT
server: DWS
age: 123
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 50240
expires: Fri, 23 Dec 2022 09:29:44 GMT

GET
H2 200 roboto-v29-latin-ext_latin_cyrillic-700.woff2
g1.nh.ee/fonts/roboto/ 49 KB
49 KB 192ms
122ms Font
font/woff2 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nh.ee/fonts/roboto/roboto-v29-latin-ext_latin_cyrillic-700.woff2
Requested by: Host: g1.nh.ee
URL: https://g1.nh.ee/fonts/roboto/roboto.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: be54ac8b9843afcd92dea7b3e72306efec71ba3b6365f679f179c7ca4a0aea9f

Request headers

Referer: https://g1.nh.ee/fonts/roboto/roboto.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:38:28 GMT
last-modified: Wed, 23 Feb 2022 07:47:34 GMT
server: DWS
age: 214
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 50196
expires: Fri, 23 Dec 2022 09:29:44 GMT

GET
H2 200 roboto-v29-latin-ext_latin_cyrillic-500.woff2
g1.nh.ee/fonts/roboto/ 49 KB
49 KB 131ms
61ms Font
font/woff2 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nh.ee/fonts/roboto/roboto-v29-latin-ext_latin_cyrillic-500.woff2
Requested by: Host: g1.nh.ee
URL: https://g1.nh.ee/fonts/roboto/roboto.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: ee7e4a24daafdb8c937da249dc9bf3786eb966f53cbcb436a950e49298e8da75

Request headers

Referer: https://g1.nh.ee/fonts/roboto/roboto.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:38:23 GMT
last-modified: Wed, 23 Feb 2022 07:47:34 GMT
server: DWS
age: 218
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 50460
expires: Fri, 23 Dec 2022 09:29:44 GMT

GET
H2 200 Inter-Italic.woff2
g.delfi.ee/portalcore/fonts/inter/ 105 KB
105 KB 123ms
67ms Font
font/woff2 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/portalcore/fonts/inter/Inter-Italic.woff2?v=3.11
Requested by: Host: g.delfi.ee
URL: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 54b81f9de5a85c8755771be7b864d44851b36c46faccf7d7edf8d2a4df0a4c54

Request headers

Referer: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:34 GMT
last-modified: Fri, 28 Feb 2020 08:54:54 GMT
server: DWS
age: 28
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 107368
expires: Fri, 23 Dec 2022 09:33:16 GMT

GET
H2 200 8a7d7f80-7638-11ed-972b-51e8387e0386.jpg
api.delfi.ee/media-api-image-cropper/v1/ 66 KB
67 KB 50ms
41ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/8a7d7f80-7638-11ed-972b-51e8387e0386.jpg?noup&w=1200&h=711
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 5096e1f9406ce465812de1d084f51d82dc84dc12d4ff85f50e4406c61d7cb99d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:01:53 GMT
server: DWS
age: 2408
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 168
accept-ranges: bytes
content-length: 68051

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/ 356 KB
117 KB 98ms
97ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5295995486288553&plah=kroonika.delfi.ee&bust=31071168

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48db58cd04b65773df8abaa5d2621d22ccb9bd68624ad2801e5b3812a6c695ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119979
x-xss-protection: 0
server: cafe
etag: 2785878209715271155
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 07 Dec 2022 17:42:03 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221129/r20190131/ Frame F2E7 10 KB
5 KB 114ms
35ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221129/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37023
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 07:25:00 GMT
etag: 10353107486223812946
expires: Wed, 21 Dec 2022 07:25:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 cookie Show response
api.delfi.ee/login/v2/ 31 B
591 B 42ms
42ms XHR
application/json 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://api.delfi.ee/login/v2/cookie

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy2.delfi.ee

Software

DWS /

Resource Hash

257ee1e2ce38b9c99ba80cc4e2608f0597ff4fb6e7831aa6a5822270826466df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
x-correlation-id: 5985b793-42cd-497e-8df8-659afb2a2825
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 17:42:02 GMT
x-permitted-cross-domain-policies: none
age: 0
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 6
content-length: 31
x-xss-protection: 0
referrer-policy: no-referrer
server: DWS
expect-ct: max-age=0
vary: Origin, Accept-Encoding
x-download-options: noopen
access-control-allow-origin: https://kroonika.delfi.ee
access-control-expose-headers: set-cookie
cache-control: no-store
access-control-allow-credentials: true
content-type: application/json; charset=utf-8

GET
H2 200 Issue.css
ee-production-portal-root-3dc.s3.delfi.net/1.0.67/page/Article/page/ 18 KB
18 KB 138ms
33ms Stylesheet
text/css 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.net/1.0.67/page/Article/page/Issue.css

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy2.delfi.ee

Software

DWS /

Resource Hash

22f080b023be7a0cbc680fc6557813565dee0240af572361699b781ed7bc3cec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:24 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 3df52c57-ff6f-1fff-b725-9440c97bf970
age: 38
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 18355

GET
H2 200 api.js Show response
apis.google.com/js/ 17 KB
7 KB 136ms
51ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ad7ec445c350e3df6db55480ecea6e0307a0c6848efabfa53034f3c46f774bf

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 17:42:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6892
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "c415cca8db9a84a4"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Dec 2022 17:42:03 GMT

GET
H/1.1 200
OK appleid.auth.js Show response
appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/ 42 KB
17 KB 114ms
7ms Script
application/javascript 104.111.230.79
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.79 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-79.deploy.static.akamaitechnologies.com

Software

Apple /

Resource Hash

60e60bf2583cf7444b00a4b0b8d46de5fd5816f768fc72fd71c643357132df69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Wed, 07 Dec 2022 17:42:03 GMT
Last-Modified: Fri, 18 Nov 2022 15:47:44 GMT
Server: Apple
ETag: W/"42671-1668786464814"
Vary: accept-encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400,stale-while-revalidate=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17247

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 383 B
692 B 133ms
48ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=kroonika.delfi.ee&callback=_gfp_s_&client=ca-pub-5295995486288553&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5295995486288553&plah=kroonika.delfi.ee&bust=31071168

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb24b714b6d049bb1649e0037fe7a13db3d491e83a843d0512bb8ae7e7282cce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 156ms
51ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=kroonika.delfi.ee

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 154ms
49ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kroonika.delfi.ee

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5864 0
19 B 168ms
88ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5295995486288553&output=html&adk=1812271804&adf=3025194257&lmt=1670434923&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670434922996&bpp=3&bdt=612&idt=251&shv=r20221129&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4787487231949&frm=20&pv=2&ga_vid=879261953.1670434923&ga_sid=1670434923&ga_hid=562613694&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777876%2C42531848%2C44778780%2C31071168&oid=2&pvsid=3411371172332950&tmod=1001134465&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=270

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:03 GMT
expires: Wed, 07 Dec 2022 17:42:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 portal-root-et_EE-json.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 9 KB
9 KB 37ms
36ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/portal-root-et_EE-json.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

982af4005e04d45dfea9ad1798326202180f5272eaf287fddd693d888ee64b94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:55 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 3df534cb-ff6f-1fff-b725-9440c97bf970
age: 7
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 9309

GET
H2 200 portal-core-et_EE-json.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 432 B
642 B 37ms
37ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/portal-core-et_EE-json.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

761666601d90e2e64917999f7ee900cb3c3947ca931640f717087b0ef44b7908

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:55 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: af062186-f229-1fff-9eee-040973e279e8
age: 7
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 432

GET
H2 200 portal-paywall-et_EE-json.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 2 KB
2 KB 37ms
37ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/portal-paywall-et_EE-json.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

a8e569c6b142749ede87864a02062dde19cfe144468d5736991b01b8bdbce3e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:58 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 3df53669-ff6f-1fff-b725-9440c97bf970
age: 5
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 1768

GET
H2 200 portal-login-et_EE-json.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 4 KB
4 KB 45ms
45ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/portal-login-et_EE-json.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

b36ca1976b0e00e95a8548ec6642e81363f0b532b13c65e6f1e0cb2e9fe30190

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:53 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 3df5342b-ff6f-1fff-b725-9440c97bf970
age: 10
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 4330

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.K9Su0nk3cW8.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8btnHqwUVabznuJubPHkJyYc6kxA/ 307 KB
104 KB 118ms
39ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.K9Su0nk3cW8.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8btnHqwUVabznuJubPHkJyYc6kxA/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d9f853f94d3929dc801d1c0826d6d038d0df0f1188e36e7fd3c2450facde25d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 23:40:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 583264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106498
x-xss-protection: 0
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Nov 2023 23:40:59 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 72ms
29ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 432
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 775f0e3fe8099186-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 10 Dec 2022 17:42:03 GMT

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 283 KB
68 KB 57ms
39ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 434
etag: W/"2f96824aee4bf927e734cc519e3e726d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 775f0e403e0cbb62-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 10 Dec 2022 17:42:03 GMT

POST
H2 200 get-server-cookie Show response
kroonika.delfi.ee/api/ 37 B
211 B 49ms
49ms XHR
application/json 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://kroonika.delfi.ee/api/get-server-cookie
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: f42c0f8f346250ff215abbf141f82ce17d469f20bb5f38f7a0bc234060ae7b6f

Request headers

Accept: application/json, text/plain, */*
Referer: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: gzip
x-envoy-upstream-service-time: 5
server: DWS
age: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8

POST
H2 200 get-server-cookie Show response
kroonika.delfi.ee/api/ 37 B
211 B 44ms
43ms XHR
application/json 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://kroonika.delfi.ee/api/get-server-cookie
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: f42c0f8f346250ff215abbf141f82ce17d469f20bb5f38f7a0bc234060ae7b6f

Request headers

Accept: application/json, text/plain, */*
Referer: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: gzip
x-envoy-upstream-service-time: 4
server: DWS
age: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 article_extra.php Show response
www.delfi.ee/misc/common/pc/ 23 KB
5 KB 45ms
36ms XHR
application/json 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://www.delfi.ee/misc/common/pc/article_extra.php?ch=65&v3=1
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: ffbb64073b4dcdf325e6e40a546b7507fbb21f62619904138858263cb23c36d0

Request headers

Accept: application/json, text/plain, */*
Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:43 GMT
content-encoding: gzip
server: DWS
age: 20
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
accept-ranges: bytes
content-length: 4482

GET
H/1.1 200
OK data Show response
api.cxense.com/public/widget/ 14 KB
7 KB 53ms
19ms XHR
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/public/widget/data?json=%7B%22widgetId%22:%22c79f05835450087f425ff84e2e65469ea13e29f5%22%7D&widgetId=c79f05835450087f425ff84e2e65469ea13e29f5&callback=cXJsonpCB1670434923645

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

c9ebb96845fcdc72ea695b71a3416e53c34781cc91621accc04f1a8325427e80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: Jetty(9.4.28.v20200408)
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-length: 6265
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 64.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 501 B
698 B 34ms
33ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/64.css

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

97a4a8476d4d4e21d113d55fbaaadb00f21faa1894de781ec57ce936858044e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:23 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 3df52c4b-ff6f-1fff-b725-9440c97bf970
age: 39
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 501

GET
H2 200 64.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 758 B
969 B 33ms
33ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/64.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

ceef230b59267f1a70ffbb6e8085c8cce69a932eb17bdbfbb5c5a40f52cedd6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:11 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 4fa048c6-6b76-1fce-8e46-b88303829368
age: 51
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 758

GET
H2 200 61.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 3 KB
3 KB 33ms
33ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/61.css

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

5bbfe1c20fcae5fe45703a6de26cbf59d1feba312d4545b9dd36c4c8e8f6ba6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:46 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 1db52a32-0830-1f3b-ba66-b8830381bef0
age: 17
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 3170

GET
H2 200 61.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/ 12 KB
12 KB 33ms
33ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/61.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

48c5da8c49790abf28b9659668be4bc5326c318805a7d1c64689fe091f9a6bb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:33 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:16 GMT
server: DWS
x-amz-request-id: 95f0262a-8aa2-1fe6-84c1-9440c9b74b80
age: 30
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 12423

GET
H2 200 graphql Show response
api.delfi.ee/content/v3/ 34 KB
34 KB 35ms
34ms Fetch
application/json 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://api.delfi.ee/content/v3/graphql?operationName=portal_root_getMostReadArticles&variables=%7B%22getCount%22%3Afalse%2C%22issueOnly%22%3A%22false%22%2C%22viewsSince%22%3A%22SINCE_24_HOURS%22%2C%22limit%22%3A10%2C%22domain%22%3A%22kroonika.delfi.ee%22%7D&extensions=%7B%22persistedQuery%22%3A%7B%22version%22%3A1%2C%22sha256Hash%22%3A%22b3356d36a73629fdff383b534c5ea9664093fd74bb3a6a6367ec040ad9530148%22%7D%7D

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy2.delfi.ee

Software

DWS /

Resource Hash

68e8b50cae11cb5a69456286cb45cff2e2a26c729b234edc821ee447c140eb36

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: */*
Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
x-correlation-id: e677675a-59e7-44ab-a6b4-9c0f6d1f90ad
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 17:41:35 GMT
x-permitted-cross-domain-policies: none
x-tracking: 4454a97a82a56c0fc720238b1f4027d9
age: 42
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 8
content-length: 34614
x-xss-protection: 0
referrer-policy: no-referrer
server: DWS
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: preview, zlick-token, x-signature, Authorization, cache-token
x-download-options: noopen
access-control-allow-origin: *
content-type: application/json; charset=utf-8
cache-control: max-age=60, public
accept-ranges: bytes

OPTIONS
H2 204 graphql
api.delfi.ee/content/v3/ Frame 0
0 33ms
32ms Preflight
text/plain 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://api.delfi.ee/content/v3/graphql?operationName=portal_root_getMostReadArticles&variables=%7B%22getCount%22%3Afalse%2C%22issueOnly%22%3A%22false%22%2C%22viewsSince%22%3A%22SINCE_24_HOURS%22%2C%22limit%22%3A10%2C%22domain%22%3A%22kroonika.delfi.ee%22%7D&extensions=%7B%22persistedQuery%22%3A%7B%22version%22%3A1%2C%22sha256Hash%22%3A%22b3356d36a73629fdff383b534c5ea9664093fd74bb3a6a6367ec040ad9530148%22%7D%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://kroonika.delfi.ee
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization,Content-Type,Company-Code,Cookie,Cache-Control,Zlick-Token,X-Signature,Preview
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-expose-headers: Set-Cookie
access-control-max-age: 60
content-type: text/plain; charset=UTF-8
date: Wed, 07 Dec 2022 17:42:03 GMT
server: DWS
vary: Access-Control-Request-Headers,Origin

GET
H2 200 / Show response
adx.adform.net/adx/ Frame D496 1 KB
1 KB 103ms
27ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?mid=562978&mkw=channel_vue,channel_kroonika,logged_out,kroonika_article,article_120110364,category_91159439,kroonika_120110364,kroonika_mitmesugust,template_default&mkv=channel:kroonika,category:kroonika__mitmesugust,network:4g,screen_width:1600,screen_height:1200,locale:et_EE,position:pos_001,chn_pos:kroonika_001&adid=9dc66174-6f4a-4677-98bc-59fa92eca791

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e418a82810699953d2e90518dec847500c89fa15c55dd393966aed920b3ff62a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 114ms
35ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 17:24:40 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 1043
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 07 Dec 2022 19:24:40 GMT

GET
H2 200 / Show response
g.delfi.ee/scms/ 471 B
534 B 35ms
34ms Script
application/x-javascript 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/scms/?g=t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 46bfcc499b55652cd794cfe8e7cedf8c301f90784055eda4cc5ff77e1b2c8c98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:59 GMT
content-encoding: gzip
last-modified: Thu, 13 Sep 2018 07:36:30 GMT
server: DWS
age: 4
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=1800
accept-ranges: bytes
content-length: 324
expires: Wed, 07 Dec 2022 18:11:59 GMT

GET
H2 200 xgemius.js Show response
sgaee.hit.gemius.pl/ 64 KB
17 KB 108ms
28ms Script
application/x-javascript 146.59.21.56
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sgaee.hit.gemius.pl/xgemius.js
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.21.56 , France, ASN16276 (OVH, FR),
Reverse DNS: ip56.ip-146-59-21.eu
Software: GHC /
Resource Hash: 348b8db8642779d34e746afaa5d6e87d4a91311fe21bcb3404396b124618bd94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 11:36:49 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 17205
expires: Thu, 08 Dec 2022 05:42:03 GMT

GET
H2 200 t.js Show response
s.delfi.ee/ 8 KB
4 KB 113ms
42ms Script
application/javascript 20.54.110.135
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.delfi.ee/t.js?instanced
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.54.110.135 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: tracker /
Resource Hash: 034759a545e372f8668347d5b9c8c6f1b32f6fed8249ff6df729ffb019e0aaf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: gzip
server: tracker
etag: "gz+A0dZpUXjcvhmg0fVucjG8bMvb+2CSf9t9yn/sBngqvA="
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=3600
content-length: 3763

GET
H2 200 zwxr83yw.js Show response
l.getsitecontrol.com/ 433 B
1 KB 82ms
50ms Script
text/javascript 2400:52e0:1e00::713:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://l.getsitecontrol.com/zwxr83yw.js
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::713:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-713 /
Resource Hash: 578df5aea91ff2cc8fb30ed380cc68137bf9f92ad755cfeb73d1e1c0929953bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: br
cdn-edgestorageid: 1055
x-amz-request-id: D44HYPXK4KRG3AAH
cdn-cachedat: 12/07/2022 17:36:39
cdn-pullzone: 89704
x-amz-id-2: 23y53cWlrZRT7nSV7aw3FxVpHBdpR6H3ctWTjNtIsBjsKfjYCJtw6CPJQq9JeDXVGfYnU7eXbzc=
last-modified: Wed, 07 Dec 2022 08:37:13 GMT
server: BunnyCDN-DE1-713
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"5232d2f5c12245c7e979e08acff19adc"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: e3a1246b-2fdd-4153-9207-6ca707c9379d
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=86400
cdn-requestid: 77852bea8d3117c5831bfb0ea702a98f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 dhcdwcu0be Show response
www.clarity.ms/tag/ 1 KB
2 KB 151ms
98ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/dhcdwcu0be
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: d11cac4e3b5682896f1d2cacb1bb8dbb51ff5c0576ca093cd32ff2c226cedba3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-type: application/x-javascript
date: Wed, 07 Dec 2022 17:42:03 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0a9CQYwAAAADZYdC2NzvfRK0xcVwTuJnYRlJBMzFFREdFMDMwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H/1.1 200
OK cx.js Show response
scdn.cxense.com/ 107 KB
34 KB 104ms
34ms Script
application/x-javascript 2a02:26f0:6c00:2bf::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scdn.cxense.com/cx.js
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bf::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c81dcbfcda9318d5f8a090d0de11268066194a28159e3c058582022c60ef5b1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Dec 2022 05:42:00 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34695
Expires: Wed, 07 Dec 2022 18:42:03 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 27ms
9ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 07 Dec 2022 17:42:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27340
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 1lBZROB/jGovcR0mY07s2+A+tXhmOHm3WzkFS5VMBlT36JQNfRi+QONDEXH+xBl+KGi7zbtavFYZk1oOkCAFhQ==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 120110364
ts.delfi.ee/_v/ 0
83 B 55ms
46ms Image
text/plain 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ts.delfi.ee/_v/120110364
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
x-envoy-upstream-service-time: 10
server: DWS
age: 0

GET
H2 200 delfi.svg
h.delfi.ee/g/l/svg/ 4 KB
2 KB 34ms
33ms Image
image/svg+xml 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h.delfi.ee/g/l/svg/delfi.svg
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 52036e323fca4d2cb6f0fee2d99bc0cff78cda2dfdded17e8280d92fc833e73c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:20:14 GMT
content-encoding: gzip
last-modified: Fri, 05 Mar 2021 08:24:55 GMT
server: DWS
age: 1309
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 1686
expires: Fri, 02 Dec 2022 09:33:17 GMT

GET
H2 200 non-tcf-partners.json Show response
kroonika.delfi.ee/api/ 2 KB
775 B 34ms
33ms XHR
application/json 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://kroonika.delfi.ee/api/non-tcf-partners.json?ids[]=864&ids[]=89&ids[]=108&ids[]=1205&ids[]=326&ids[]=2677&ids[]=2046
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: ffbbe56bf8e357b215eafea3a0c591db1bfb363bb956399f0d5a9c0398faca29

Request headers

Accept: application/json, text/plain, */*
Referer: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:48 GMT
content-encoding: gzip
server: DWS
age: 14
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: public, max-age=604800
x-envoy-upstream-service-time: 20
accept-ranges: bytes
content-length: 590

GET
H2 200 header_img_left.15c0824.png
ee-production-portal-root-3dc.s3.delfi.net/img/ 8 KB
9 KB 35ms
34ms Image
image/png 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ee-production-portal-root-3dc.s3.delfi.net/img/header_img_left.15c0824.png

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy2.delfi.ee

Software

DWS /

Resource Hash

6b1a904496300b3e8367894aab2c9769af60c1bf58f349bd68938afb124db13c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee-production-portal-root-3dc.s3.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:05 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 94da350f-ffae-1fff-961f-9440c9b71b40
age: 3417
content-type: image/png
cache-control: max-age=30
accept-ranges: bytes
content-length: 8538

GET
H2 200 header_img_right.bf34fab.png
ee-production-portal-root-3dc.s3.delfi.net/img/ 9 KB
9 KB 33ms
32ms Image
image/png 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ee-production-portal-root-3dc.s3.delfi.net/img/header_img_right.bf34fab.png

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/app.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy2.delfi.ee

Software

DWS /

Resource Hash

60031fc7e21875f8d8e7e5275c013427dd04707dc262732711ac2c5e5f87b1e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee-production-portal-root-3dc.s3.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:45:05 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 59d393a8-e063-1ffc-b67f-9440c9b71b30
age: 3417
content-type: image/png
cache-control: max-age=30
accept-ranges: bytes
content-length: 9460

GET
H2 200 web Show response
onesignal.com/api/v1/sync/868426a0-6c84-4f48-81b1-1349faad7b81/ 3 KB
2 KB 47ms
37ms Script
text/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/868426a0-6c84-4f48-81b1-1349faad7b81/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9b3da069bfd7028baf8c2f4798509fa35dc7019ea9ef303816a81065442ae05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
age: 3474
cf-polished: origSize=3370
status: 200 OK
x-envoy-upstream-service-time: 26
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: e739ac71-e623-4617-b69c-9d2aa6143873
x-runtime: 0.024963
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"f75ec02f8c13df3c065624d05871e619"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 775f0e419b9a9186-FRA
access-control-allow-headers: SDK-Version
expires: Wed, 07 Dec 2022 18:42:03 GMT

GET
H2 200 graphql Show response
api.delfi.ee/content/v3/ 10 KB
10 KB 37ms
37ms Fetch
application/json 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://api.delfi.ee/content/v3/graphql?operationName=portal_root_getUniversalHeadlines&variables=%7B%22orderBy%22%3A%22PUBLISH_AT%22%2C%22getCount%22%3Afalse%2C%22issueOnly%22%3A%22false%22%2C%22id%22%3A%5B120106278%2C120106580%2C120109356%5D%7D&extensions=%7B%22persistedQuery%22%3A%7B%22version%22%3A1%2C%22sha256Hash%22%3A%22335c2dad40d8035d4a00a8e20d62998ce3f455cd9e80876c05da739acaba686e%22%7D%7D

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy2.delfi.ee

Software

DWS /

Resource Hash

3ae6818cf5f08794fb0546d5acff9cb7d95745611dac7e34d44682d07289e5cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: */*
Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
x-correlation-id: 5e925d16-5921-48be-81c3-7179acfec5b7
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 17:41:56 GMT
x-permitted-cross-domain-policies: none
x-tracking: c2556b325e2b36dba6f4aeda8f4b954f
age: 23
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
content-length: 9756
x-xss-protection: 0
referrer-policy: no-referrer
server: DWS
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: preview, zlick-token, x-signature, Authorization, cache-token
x-download-options: noopen
access-control-allow-origin: *
content-type: application/json; charset=utf-8
cache-control: max-age=60, public
accept-ranges: bytes

OPTIONS
H2 204 graphql
api.delfi.ee/content/v3/ Frame 0
0 32ms
32ms Preflight
text/plain 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://api.delfi.ee/content/v3/graphql?operationName=portal_root_getUniversalHeadlines&variables=%7B%22orderBy%22%3A%22PUBLISH_AT%22%2C%22getCount%22%3Afalse%2C%22issueOnly%22%3A%22false%22%2C%22id%22%3A%5B120106278%2C120106580%2C120109356%5D%7D&extensions=%7B%22persistedQuery%22%3A%7B%22version%22%3A1%2C%22sha256Hash%22%3A%22335c2dad40d8035d4a00a8e20d62998ce3f455cd9e80876c05da739acaba686e%22%7D%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://kroonika.delfi.ee
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization,Content-Type,Company-Code,Cookie,Cache-Control,Zlick-Token,X-Signature,Preview
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-expose-headers: Set-Cookie
access-control-max-age: 60
content-type: text/plain; charset=UTF-8
date: Wed, 07 Dec 2022 17:42:03 GMT
server: DWS
vary: Access-Control-Request-Headers,Origin

GET
H2 200 zlick-2.2.3.min.js Show response
cdn.zlick.it/ 31 KB
31 KB 67ms
9ms Script
application/javascript 2600:9000:2156:f600:6:c108:980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.zlick.it/zlick-2.2.3.min.js
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f600:6:c108:980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2530d20bd1e722015d1032c2cd6ecf9fe1eb919114ae481ea8bd0e1064bdd7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: 6LPs1tDCcLW_E.yiO9cviFz4Qz_5UpSq
date: Wed, 07 Dec 2022 01:17:28 GMT
via: 1.1 32c8da10203574baccb74b8f771a7ffa.cloudfront.net (CloudFront)
last-modified: Wed, 13 Nov 2019 16:58:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 59076
etag: "c763b15662421e1cda8eb5faf25a7468"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 31793
x-amz-cf-id: c7VPfR2fcs1S0F0_YvgVBYabZKao0GCRmz_UrU_5LYJYEKmwejV9Ag==

GET
H2 200 graphql Show response
api.delfi.ee/content/v3/ 18 KB
19 KB 32ms
31ms Fetch
application/json 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://api.delfi.ee/content/v3/graphql?operationName=portal_root_getUniversalHeadlines&variables=%7B%22orderBy%22%3A%22PUBLISH_AT%22%2C%22getCount%22%3Afalse%2C%22issueOnly%22%3A%22false%22%2C%22id%22%3A%5B120110406%2C120109934%2C120110568%2C95742993%2C120110132%2C120110386%5D%2C%22limit%22%3A6%2C%22language%22%3A%22ET%22%7D&extensions=%7B%22persistedQuery%22%3A%7B%22version%22%3A1%2C%22sha256Hash%22%3A%22335c2dad40d8035d4a00a8e20d62998ce3f455cd9e80876c05da739acaba686e%22%7D%7D

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy2.delfi.ee

Software

DWS /

Resource Hash

1d71f433c4caeb01bbb8cb660c5999757170973a48ac124600b6d9530006b606

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: */*
Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
x-correlation-id: ae3f5ab4-adfa-4dcf-9b63-dfeac61c509c
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 17:40:58 GMT
x-permitted-cross-domain-policies: none
x-tracking: eedfe75c087f4301e008a139eb78bf02
age: 73
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 16
content-length: 18803
x-xss-protection: 0
referrer-policy: no-referrer
server: DWS
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: preview, zlick-token, x-signature, Authorization, cache-token
x-download-options: noopen
access-control-allow-origin: *
content-type: application/json; charset=utf-8
cache-control: max-age=60, public
accept-ranges: bytes

OPTIONS
H2 204 graphql
api.delfi.ee/content/v3/ Frame 0
0 35ms
35ms Preflight
text/plain 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://api.delfi.ee/content/v3/graphql?operationName=portal_root_getUniversalHeadlines&variables=%7B%22orderBy%22%3A%22PUBLISH_AT%22%2C%22getCount%22%3Afalse%2C%22issueOnly%22%3A%22false%22%2C%22id%22%3A%5B120110406%2C120109934%2C120110568%2C95742993%2C120110132%2C120110386%5D%2C%22limit%22%3A6%2C%22language%22%3A%22ET%22%7D&extensions=%7B%22persistedQuery%22%3A%7B%22version%22%3A1%2C%22sha256Hash%22%3A%22335c2dad40d8035d4a00a8e20d62998ce3f455cd9e80876c05da739acaba686e%22%7D%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://kroonika.delfi.ee
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization,Content-Type,Company-Code,Cookie,Cache-Control,Zlick-Token,X-Signature,Preview
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-expose-headers: Set-Cookie
access-control-max-age: 60
content-type: text/plain; charset=UTF-8
date: Wed, 07 Dec 2022 17:42:03 GMT
server: DWS
vary: Access-Control-Request-Headers,Origin

GET
H2 200 / Show response
adx.adform.net/adx/ 37 KB
5 KB 73ms
73ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=3&pv=1&bWlkPTQ1MTA3NSZta3c9Y2hhbm5lbF92dWUsY2hhbm5lbF9rcm9vbmlrYSxsb2dnZWRfb3V0LGtyb29uaWthX2FydGljbGUsYXJ0aWNsZV8xMjAxMTAzNjQsY2F0ZWdvcnlfOTExNTk0Mzksa3Jvb25pa2FfMTIwMTEwMzY0LGtyb29uaWthX21pdG1lc3VndXN0LHRlbXBsYXRlX2RlZmF1bHQsYWZ0ZXJfY29tbWVudF9mb3JtJm1rdj1jaGFubmVsOmtyb29uaWthLGNhdGVnb3J5Omtyb29uaWthX19taXRtZXN1Z3VzdCxuZXR3b3JrOjRnLHNjcmVlbl93aWR0aDoxNjAwLHNjcmVlbl9oZWlnaHQ6MTIwMCxsb2NhbGU6ZXRfRUUscG9zaXRpb246cG9zXzAwMixjaG5fcG9zOmtyb29uaWthXzAwMg&bWlkPTQzNTYwOSZta3c9Y2hhbm5lbF92dWUsY2hhbm5lbF9rcm9vbmlrYSxsb2dnZWRfb3V0LGtyb29uaWthX2FydGljbGUsYXJ0aWNsZV8xMjAxMTAzNjQsY2F0ZWdvcnlfOTExNTk0Mzksa3Jvb25pa2FfMTIwMTEwMzY0LGtyb29uaWthX21pdG1lc3VndXN0LHRlbXBsYXRlX2RlZmF1bHQmbWt2PWNoYW5uZWw6a3Jvb25pa2EsY2F0ZWdvcnk6a3Jvb25pa2FfX21pdG1lc3VndXN0LG5ldHdvcms6NGcsc2NyZWVuX3dpZHRoOjE2MDAsc2NyZWVuX2hlaWdodDoxMjAwLGxvY2FsZTpldF9FRSxwb3NpdGlvbjpwb3NfMDAyLGNobl9wb3M6a3Jvb25pa2FfMDAy&bWlkPTU0NTEzMSZta3c9Y2hhbm5lbF92dWUsY2hhbm5lbF9rcm9vbmlrYSxsb2dnZWRfb3V0LGtyb29uaWthX2FydGljbGUsYXJ0aWNsZV8xMjAxMTAzNjQsY2F0ZWdvcnlfOTExNTk0Mzksa3Jvb25pa2FfMTIwMTEwMzY0LGtyb29uaWthX21pdG1lc3VndXN0LHRlbXBsYXRlX2RlZmF1bHQmbWt2PWNoYW5uZWw6a3Jvb25pa2EsY2F0ZWdvcnk6a3Jvb25pa2FfX21pdG1lc3VndXN0LG5ldHdvcms6NGcsc2NyZWVuX3dpZHRoOjE2MDAsc2NyZWVuX2hlaWdodDoxMjAwLGxvY2FsZTpldF9FRSxwb3NpdGlvbjpwb3NfMDAxLGNobl9wb3M6a3Jvb25pa2FfMDAx&bWlkPTQ1MTA3NSZta3c9Y2hhbm5lbF92dWUsY2hhbm5lbF9rcm9vbmlrYSxsb2dnZWRfb3V0LGtyb29uaWthX2FydGljbGUsYXJ0aWNsZV8xMjAxMTAzNjQsY2F0ZWdvcnlfOTExNTk0Mzksa3Jvb25pa2FfMTIwMTEwMzY0LGtyb29uaWthX21pdG1lc3VndXN0LHRlbXBsYXRlX2RlZmF1bHQmbWt2PWNoYW5uZWw6a3Jvb25pa2EsY2F0ZWdvcnk6a3Jvb25pa2FfX21pdG1lc3VndXN0LG5ldHdvcms6NGcsc2NyZWVuX3dpZHRoOjE2MDAsc2NyZWVuX2hlaWdodDoxMjAwLGxvY2FsZTpldF9FRSxwb3NpdGlvbjpwb3NfMDAxLGNobl9wb3M6a3Jvb25pa2FfMDAx&bWlkPTQzNTYwOSZta3c9Y2hhbm5lbF92dWUsY2hhbm5lbF9rcm9vbmlrYSxsb2dnZWRfb3V0LGtyb29uaWthX2FydGljbGUsYXJ0aWNsZV8xMjAxMTAzNjQsY2F0ZWdvcnlfOTExNTk0Mzksa3Jvb25pa2FfMTIwMTEwMzY0LGtyb29uaWthX21pdG1lc3VndXN0LHRlbXBsYXRlX2RlZmF1bHQmbWt2PWNoYW5uZWw6a3Jvb25pa2EsY2F0ZWdvcnk6a3Jvb25pa2FfX21pdG1lc3VndXN0LG5ldHdvcms6NGcsc2NyZWVuX3dpZHRoOjE2MDAsc2NyZWVuX2hlaWdodDoxMjAwLGxvY2FsZTpldF9FRSxwb3NpdGlvbjpwb3NfMDAxLGNobl9wb3M6a3Jvb25pa2FfMDAx&bWlkPTQzNTYxMSZta3c9Y2hhbm5lbF92dWUsY2hhbm5lbF9rcm9vbmlrYSxsb2dnZWRfb3V0LGtyb29uaWthX2FydGljbGUsYXJ0aWNsZV8xMjAxMTAzNjQsY2F0ZWdvcnlfOTExNTk0Mzksa3Jvb25pa2FfMTIwMTEwMzY0LGtyb29uaWthX21pdG1lc3VndXN0LHRlbXBsYXRlX2RlZmF1bHQmbWt2PWNoYW5uZWw6a3Jvb25pa2EsY2F0ZWdvcnk6a3Jvb25pa2FfX21pdG1lc3VndXN0LG5ldHdvcms6NGcsc2NyZWVuX3dpZHRoOjE2MDAsc2NyZWVuX2hlaWdodDoxMjAwLGxvY2FsZTpldF9FRSxwb3NpdGlvbjpwb3NfMDAxLGNobl9wb3M6a3Jvb25pa2FfMDAx&bWlkPTU2OTI3MCZta3c9Y2hhbm5lbF92dWUsY2hhbm5lbF9rcm9vbmlrYSxsb2dnZWRfb3V0LGtyb29uaWthX2FydGljbGUsYXJ0aWNsZV8xMjAxMTAzNjQsY2F0ZWdvcnlfOTExNTk0Mzksa3Jvb25pa2FfMTIwMTEwMzY0LGtyb29uaWthX21pdG1lc3VndXN0LHRlbXBsYXRlX2RlZmF1bHQmbWt2PWNoYW5uZWw6a3Jvb25pa2EsY2F0ZWdvcnk6a3Jvb25pa2FfX21pdG1lc3VndXN0LG5ldHdvcms6NGcsc2NyZWVuX3dpZHRoOjE2MDAsc2NyZWVuX2hlaWdodDoxMjAwLGxvY2FsZTpldF9FRSxwb3NpdGlvbjpwb3NfMDAxLGNobl9wb3M6a3Jvb25pa2FfMDAx&bWlkPTY1MTAwOSZta3c9Y2hhbm5lbF92dWUsY2hhbm5lbF9rcm9vbmlrYSxsb2dnZWRfb3V0LGtyb29uaWthX2FydGljbGUsYXJ0aWNsZV8xMjAxMTAzNjQsY2F0ZWdvcnlfOTExNTk0Mzksa3Jvb25pa2FfMTIwMTEwMzY0LGtyb29uaWthX21pdG1lc3VndXN0LHRlbXBsYXRlX2RlZmF1bHQmbWt2PWNoYW5uZWw6a3Jvb25pa2EsY2F0ZWdvcnk6a3Jvb25pa2FfX21pdG1lc3VndXN0LG5ldHdvcms6NGcsc2NyZWVuX3dpZHRoOjE2MDAsc2NyZWVuX2hlaWdodDoxMjAwLGxvY2FsZTpldF9FRSxwb3NpdGlvbjpwb3NfMDAxLGNobl9wb3M6a3Jvb25pa2FfMDAx&adid=9dc66174-6f4a-4677-98bc-59fa92eca791&url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&callback=_adform_cb_1670434923821_44572982863432986

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3dcbffcd64739fb5596bebca4e4761d7c37bc1bfbf005b1094cd133261b6fb6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 _d
ts.delfi.ee/ 43 B
340 B 37ms
36ms Image
image/gif 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ts.delfi.ee/_d?s=whatson&u=https%3A//kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&h=&r=&t=1670434923826
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:03 GMT
server: DWS
age: 0
content-type: image/gif
cache-control: post-check=0, must-revalidate, no-store, no-cache, pre-check=0
content-length: 43
expires: 0

GET
H2 200 _a
ts.delfi.ee/ 43 B
200 B 34ms
34ms Image
image/gif 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ts.delfi.ee/_a?a=120110364
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:03 GMT
server: DWS
age: 0
content-type: image/gif
cache-control: post-check=0, must-revalidate, no-store, no-cache, pre-check=0
content-length: 43
expires: 0

GET
H3 200 1884980121754918 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 19ms
9ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1884980121754918?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ee2e4d042c914282079391c2e16ce62c29b6a6053571ab98341468567b271eb0

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 07 Dec 2022 17:42:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86268
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 9iCpT3l2r/sbbZfkE6BNpw7wxH6+kcsM/8pnFoMH1uH0zvU6lS7Y7bhRcM95lwxvXoGDqNdAjJTa7HUtaWt5fw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adx.js Show response
af1.nh.ee/banners/scripts/ Frame D496 59 KB
25 KB 39ms
32ms Script
application/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/banners/scripts/adx.js
Requested by: Host: adx.adform.net
URL: https://adx.adform.net/adx/?mid=562978&mkw=channel_vue,channel_kroonika,logged_out,kroonika_article,article_120110364,category_91159439,kroonika_120110364,kroonika_mitmesugust,template_default&mkv=channel:kroonika,category:kroonika__mitmesugust,network:4g,screen_width:1600,screen_height:1200,locale:et_EE,position:pos_001,chn_pos:kroonika_001&adid=9dc66174-6f4a-4677-98bc-59fa92eca791
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 8d3b4694f2e7d6dcf5af611841acb794ed26ec7efc51ad0fe332a89ab3953074

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:18 GMT
content-encoding: gzip
last-modified: Mon, 21 Nov 2022 11:50:07 GMT
server: DWS
x-amz-request-id: tx000001231ce093ed4bf8f-00637b6786-3293868f-default
age: 29504
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 25444

GET
H2 200 zwxr83yw.json Show response
l.getsitecontrol.com/ 92 KB
11 KB 564ms
549ms XHR
application/json 2400:52e0:1e00::713:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://l.getsitecontrol.com/zwxr83yw.json
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::713:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-713 /
Resource Hash: e2eef2c9aae1d3a6abebccee1ea5359e27c2509458379b6a3ec152aa4524e073

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: br
cdn-edgestorageid: 1055
x-amz-request-id: 0VAZBWNF75VKNH58
cdn-cachedat: 12/07/2022 08:37:17
cdn-pullzone: 89704
x-amz-id-2: TlsJ5SGXd9z1FTIv4zWKcJ5Zq7QYmgkY0voGW6e4uqb6lFQoIHTBdrUqiln+5zjU1KJhj23FOyo=
last-modified: Wed, 07 Dec 2022 08:37:13 GMT
server: BunnyCDN-DE1-713
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"e89e907f96678c7ef8e046ba40ff196d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cdn-cache: REVALIDATED
cdn-uid: e3a1246b-2fdd-4153-9207-6ca707c9379d
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=5
access-control-max-age: 3000
cdn-requestid: 24525a870696556a59f5eb640ce7bda7
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 csc-event
s.delfi.ee/ 37 B
223 B 45ms
43ms Image
image/gif 20.54.110.135
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.delfi.ee/csc-event?p=0%3Albdxtoar%3A8EPRH~ZaMPWMiJHtSMOdn6q1qCYq714D&s=0%3Albdxtoar%3A8DGmNS6USmT9koWKyqojrtB3VoVVDlu9&v=0%3ABuqMrBO0kSXgGLvsaHFO4xFtpU3dtLrc&e=0%3A33MmA1_uO6dXjLQDSppNY4UW0nPITIgt0&c=lbdxtoaz&n=t&f=t&l=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&i=18g&j=xc&k=1&w=18g&h=xc&t=pageView&a=none&x=xgtge2
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.54.110.135 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: tracker /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:03 GMT
server: tracker
etag: "6b3edc43-20ec-4078-bc47-e965dd76b88a"
content-type: image/gif
cache-control: private, no-cache, proxy-revalidate
content-length: 37
expires: Fri, 14 Apr 1995 11:30:00 GMT

GET
H2 200 csc-event
s.delfi.ee/ 37 B
223 B 42ms
42ms Image
image/gif 20.54.110.135
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.delfi.ee/csc-event?p=0%3Albdxtoar%3A8EPRH~ZaMPWMiJHtSMOdn6q1qCYq714D&s=0%3Albdxtoar%3A8DGmNS6USmT9koWKyqojrtB3VoVVDlu9&v=0%3AiNDTO_M4cki3Fe2zAHGI88r7lam1NtGC&e=0%3AFAKhwhB~rxgQVlwC~c9ycnVAsDtm8iWY0&c=lbdxtob4&n=f&f=f&l=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&i=18g&j=xc&k=1&w=18g&h=xc&t=pageView&a=none&x=-6c95f
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.54.110.135 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: tracker /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:03 GMT
server: tracker
etag: "6b3edc43-20ec-4078-bc47-e965dd76b88a"
content-type: image/gif
cache-control: private, no-cache, proxy-revalidate
content-length: 37
expires: Fri, 14 Apr 1995 11:30:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 122ms
45ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=562613694&t=pageview&_s=1&dl=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&dp=%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&ul=en-us&de=UTF-8&dt=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aAhAAEABEAAAACAAI~&jid=904881308&gjid=686499489&cid=879261953.1670434923&tid=UA-4729238-1&_gid=1172621491.1670434924&_r=1&_slc=1&cd1=120110364&cd2=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud&cd3=&cd4=&cd5=mitmesugust&cd6=kroonika.delfi.ee&cd7=et&cd8=Online%20vaade&cd9=&cd10=Yes&cd11=logged%20out&cd12=&cd13=logged%20out&cd14=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.94%20Safari%2F537.36&cd15=&cd16=&cd17=&cd18=&cd19=&cd20=&z=1423857575

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fpdata.js Show response
sgaee.hit.gemius.pl/ 277 B
392 B 27ms
27ms Script
application/x-javascript 146.59.21.56
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sgaee.hit.gemius.pl/fpdata.js?href=kroonika.delfi.ee
Requested by: Host: sgaee.hit.gemius.pl
URL: https://sgaee.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.21.56 , France, ASN16276 (OVH, FR),
Reverse DNS: ip56.ip-146-59-21.eu
Software: GHC /
Resource Hash: 63b98a678c021f497e7183661d70bcd9479c8db92b9bc47f90aefb16e6bfd39e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 277
expires: Fri, 06 Jan 2023 17:42:03 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame D1B9 5 KB
3 KB 130ms
48ms Document
text/html 146.59.30.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: sgaee.hit.gemius.pl
URL: https://sgaee.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.100 , France, ASN16276 (OVH, FR),
Reverse DNS: ip100.ip-146-59-30.eu
Software: GHC /
Resource Hash: 4bc1c46e69283dd4c574e242a27e81b22bc35abeeb548424cb451456fbcac20b

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: none
cache-control: private, max-age=2592000
content-encoding: gzip
content-length: 2718
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:04 GMT
etag: PRIVATE7520710249
expires: Fri, 06 Jan 2023 17:42:04 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin,User-Agent

GET
H/1.1 200
OK sp1.html Show response
cdn.cxense.com/ Frame ABAB 684 B
749 B 33ms
33ms Document
text/html 2a02:26f0:6c00:2bf::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/sp1.html
Requested by: Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bf::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 535be4b8bedf82433d210152dfb19dd4eaf5796c4e61c2be1c2ed356827b5580

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 379
Content-Type: text/html
Date: Wed, 07 Dec 2022 17:42:03 GMT
Expires: Sat, 17 Dec 2022 17:42:03 GMT
Last-Modified: Tue, 11 Jan 2022 07:21:04 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H/1.1 204
No Content /
c.cintnetworks.com/ 0
257 B 121ms
24ms Image
text/plain 51.144.7.192
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.cintnetworks.com/?a=2495&i=224&id=cxense_224:lbdxtobwxu5y2838
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.144.7.192 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Arr-Disable-Session-Affinity: true
P3P: CP="This is not a P3P policy! See https://cint.com/cookie-usage/ for more info."

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 26ms
8ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1884980121754918&ev=PageView&dl=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&rl=&if=false&ts=1670434923953&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670434923951.2066633158&it=1670434923833&coo=false&rqm=GET

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 07 Dec 2022 17:42:03 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-d/s/0.6.43/ 54 KB
18 KB 12ms
10ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-d/s/0.6.43/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/dhcdwcu0be
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:03 GMT
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0U3uQYwAAAABy7ddyteGHQb4/Dumq8ozFRlJBMjMxMDUwNDE4MDQ3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
etag: "1d9082948124e4c"
x-azure-ref: 0a9CQYwAAAACMA6Tc2vabSYdp5PrTmmdRRlJBMzFFREdFMDMwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: TCP_HIT
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 headerEnrichment Show response
api.zlickpay.com/v1/ 53 B
395 B 37ms
37ms XHR
application/json 52.209.1.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.zlickpay.com/v1/headerEnrichment

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.209.1.10 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-209-1-10.eu-west-1.compute.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

a0af71ce534a68018a11dd6dd8ffe0719dbedc760342e805fc2746d662e21beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbW91bnQiOjI5OSwiY29udGVudElkIjoiYXJ0aWNsZS0xMjAxMTAzNjQiLCJzZWN0aW9uSWQiOiJjaGFubmVsLTY1IiwidG9rZW4iOiIzcHI0ZGN6NmV1Z3l6d2g1NWxtOTk4NnN3Z3dhZXAzdCIsImlhdCI6MTY3MDQzNDU2Nn0.fpEqb_droUebSZeOqYa3ols6S0usvW-4Tz6siT8oqe0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: nginx/1.22.0
x-download-options: noopen
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
vary: Origin
access-control-allow-origin: https://kroonika.delfi.ee
x-xss-protection: 1; mode=block

OPTIONS
H2 204 headerEnrichment
api.zlickpay.com/v1/ Frame 0
0 98ms
31ms Preflight 52.209.1.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.zlickpay.com/v1/headerEnrichment
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.1.10 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-1-10.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://kroonika.delfi.ee
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-headers: authorization
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
server: nginx/1.22.0
vary: Origin, Access-Control-Request-Headers

GET
H2 200 Inter-MediumItalic.woff2
g.delfi.ee/portalcore/fonts/inter/ 110 KB
110 KB 40ms
40ms Font
font/woff2 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://g.delfi.ee/portalcore/fonts/inter/Inter-MediumItalic.woff2?v=3.11
Requested by: Host: g.delfi.ee
URL: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 67502858bb2ea92e12d56fe4a8105d418e5d67307b70d7f611b55d13c3e9c91a

Request headers

Referer: https://g.delfi.ee/portalcore/fonts/inter/inter.css
Origin: https://kroonika.delfi.ee
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:34 GMT
last-modified: Fri, 28 Feb 2020 08:54:54 GMT
server: DWS
age: 29
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 112320
expires: Fri, 23 Dec 2022 09:33:17 GMT

GET
H2 200 a2b58750-6f17-11ed-a43a-df50c69a42c2.jpg
api.delfi.ee/media-api-image-cropper/v1/ 40 KB
41 KB 35ms
33ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/a2b58750-6f17-11ed-a43a-df50c69a42c2.jpg?noup&w=588&h=331
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 7123c5289b2a4b95dac0f29587266e64a33c1a106234d2563ed9314980d6d3c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:13:46 GMT
server: DWS
age: 5297
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 96
accept-ranges: bytes
content-length: 41318

GET
H2 200 1c6541a0-747f-11ed-80af-5f46b05f17f0.jpg
api.delfi.ee/media-api-image-cropper/v1/ 56 KB
56 KB 35ms
33ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/1c6541a0-747f-11ed-80af-5f46b05f17f0.jpg?noup&w=588&h=331
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 3490d74ff613b464b5abb1b04eda0b108395464fef0c475dfe3dac6d0e70abc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:30:24 GMT
server: DWS
age: 699
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 87
accept-ranges: bytes
content-length: 57639

GET
H2 200 2b7eba20-b8bc-11eb-8bd4-378c79057da9.jpg
api.delfi.ee/media-api-image-cropper/v1/ 22 KB
22 KB 66ms
64ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/2b7eba20-b8bc-11eb-8bd4-378c79057da9.jpg?noup&w=588&h=331&fx=0.520202&fy=0.354214
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 0c42d7b9ecd0248ccb942dadaebf0b75ead780f05f7c3753804f9e5af233876e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:31:31 GMT
server: DWS
age: 632
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 407
accept-ranges: bytes
content-length: 22044

GET
H2 200 f03ffbb0-7636-11ed-a8c7-830fbe27274a.jpg
api.delfi.ee/media-api-image-cropper/v1/ 29 KB
29 KB 97ms
95ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/f03ffbb0-7636-11ed-a8c7-830fbe27274a.jpg?noup&w=588&h=331
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 8a895f7bc70edb8c022c6a3e8eadf4899f074c2ad922756e7c9542986097e80e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 14:09:28 GMT
server: DWS
age: 12756
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 55
accept-ranges: bytes
content-length: 29742

GET
H2 200 49db1900-7620-11ed-be2a-51579a66012a.jpg
api.delfi.ee/media-api-image-cropper/v1/ 35 KB
35 KB 100ms
98ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/49db1900-7620-11ed-be2a-51579a66012a.jpg?noup&w=588&h=331&fx=0.559807&fy=0.317391
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: e3185bd85c020c5ebd8c701a91f13e6c410e59d566aca5112fb889f76fb2eb60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:30:25 GMT
server: DWS
age: 698
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 42
accept-ranges: bytes
content-length: 36021

GET
H2 200 2adf4d80-761d-11ed-a83f-eb83ef25a285.jpg
api.delfi.ee/media-api-image-cropper/v1/ 18 KB
18 KB 97ms
96ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/2adf4d80-761d-11ed-a83f-eb83ef25a285.jpg?noup&w=588&h=331
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: e2ae67d364e8217c4c10a9cc3b732d1c0655a5feb0b215784a90a860c51df86c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 14:53:40 GMT
server: DWS
age: 10103
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 39
accept-ranges: bytes
content-length: 18315

GET
H2 200 9f1c7bc0-759e-11ed-9881-ddc4690d666d.jpg
api.delfi.ee/media-api-image-cropper/v1/ 23 KB
23 KB 34ms
34ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/9f1c7bc0-759e-11ed-9881-ddc4690d666d.jpg?noup&w=588&h=331&fx=0.29798&fy=0.641667
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: d227948a0d939b0aed992f473f8fc2f52c8abbce9cd4c96994e69035a0085dfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 15:47:27 GMT
server: DWS
age: 6876
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 41
accept-ranges: bytes
content-length: 23121

GET
H2 200 59984a70-b97f-11eb-b51a-6384303cdb6e.jpg
api.delfi.ee/media-api-image-cropper/v1/ 67 KB
67 KB 35ms
34ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/59984a70-b97f-11eb-b51a-6384303cdb6e.jpg?noup&w=588&h=331
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: dade59558d38e1a576d00ea4b40cb0c2aed6240e4be39ae981f515b06a82665a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:58:40 GMT
server: DWS
age: 13403
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 110
accept-ranges: bytes
content-length: 68392

GET
H2 200 7f9c3420-bd0d-11eb-abfb-2f747f0aaece.jpg
api.delfi.ee/media-api-image-cropper/v1/ 67 KB
67 KB 36ms
32ms Image
image/jpg 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.delfi.ee/media-api-image-cropper/v1/7f9c3420-bd0d-11eb-abfb-2f747f0aaece.jpg?noup&w=588&h=331&ch=0.3647&cw=1&cx=0&cy=0.0501&r=16:9
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 130633f2cc0473c6549e4cf14316420acefb9336c00338b257dc8343ed7fb906

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:42:13 GMT
server: DWS
age: 14390
content-type: image/jpg
access-control-allow-origin: *
cache-control: public,max-age=7200
x-envoy-upstream-service-time: 160
accept-ranges: bytes
content-length: 68684

GET
H2 200 327I78_josephine-amalie-paysen-ihykzo-dsx8-unsplash.q90.trim.480x295.jpeg
g1.nh.ee/wd/f/12112/r/ 18 KB
18 KB 33ms
31ms Image
image/jpeg 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g1.nh.ee/wd/f/12112/r/327I78_josephine-amalie-paysen-ihykzo-dsx8-unsplash.q90.trim.480x295.jpeg
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 029b92c84a03a7b9b6ba911e452170f394d1efaafcb814edbc828a384beac6e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:12:06 GMT
last-modified: Mon, 05 Dec 2022 09:08:58 GMT
server: DWS
age: 1797
content-type: image/jpeg
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 18621
expires: Mon, 09 Jan 2023 09:09:09 GMT

GET
H2 200 GB9XAY_foto-plokk.q90.trim.480x295.jpeg
g1.nh.ee/wd/f/12112/r/ 38 KB
39 KB 33ms
32ms Image
image/jpeg 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g1.nh.ee/wd/f/12112/r/GB9XAY_foto-plokk.q90.trim.480x295.jpeg
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 2232074622f80e6d59a626bad0e197407d33f65930e6dc5093187e9a161b6b93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:11:14 GMT
last-modified: Wed, 07 Dec 2022 08:10:46 GMT
server: DWS
age: 1850
content-type: image/jpeg
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 39412
expires: Wed, 11 Jan 2023 08:10:55 GMT

GET
H2 200 VKJ9KS_kuvatommis_2022-12-05_143221.q90.trim.480x295.jpeg
g1.nh.ee/wd/f/12112/r/ 53 KB
53 KB 64ms
63ms Image
image/jpeg 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g1.nh.ee/wd/f/12112/r/VKJ9KS_kuvatommis_2022-12-05_143221.q90.trim.480x295.jpeg
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 89ad4b1178eb01dd32c8e129e0163d6d6f8013c593d038dd211b57795a360813

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:35:27 GMT
last-modified: Mon, 05 Dec 2022 12:32:42 GMT
server: DWS
age: 396
content-type: image/jpeg
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 54037
expires: Mon, 09 Jan 2023 12:32:52 GMT

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ Frame ABAB 107 KB
34 KB 41ms
40ms Script
application/x-javascript 2a02:26f0:6c00:2bf::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bf::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b99a8be0c36ac7fb2303d06b4cd2c851c7e6a97a1c7788747f1112091f57e7a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/sp1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Dec 2022 05:42:00 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34695
Expires: Wed, 07 Dec 2022 18:42:04 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 72ms
16ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-4729238-1&cid=879261953.1670434923&jid=904881308&gjid=686499489&_gid=1172621491.1670434924&_u=aAhAAEAAEAAAACAAI~&z=2012837333

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 07 Dec 2022 17:42:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bootstrap.js Show response
af1.nh.ee/stoat/626/af1.nh.ee/ Frame AE60 34 KB
16 KB 32ms
31ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 1cadf9428fd6648f25700bdb133825c4b391089352055628c0d44bb052ce8108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:28 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 29495
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 16145
expires: Thu, 08 Dec 2022 13:10:55 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame AE60
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://x.bidswitch.net/ul_cb/sync?ssp=adform
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=

70 B
264 B

116ms
32ms

Image
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: //match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame AE60
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

43 B
162 B

56ms
30ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame AE60
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fcm.adform.net%252fpixel%253fadform_pid%253d16%2526adform_pc%253d%24UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

43 B
162 B

55ms
31ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:04 GMT
AN-X-Request-Uuid: c09980d3-bf6b-445e-a856-905b984a6fe6
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame AE60
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=8276ccb9-6a23-45aa-951e-86f1fd5aa442

43 B
163 B

86ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=8276ccb9-6a23-45aa-951e-86f1fd5aa442
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=8276ccb9-6a23-45aa-951e-86f1fd5aa442
Date: Wed, 07 Dec 2022 17:42:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 bootstrap.js Show response
af1.nh.ee/stoat/626/af1.nh.ee/ Frame 0F49 34 KB
16 KB 38ms
32ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 1cadf9428fd6648f25700bdb133825c4b391089352055628c0d44bb052ce8108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:28 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 29495
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 16145
expires: Thu, 08 Dec 2022 13:10:55 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 0F49
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://x.bidswitch.net/ul_cb/sync?ssp=adform
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=

70 B
265 B

115ms
31ms

Image
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: //match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame 0F49
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEMkVfJItIyEd4_PVK8gKMus&google_cver=1&adform_v=1

43 B
162 B

56ms
30ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEMkVfJItIyEd4_PVK8gKMus&google_cver=1&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEMkVfJItIyEd4_PVK8gKMus&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 0F49
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fcm.adform.net%252fpixel%253fadform_pid%253d16%2526adform_pc%253d%24UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

43 B
162 B

54ms
27ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:04 GMT
AN-X-Request-Uuid: 22437e86-215e-4cca-9731-3393507bb809
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 0F49
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

43 B
162 B

83ms
32ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Date: Wed, 07 Dec 2022 17:42:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 responsive.js Show response
s1.adform.net/banners/scripts/extensions/delfi/ Frame 8E46 1 KB
1 KB 24ms
23ms Script
application/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/extensions/delfi/responsive.js?bn=60128054
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5b7072d214cc3eaf3c94e9e714d13ebcd52964305eb2d0910db4daf47bedc7ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
last-modified: Wed, 25 May 2022 11:34:20 GMT
server: nginx
x-amz-request-id: tx00000b326b17416006c7b-006376618c-329373d4-default
etag: W/"9a10b0b7a9e5caaed70a78a47afe9334"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2

200

pixel
cm.adform.net/ Frame 8E46
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://x.bidswitch.net/ul_cb/sync?ssp=adform
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&gdpr=&consent=&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dadfor...
https://x.bidswitch.net/sync?dsp_id=354&user_id=75f23369f4bd4e28a8e1b24bd94e6883&ssp=adform&bsw_param=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&consent=&gdpr_pd=&expires=7
https://cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1

43 B
162 B

25ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

location: //cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame 8E46
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEPK48j77saZbnJG9fOB8GS0&google_cver=1&adform_v=1

43 B
162 B

55ms
29ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEPK48j77saZbnJG9fOB8GS0&google_cver=1&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEPK48j77saZbnJG9fOB8GS0&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 8E46
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

43 B
162 B

26ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:04 GMT
AN-X-Request-Uuid: 4beb17d6-214a-4b6c-a605-11cae871c00b
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 8E46
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

43 B
162 B

26ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Date: Wed, 07 Dec 2022 17:42:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2999
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 bootstrap.js Show response
af1.nh.ee/stoat/626/af1.nh.ee/ Frame 3873 34 KB
16 KB 45ms
40ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 1cadf9428fd6648f25700bdb133825c4b391089352055628c0d44bb052ce8108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:28 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 29495
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 16145
expires: Thu, 08 Dec 2022 13:10:55 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 3873
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dadform%26bsw_param%3Ddac85cfd-3846-4399-8517-b216496d2bad...
https://x.bidswitch.net/sync?dsp_id=80&user_id=cac86390-d06d-4600-a01f-5cc7edd249b2&expires=30&ssp=adform&bsw_param=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent=
https://cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1

43 B
162 B

27ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

location: //cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame 3873
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

43 B
162 B

27ms
26ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 3873
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

43 B
162 B

26ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:04 GMT
AN-X-Request-Uuid: 188f3566-c6d7-4953-9641-61b67aaedc44
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 3873
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

43 B
162 B

25ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Date: Wed, 07 Dec 2022 17:42:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2999
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 bootstrap.js Show response
af1.nh.ee/stoat/626/af1.nh.ee/ Frame DDBF 34 KB
16 KB 41ms
40ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 1cadf9428fd6648f25700bdb133825c4b391089352055628c0d44bb052ce8108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:28 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 29495
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 16145
expires: Thu, 08 Dec 2022 13:10:55 GMT

GET
H2

200

cookie
a.vidoomy.com/api/rtbserver/ Frame DDBF
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=adform&ssp_user_id=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-en0vXf5E2plTFqbgu7mg8lXDep_eK47X55BMaQ--~A&expires=5
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=dac85cfd-3846-4399-8517-b216496d2bad

43 B
357 B

36ms
8ms

Image
image/gif

3.69.57.166
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=dac85cfd-3846-4399-8517-b216496d2bad
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 3.69.57.166 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-69-57-166.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: none
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-VD-C
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 43

Redirect headers

location: //a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=dac85cfd-3846-4399-8517-b216496d2bad
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame DDBF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

43 B
162 B

27ms
26ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame DDBF
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

43 B
162 B

26ms
26ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:04 GMT
AN-X-Request-Uuid: 248f57ce-221a-4eae-8d0f-e1f9550a23f2
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame DDBF
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

43 B
162 B

26ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Date: Wed, 07 Dec 2022 17:42:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2998
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 bootstrap.js Show response
af1.nh.ee/stoat/626/af1.nh.ee/ Frame 760D 34 KB
16 KB 56ms
29ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 1cadf9428fd6648f25700bdb133825c4b391089352055628c0d44bb052ce8108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:28 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 29495
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 16145
expires: Thu, 08 Dec 2022 13:10:55 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 760D
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=

70 B
264 B

32ms
31ms

Image
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: //match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame 760D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

43 B
162 B

27ms
26ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 760D
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

43 B
162 B

26ms
26ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:04 GMT
AN-X-Request-Uuid: 3c8e17ad-5039-40c2-9cdd-1896208545f0
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 760D
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

43 B
162 B

27ms
27ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Date: Wed, 07 Dec 2022 17:42:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2997
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 scroller.js Show response
s1.adform.net/Banners/Elements/Files/146996/3171744/ Frame BAB0 571 B
740 B 32ms
9ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/146996/3171744/scroller.js?bn=59608988;v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 9f4f1d7abcc0736bf3c2a2acd22407f5cd35c93717c5c4084994e835bad77f34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
last-modified: Wed, 25 May 2022 07:43:30 GMT
server: nginx
x-amz-request-id: tx000009b0a21e00045d552-0063903065-329373d4-default
etag: W/"3314495fbf4ce40a807ecad3395a7f72"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2

200

sync
odr.mookie1.com/t/v2/ Frame BAB0
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=dac85cfd-3846-4399-8517-b216496d2bad&ssp=adform&gdpr=&gdpr_consent=

43 B
356 B

129ms
41ms

Image
image/gif

34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=dac85cfd-3846-4399-8517-b216496d2bad&ssp=adform&gdpr=&gdpr_consent=
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: //odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=dac85cfd-3846-4399-8517-b216496d2bad&ssp=adform&gdpr=&gdpr_consent=
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame BAB0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

43 B
162 B

26ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame BAB0
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

43 B
162 B

27ms
26ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:04 GMT
AN-X-Request-Uuid: 57f94049-c1e0-4839-9ab9-78ed2c6428e5
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame BAB0
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

43 B
162 B

28ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Date: Wed, 07 Dec 2022 17:42:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2998
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 siteheader.js Show response
s1.adform.net/Banners/Elements/Files/146996/2932089/ Frame 7437 811 B
849 B 29ms
10ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/146996/2932089/siteheader.js?bn=59586400;v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5797691548eb8ee126ca300c213860aac9a5c967f1066e301cffc03aa13e060e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
last-modified: Wed, 25 May 2022 07:43:23 GMT
server: nginx
x-amz-request-id: tx00000dba750a09ca32356-00639037c0-3293aae9-default
etag: W/"7715ed5f0b0462f8eb60724f0194cf9d"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2

200

pixel
cm.adform.net/ Frame 7437
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dadform%26bsw_param%3Ddac85cfd-3846-4399-8517-b216496d2bad...
https://x.bidswitch.net/sync?dsp_id=80&user_id=29536390-d06d-4600-9ba7-cbb2e58a7763&expires=30&ssp=adform&bsw_param=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent=
https://cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1

43 B
162 B

26ms
26ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

location: //cm.adform.net/pixel?adform_pid=3&adform_pc=dac85cfd-3846-4399-8517-b216496d2bad&adform_v=1
date: Wed, 07 Dec 2022 17:42:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame 7437
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_sc
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1

43 B
162 B

27ms
26ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOeqHmoWr9KgEflAGiO-msY&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 7437
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744

43 B
162 B

27ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:04 GMT
AN-X-Request-Uuid: 38bb9ed9-b098-4efb-82cd-6912aa7e6ea5
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 7437
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc

43 B
162 B

28ms
25ms

Image
image/gif

37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 29 Nov 2018 08:06:42 GMT
server: nginx
accept-ranges: bytes
etag: "5bff9e12-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=68ea4763-cf3e-4b87-be5c-8ed35cf101fc
Date: Wed, 07 Dec 2022 17:42:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2996
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

POST
H2 200 identify Show response
api.zlickpay.com/v1/ 276 B
581 B 38ms
38ms XHR
application/json 52.209.1.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.zlickpay.com/v1/identify

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.209.1.10 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-209-1-10.eu-west-1.compute.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

c81d6e29bc1c490de18044bccd3b8ed241c4205065c10eb995fc4da77b80525c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbW91bnQiOjI5OSwiY29udGVudElkIjoiYXJ0aWNsZS0xMjAxMTAzNjQiLCJzZWN0aW9uSWQiOiJjaGFubmVsLTY1IiwidG9rZW4iOiIzcHI0ZGN6NmV1Z3l6d2g1NWxtOTk4NnN3Z3dhZXAzdCIsImlhdCI6MTY3MDQzNDU2Nn0.fpEqb_droUebSZeOqYa3ols6S0usvW-4Tz6siT8oqe0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: nginx/1.22.0
x-download-options: noopen
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
vary: Origin
access-control-allow-origin: https://kroonika.delfi.ee
x-xss-protection: 1; mode=block

OPTIONS
H2 204 identify
api.zlickpay.com/v1/ Frame 0
0 44ms
32ms Preflight 52.209.1.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.zlickpay.com/v1/identify
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.1.10 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-1-10.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://kroonika.delfi.ee
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
server: nginx/1.22.0
vary: Origin, Access-Control-Request-Headers

GET
H2

200

rexdot.js Show response
sgaee.hit.gemius.pl/__/_1670434924203/
Redirect Chain

https://sgaee.hit.gemius.pl/_1670434924203/rexdot.js?l=106&sendf=8&id=15ZLa_rGmEYLSnLok8gDurd8HeI8L4dc_pjMCJKah1D.A7&et=view&hsrc=2&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fkr...
https://sgaee.hit.gemius.pl/__/_1670434924203/rexdot.js?l=106&sendf=8&id=15ZLa_rGmEYLSnLok8gDurd8HeI8L4dc_pjMCJKah1D.A7&et=view&hsrc=2&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2...

169 B
422 B

27ms
27ms

Script
application/x-javascript

146.59.21.56
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sgaee.hit.gemius.pl/__/_1670434924203/rexdot.js?l=106&sendf=8&id=15ZLa_rGmEYLSnLok8gDurd8HeI8L4dc_pjMCJKah1D.A7&et=view&hsrc=2&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=DifHABptqVCOeTqEKb7Wg0lpzKYehbH8JkHmVnfHNqD.87LD10qV70j3imGge3ForjFvOj337K3e7Kj7KKxOSRRe7kJi/d6yRoQSP_qrIY/&fpdata=fOnaLYnALRylOfOTZKZOpfvH58raiMc.UvNciTPFHrX.A7&ltime=305&inner=_ver%3D331%7C_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D&exid=6390d06b35733c61&fpcap=
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 146.59.21.56 , France, ASN16276 (OVH, FR),
Reverse DNS: ip56.ip-146-59-21.eu
Software: GHC /
Resource Hash: 28a323003d6208cb9394e2296be58446ff63ede64c61d64decdf8571814529fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 169
expires: Tue, 06 Dec 2022 17:42:04 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1670434924203/rexdot.js?l=106&sendf=8&id=15ZLa_rGmEYLSnLok8gDurd8HeI8L4dc_pjMCJKah1D.A7&et=view&hsrc=2&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=DifHABptqVCOeTqEKb7Wg0lpzKYehbH8JkHmVnfHNqD.87LD10qV70j3imGge3ForjFvOj337K3e7Kj7KKxOSRRe7kJi/d6yRoQSP_qrIY/&fpdata=fOnaLYnALRylOfOTZKZOpfvH58raiMc.UvNciTPFHrX.A7&ltime=305&inner=_ver%3D331%7C_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D&exid=6390d06b35733c61&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Tue, 06 Dec 2022 17:42:04 GMT

GET
H2 200 bootstrap.js Show response
af1.nh.ee/stoat/626/af1.nh.ee/ Frame 8E46 34 KB
16 KB 33ms
32ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 1cadf9428fd6648f25700bdb133825c4b391089352055628c0d44bb052ce8108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:28 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 29495
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 16145
expires: Thu, 08 Dec 2022 13:10:55 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame AE60 10 KB
5 KB 29ms
28ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=48614980;rtbwp=z9D6LyCJkZE1;rtbdata=zDPfQtTlILnKNm6nTmIUJGhhlDwL-IxzRWLQnvJ0Bfr2fWe6YZph6Yp-Brszzkeaen14GNlApRKBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;csid=85505;pui=Akhh1D0dxMS5BjcwWyzEsakkr5XJ8d57RITr9karybUqjzLaH86kIEKB1ZIdhepBEAhJV_cORJROcaEVHxzby18MNOAFB-wuaOJDsqAYsG41;adxvars=nD5YIuf_TIa_8YJybgzkznZPtgP1s0ZtHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciiin6BI2OIDRcVOSWsPRL4ubt1WQ3lWwdg59z10szoBKTudruttvIdtDfGHYhGEBzsXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11CFH6nNkx_Tvqq5k3eQFWhvJzwpuiX5uzJAUEiXLohB2n5DrdWxfMQf-_J-dpdk2BEFRoqoHLMiubG9Tfq5DJVIHpLYUYizrl_4FPDAm3kwqaKO5bnWbqACrBJD9KfTTnpT9K7WtiEFJdSoZH7Cf12G91XJG5L6dHFZA2h9ITGl7S07Wn8k-xU_Peg91arP-6PG8vymJUoZVOxOVRvmbc8P9ey9Hz7E14BcXrmMXozfbvWqe2kU2Kiyy9rNXBFe4s4fL4mad3kA_4F3HsUVYuIc6LfYEOzGHXA7z_uuw_WOM1;adxcmd=QTwuOIuaMWyJAahooV75YaLobcS8zXmK0;;js=1;adfxid=1x;6818;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ece0d1f961d92256b5e219e6805394655bf0fb5d86aa22745a9a0bd4bf661f8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 4836
expires: -1

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 153ms
63ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-4729238-1&cid=879261953.1670434923&jid=904881308&_u=aAhAAEAAEAAAACAAI~&z=1507299597

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 154ms
64ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-4729238-1&cid=879261953.1670434923&jid=904881308&_u=aAhAAEAAEAAAACAAI~&z=1507299597

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 0F49 10 KB
5 KB 28ms
28ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=48615251;rtbwp=_dayW-M4w_U1;rtbdata=9EpqVmQZOn1ejiSbr1NhEyCCsebU2TBfYEbPE59UOTptp7U9m2DYaIp-Brszzkeaj9vIKaQyqkOBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;csid=82897;pui=Akhh1D0dxMS5BjcwWyzEsakkr5XJ8d57RITr9karybUqjzLaH86kIEKB1ZIdhepBEAhJV_cORJROcaEVHxzby18MNOAFB-wuaOJDsqAYsG41;adxvars=nD5YIuf_TIaref20VIODHA0DlzHD_EqoHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciin1jH-xn6I5UEDQjNhmY4wFvjabQjvA2OxezFzkxv7AFh7yZDYkU9noRzMQZFNLc-nFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0gZ90co6ScfZKFAa1zW8oCrCEcwVdWotqX8Ye-apRquHh0LadVUDNuk1;adxcmd=QTwuOIuaMWyJAahooV75YaLobcS8zXmK0;;js=1;adfxid=2x;2771;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

17b941dd8371c2353c9ffec4d972b122a506f2ff94bcdccafbd591fd0af424ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 4752
expires: -1

GET
H/1.1 200
OK p1.js Show response
p1cluster.cxense.com/ Frame ABAB 46 B
635 B 53ms
16ms Script
text/javascript 147.75.83.64
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://p1cluster.cxense.com/p1.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.83.64 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 9797056ed209e3249b405f3e32b5ab79c5520779bed626e1955c2ba59c244ab8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Tue, 07 Jun 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
etag: 2ig3bw25l6gxdasgp8hfnh02i
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: text/javascript;charset=utf-8
cache-control: private, proxy-revalidate
content-length: 46
expires: Thu, 07 Dec 2023 17:42:04 GMT

GET
H2 200 bootstrap.js Show response
af1.nh.ee/stoat/626/af1.nh.ee/ Frame BAB0 34 KB
16 KB 32ms
32ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 1cadf9428fd6648f25700bdb133825c4b391089352055628c0d44bb052ce8108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:28 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 29496
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 16145
expires: Thu, 08 Dec 2022 13:10:55 GMT

GET
H2 200 bootstrap.js Show response
af1.nh.ee/stoat/626/af1.nh.ee/ Frame 7437 34 KB
16 KB 33ms
32ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 1cadf9428fd6648f25700bdb133825c4b391089352055628c0d44bb052ce8108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:28 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 29496
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 16145
expires: Thu, 08 Dec 2022 13:10:55 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame DDBF 10 KB
5 KB 28ms
27ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=48615251;rtbwp=_dayW-M4w_U1;rtbdata=-73GEBLHlnVRZVfQyxwpP6pfLrnnR4p_ka7saGMXRRnnaLhtHBEUCop-Brszzkeaj9vIKaQyqkOBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;csid=82897;pui=Akhh1D0dxMS5BjcwWyzEsakkr5XJ8d57RITr9karybUqjzLaH86kIEKB1ZIdhepBEAhJV_cORJROcaEVHxzby18MNOAFB-wuaOJDsqAYsG41;adxvars=nD5YIuf_TIaref20VIODHA0DlzHD_EqoHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciir8CgA6s_V6hvQY6_1vJ8rLQ0YHcZWvA32NGXb1Nsm2Nu-nUHaAYTD4RzMQZFNLc-nFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjh0LadVUDNuk1;adxcmd=QTwuOIuaMWyJAahooV75YaLobcS8zXmK0;;js=1;adfxid=3x;327;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

140f99ea0402927d860576ce1454a0f61d03d4ec81924cb532530f7344cb943c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 4750
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 3873 9 KB
5 KB 43ms
43ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=60045604;rtbwp=IFkZ-pZwCAQ1;rtbdata=bzjiehdFNvb2TLcY8jDLKChb9tAoIdF7gZW0BThz90UyJ0VaVOUaxop-Brszzkeaen14GNlApRKBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;csid=136310;pui=Akhh1D0dxMS5BjcwWyzEsakkr5XJ8d57RITr9karybUqjzLaH86kIEKB1ZIdhepBEAhJV_cORJROcaEVHxzby18MNOAFB-wuaOJDsqAYsG41;adxvars=nD5YIuf_TIblc6QkIrA5Myx6lYBuTKbCHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciij8-Sl8zmJjFKH4lDqgYiPD4d1kzzEIA8Xm8GrW6ASaqiq82QMYQdBr5qQ5eDETz_nFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhv7L_o57ZL5ng2;adxcmd=QTwuOIuaMWyJAahooV75YaLobcS8zXmK0;;js=1;adfxid=4x;3450;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c76841bef31311258c7740a1812f084f6d99705bbcd11031f8ab7b8552481955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 4236
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 760D 8 KB
5 KB 36ms
36ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=60046065;rtbwp=vR5KWVVM5-81;rtbdata=fg2VYS8DBV0HVtvqcok2EkiPdDL9k4o5NEJi6EmeeVDUB4RsvAWwkIp-BrszzkeatqtsaRvAfZ-Bc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;csid=136737;pui=Akhh1D0dxMS5BjcwWyzEsakkr5XJ8d57RITr9karybUqjzLaH86kIEKB1ZIdhepBEAhJV_cORJROcaEVHxzby18MNOAFB-wuaOJDsqAYsG41;adxvars=nD5YIuf_TIatuMovGlnfNruRWU8jbYd-nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciio9e8WWz71rJGHBmtPu7N5FSqcwzdCso9JTxd82iILd1xXAl4m320ye8tFDxYPxcOnFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhsXLWvpLcCdKw2;adxcmd=QTwuOIuaMWyJAahooV75YaLobcS8zXmK0;;js=1;adfxid=5x;287;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

fa2806486af42bad6837239bcdfed870cac6e82311b320091568082c4e0d2fa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 4216
expires: -1

GET
H2 200 keytarget-delfiee.min.js Show response
keytarget.adnet.lt/stable/ Frame 5313 551 KB
181 KB 119ms
31ms Script
application/javascript 193.200.125.237
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.237 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: c492e2b9a7304797348acca606dc8d7dd0d6c72fa2c1e143b14a44d3bac054c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:25:50 GMT
server: nginx
age: 1937
etag: "6375fe1e-89d85"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 184484
expires: Thu, 08 Dec 2022 17:42:04 GMT

GET
H2 200 Spinner200px.gif
banners.adnetmedia.lt/creatives/ Frame 5313 11 KB
12 KB 143ms
65ms Image
image/gif 193.200.125.15
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.adnetmedia.lt/creatives/Spinner200px.gif
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.15 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: f1bb4f4e526c417896deb5521d188bd77fc982b0ed258cfbfa91dccc681548e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 18 Oct 2018 13:16:39 GMT
server: nginx
age: 2820
etag: "5bc887b7-2d9d"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 11677

POST
H2 200 /
track.adform.net/csimpr/ Frame AE60 35 B
470 B 26ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=48614980&csi=tKDocKWpP1rMmHH6ELm8oGw7yHh0eK2hWWFv8tuRMG0CSGHUPR3ExLkGNzBbLMSxqSSvlcnx3ntEhOv2RqvJtSqPMtofzqQgQoHVkh2F6kEQCElX9w5ElCPJMDpStLyYzRdrUs-zmLwau94oJsHc8Q2

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 8E46 8 KB
4 KB 34ms
34ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=60128054;rtbwp=17nOlXG9bA41;rtbdata=zDPfQtTlILnAFm4IWGSiGXSPQeLRTAvsNwjstQE-jkv9Zx1PIK_JqYp-BrszzkeamUdWmEljizyBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;csid=96330;pui=Akhh1D0dxMS5BjcwWyzEsakkr5XJ8d57RITr9karybUqjzLaH86kIEKB1ZIdhepBEAhJV_cORJROcaEVHxzby18MNOAFB-wuaOJDsqAYsG41;adxvars=nD5YIuf_TIYJW1o2o5d_RucdEbKG9K27NJGRRU3BhjMRJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciiu8MzMrKMWY2sGtgjfyFDX9s0er9BiNWU_np379WcwZtgWUNseD0VrGev23ojFs40nFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjh0LadVUDNuk1;adxcmd=QTwuOIuaMWyJAahooV75YaLobcS8zXmK0;;js=1;adfxid=6x;2149;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

2e5a07d925d576139b36bbe27291fd617722ae997a12c0bbc69be191dfc0ac03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 4116
expires: -1

POST
H2 204 collect Show response
j.clarity.ms/ 0
166 B 303ms
94ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:03 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 keytarget-delfiee.min.js Show response
keytarget.adnet.lt/stable/ Frame 7DD9 551 KB
181 KB 143ms
62ms Script
application/javascript 193.200.125.237
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.237 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: c492e2b9a7304797348acca606dc8d7dd0d6c72fa2c1e143b14a44d3bac054c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:25:50 GMT
server: nginx
age: 1937
etag: "6375fe1e-89d85"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 184484
expires: Thu, 08 Dec 2022 17:42:04 GMT

GET
H2 200 Spinner200px.gif
banners.adnetmedia.lt/creatives/ Frame 7DD9 11 KB
12 KB 86ms
31ms Image
image/gif 193.200.125.15
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.adnetmedia.lt/creatives/Spinner200px.gif
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.15 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: f1bb4f4e526c417896deb5521d188bd77fc982b0ed258cfbfa91dccc681548e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 18 Oct 2018 13:16:39 GMT
server: nginx
age: 2820
etag: "5bc887b7-2d9d"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 11677

POST
H2 200 /
track.adform.net/csimpr/ Frame 0F49 35 B
461 B 26ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=48615251&csi=_CREfoZh2ScGVo8VTvhzu5lOMh6-RWG8WWFv8tuRMG0CSGHUPR3ExLkGNzBbLMSxqSSvlcnx3ntEhOv2RqvJtSqPMtofzqQgQoHVkh2F6kEQCElX9w5ElApYFvQlEYpx5sGhql0G4RIau94oJsHc8Q2

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 keytarget-delfiee.min.js Show response
keytarget.adnet.lt/stable/ Frame 432F 551 KB
181 KB 162ms
92ms Script
application/javascript 193.200.125.237
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.237 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: c492e2b9a7304797348acca606dc8d7dd0d6c72fa2c1e143b14a44d3bac054c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 09:25:50 GMT
server: nginx
age: 1937
etag: "6375fe1e-89d85"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 184484
expires: Thu, 08 Dec 2022 17:42:04 GMT

GET
H2 200 Spinner200px.gif
banners.adnetmedia.lt/creatives/ Frame 432F 11 KB
12 KB 120ms
65ms Image
image/gif 193.200.125.15
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.adnetmedia.lt/creatives/Spinner200px.gif
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.15 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: f1bb4f4e526c417896deb5521d188bd77fc982b0ed258cfbfa91dccc681548e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Thu, 18 Oct 2018 13:16:39 GMT
server: nginx
age: 2820
etag: "5bc887b7-2d9d"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 11677

POST
H2 200 /
track.adform.net/csimpr/ Frame DDBF 35 B
470 B 26ms
25ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=48615251&csi=kFVjKjI7YKYhfMcajn-53h8Qdj8uow-nWWFv8tuRMG0CSGHUPR3ExLkGNzBbLMSxqSSvlcnx3ntEhOv2RqvJtSqPMtofzqQgQoHVkh2F6kEQCElX9w5ElIkIpt5tOA0U5sGhql0G4RIau94oJsHc8Q2

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame BAB0 10 KB
6 KB 36ms
36ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=59608988;rtbwp=vR5KWVVM5-81;rtbdata=fg2VYS8DBV1aLwvbXEkxDcjcd8PPeqZ7wXyML_GWQf8TE7tZt6XS_Yp-BrszzkeawPg7Qp89DyWBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;csid=94578;pui=Akhh1D0dxMS5BjcwWyzEsakkr5XJ8d57RITr9karybUqjzLaH86kIEKB1ZIdhepBEAhJV_cORJROcaEVHxzby18MNOAFB-wuaOJDsqAYsG41;adxvars=nD5YIuf_TIaS-mwBdRBNshQTA2h_zpI5nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciipgyXzcmYtzeiXypNwto4Qs_wGtsFlA_gRG14gPy_uADC5xuFnjd_ze8-wWkU7tDPXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjn-xmpvcLKzEwJ_dfLtPn_A2;adxcmd=lDbNZc6D8ECJAahooV75YaLobcS8zXmK0;;js=1;adfxid=7x;592;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5fbbb9528b089a72249f693cad6b7ed373b4a265f57ea55539fd14b4375dc3af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 5352
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 7437 10 KB
6 KB 36ms
35ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=59586400;rtbwp=Q8yR5Xr0r8Y1;rtbdata=0fQ_vxSbAMBashRmZO8bEfb9Ug5ClusafUciiG6vDQeYRUDsCGVo_Ip-BrszzkeaHJdyrb0uc7GBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;csid=87883;pui=Akhh1D0dxMS5BjcwWyzEsakkr5XJ8d57RITr9karybUqjzLaH86kIEKB1ZIdhepBEAhJV_cORJROcaEVHxzby18MNOAFB-wuaOJDsqAYsG41;adxvars=nD5YIuf_TIYVwk06H5Z3uA-UKhUZI6fAHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciim98h4Y44EYAlLs_KZ9CVp3mnapyvrlhJRzwsOPfTpfxG1OopE-qwQxlJ0QIrUe_VXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhvusmYOe6DKaw2;adxcmd=QTwuOIuaMWyJAahooV75YaLobcS8zXmK0;;js=1;adfxid=8x;8860;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7eee12a57a1a8043c6e5dc3876bc05a9f4ae3dbac8c615b3b93109a4f5465bc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 5349
expires: -1

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 3873 2 KB
2 KB 32ms
30ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=52259268;OOBClickTrack=https://track.adform.net/C/?bn=60045604;crtbwp=IFkZ-pZwCAQ1;crtbdata=bzjiehdFNvb2TLcY8jDLKChb9tAoIdF7gZW0BThz90UyJ0VaVOUaxop-Brszzkeaen14GNlApRKBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2;ccsid=136310;adfibeg=0;cdata=eKIWqurIdK5meKxYUOj4Dc9GJtql_2OQdjQXyIGOLAkgOGdMEZ44W3lKDMf4SsASrjzAdqCrhpE7gIbN6kUQJ7kKIpN0KAVsKlHbWAMv2Os7JHvnmDLV8hsS4NIeh5CmAnDtmXWbKg5lJAxAWo_mTQtZkhov9_wVvp9SfDtF1rNKb4Ksw8qqtNFj3lnIvMINrH4VQM6QynDjYTT0hKROUMaxlbLxFqKIQiMCNCfNGMqddncQqPuQsb9MVZ35xiYfS9EbooP82y6FWrvCpUgKc2IwRnBcD5Ge05jLGydgR-9Ta5gKL4rewgsOAinG0nU0bx79xxhx9EcTLYhAnVyDq2OHhU47Lz3YxmFw0fRSruALnh4HV4I1rUJ7U98JBlu5jotBMOJsZf0eYYBEGMtHZC5t8WR1mbKj5p51Y0apJNuspSnrh4y3BzA50GXVzqgYlRO0OczZh4l0xJIjwGLjpzB0ESAUq8iFQY4IXAKZ49srNsSQHNLirdlycs1W_EN2hX556DQTp9nMfFoAKdok3gUhLOiqObCrhED9OvgrkLhl8slaCFrUib3Q4m5vg7bZsYqs1bI8M2nhcmdHYj9oINavwW7G2W0bhPFOJwWTZ-vRFw0w8D9UDedXJ3uJcU3teiQC0gsdjAGsl_Q7i3BuXu8eHEKf_CyRccuVXO83DGu1Is0PI6Gzd96p4QC0sX29wsYy1CFczlRArLiKkGkEElYYr1VoNZWYe23afg7BMWLF-A3vBaF6E3mVP3Sr6a3NLB-FgkWjVE1JyYEy_DWTWj6J9FHl1AyxoX1ZalUEkPdj0wI0tQMz-F0ZYAculngasvTXkAVcv0K6VSaZtHgREnTAIT4W6WreQeEimShqzcc1;;CREFURL=https%3a%2f%2fkroonika.delfi.ee%2fartikkel%2f120110364%2feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud;C=1

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

631ba992573cede3fac2abff6596ec08e5c13b3610b0c24007ccf955b2ff99f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 1844
expires: -1

POST
H2 200 /
track.adform.net/csimpr/ Frame 3873 35 B
470 B 26ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=60045604&csi=sxrYHEwt_KgjVBLsDcjvVVTXGfJsE-85eRz9oTUAnnvEIcui-QmKxfK39rvnRQEmGCFRRSVW2rcn-YGB-hrvz4QLNyxYAY4pbPsttM5VwfFivibzOgVLWC3Qk9lmcY3HKOG80o02dz-8jqTQ3yLCxQ2

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 /
track.adform.net/adfserve/ Frame 760D 35 B
395 B 27ms
27ms Image
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.adform.net/adfserve/?bn=59982132;1x1inv=1;srctype=3;ord=[timestamp]&rnd=938

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

GET
H/1.1 200
OK rep.gif
comcluster.cxense.com/Repo/ Frame ABAB 43 B
468 B 57ms
16ms Image
image/gif 147.75.83.64
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://comcluster.cxense.com/Repo/rep.gif?ver=2.8.9&typ=pgv&rnd=lbdxtod95moy078q&sid=1145189970857384309&loc=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&new=0&arf=0&ltm=1670434923933&ref=&tzo=0&wsz=1600x1200&res=1600x1200&dpr=1&col=24&bln=en-US&chs=UTF-8&cks=lbdxtodasaesws21&ckp=lbdxtobwxu5y2838&glb=&cp_userState=anon&cp_channel=kroonika&cp_platform=Online%20vaade&cp_page_type=Article&cp_user_logged_in=no&cp_has_user_package=no&cp_is_paid_article=true&cp_is_paid_article_and_=false&cst=2ig3bw25l6gxdasgp8hfnh02i
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.83.64 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK id Show response
id.cxense.com/public/user/ 103 B
692 B 48ms
16ms Script
text/javascript 147.75.83.64
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://id.cxense.com/public/user/id?json=%7B%22identities%22%3A%5B%7B%22type%22%3A%22ckp%22%2C%22id%22%3A%22lbdxtobwxu5y2838%22%7D%2C%7B%22type%22%3A%22lst%22%2C%22id%22%3A%222ig3bw25l6gxdasgp8hfnh02i%22%7D%2C%7B%22type%22%3A%22cst%22%2C%22id%22%3A%222ig3bw25l6gxdasgp8hfnh02i%22%7D%5D%2C%22siteId%22%3A%221145189970857384309%22%2C%22location%22%3A%22https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud%22%7D&callback=cXJsonpCB1

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.83.64 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

f8a77a5dec9bcd7feb2c70c991e4eeba05532a2930586fd7b3455226d46e87c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-length: 103
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ThirdParty Show response
af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:types/ Frame AE60 35 KB
15 KB 34ms
33ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:types/ThirdParty
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 12dcd567b94e5ff847b6cb2f1761eae55c371d5df44749bc9db2b1f1a854085b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:39:11 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 172
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 15120
expires: Thu, 08 Dec 2022 20:39:32 GMT

GET
H2 200 Frontpage.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Category/page/ 2 KB
2 KB 51ms
37ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Category/page/Frontpage.css

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

7bfd768532dbe4c3022a14d6bc710e546cfb4488d6b1ba995f6ac14e58118ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:49 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: c905e3e3-6e8c-1f9e-957f-9440c9b7a930
age: 15
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 1945

GET
H2 200 Frontpage.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Category/page/ 15 KB
15 KB 51ms
38ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Category/page/Frontpage.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

b358e54edce44a1bc7be10f28169b25970f83a6975aab03e7fd8843c35c46e90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:45 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 1db529ac-0830-1f3b-ba66-b8830381bef0
age: 18
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 14888

GET
H2 200 Frontpage.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ 2 KB
2 KB 86ms
72ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Frontpage.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

616735bb340d135faa5069eb3cc74f3da1816574c985b95422cd6443dc385544

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:49 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 4fa05510-6b76-1fce-8e46-b88303829368
age: 14
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 1805

GET
H2 200 Category.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ 1 KB
2 KB 46ms
37ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Category.css

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

17b6bc87b8862b471de648ccc64b84140e8594f924477540387ac3fceb0e4c20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 4e210e14-3082-1fec-a8df-9440c97bf980
age: 59
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 1520

GET
H2 200 Category.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ 15 KB
15 KB 80ms
71ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/Category.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

ebc6160fd0ab89a9e05ed3fd44dd0c68f67948de72c8464142fd7fa8a2f83ebc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:54 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: af062058-f229-1fff-9eee-040973e279e8
age: 9
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 15038

GET
H2 200 ArticleComments.css
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ 2 KB
2 KB 78ms
69ms Stylesheet
text/css 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ArticleComments.css

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

50b3f42e43e983485154e27f225912c6f14b7058702cef879e7b5b37a59e9b8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:54 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: 4fa057e4-6b76-1fce-8e46-b88303829368
age: 9
content-type: text/css
cache-control: max-age=30
accept-ranges: bytes
content-length: 2094

GET
H2 200 ArticleComments.js Show response
ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ 15 KB
15 KB 79ms
72ms Script
application/javascript 185.20.100.195
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL

https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/page/ArticleComments.js

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.20.100.195 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),

Reverse DNS

proxy4.delfi.ee

Software

DWS /

Resource Hash

56e180ac5250ad14d2f7aa82adf6f4f5308416820f6777dc6f5b09b975a38a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:52 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 07 Dec 2022 08:45:17 GMT
server: DWS
x-amz-request-id: eeadecc3-41cd-1fb8-bce1-b8830381eeb0
age: 11
content-type: application/javascript
cache-control: max-age=30
accept-ranges: bytes
content-length: 15572

GET
H2 200 ThirdParty Show response
af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:types/ Frame 0F49 35 KB
15 KB 34ms
34ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:types/ThirdParty
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 12dcd567b94e5ff847b6cb2f1761eae55c371d5df44749bc9db2b1f1a854085b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:39:11 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 172
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 15120
expires: Thu, 08 Dec 2022 20:39:32 GMT

GET
H2 200 /
track.adform.net/adfserve/ Frame 7437 35 B
395 B 27ms
26ms Image
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.adform.net/adfserve/?bn=59583076;1x1inv=1;srctype=3;ord=[timestamp]&rnd=6797

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 3873 9 KB
4 KB 29ms
28ms Script
text/javascript 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=52259268;oobclicktrack=https%3a%2f%2ftrack.adform.net%2fC%2f%3fbn%3d60045604%3bcrtbwp%3dIFkZ-pZwCAQ1%3bcrtbdata%3dbzjiehdFNvb2TLcY8jDLKChb9tAoIdF7gZW0BThz90UyJ0VaVOUaxop-Brszzkeaen14GNlApRKBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2%3bccsid%3d136310%3badfibeg%3d0%3bcdata%3deKIWqurIdK5meKxYUOj4Dc9GJtql_2OQdjQXyIGOLAkgOGdMEZ44W3lKDMf4SsASrjzAdqCrhpE7gIbN6kUQJ7kKIpN0KAVsKlHbWAMv2Os7JHvnmDLV8hsS4NIeh5CmAnDtmXWbKg5lJAxAWo_mTQtZkhov9_wVvp9SfDtF1rNKb4Ksw8qqtNFj3lnIvMINrH4VQM6QynDjYTT0hKROUMaxlbLxFqKIQiMCNCfNGMqddncQqPuQsb9MVZ35xiYfS9EbooP82y6FWrvCpUgKc2IwRnBcD5Ge05jLGydgR-9Ta5gKL4rewgsOAinG0nU0bx79xxhx9EcTLYhAnVyDq2OHhU47Lz3YxmFw0fRSruALnh4HV4I1rUJ7U98JBlu5jotBMOJsZf0eYYBEGMtHZC5t8WR1mbKj5p51Y0apJNuspSnrh4y3BzA50GXVzqgYlRO0OczZh4l0xJIjwGLjpzB0ESAUq8iFQY4IXAKZ49srNsSQHNLirdlycs1W_EN2hX556DQTp9nMfFoAKdok3gUhLOiqObCrhED9OvgrkLhl8slaCFrUib3Q4m5vg7bZsYqs1bI8M2nhcmdHYj9oINavwW7G2W0bhPFOJwWTZ-vRFw0w8D9UDedXJ3uJcU3teiQC0gsdjAGsl_Q7i3BuXu8eHEKf_CyRccuVXO83DGu1Is0PI6Gzd96p4QC0sX29wsYy1CFczlRArLiKkGkEElYYr1VoNZWYe23afg7BMWLF-A3vBaF6E3mVP3Sr6a3NLB-FgkWjVE1JyYEy_DWTWj6J9FHl1AyxoX1ZalUEkPdj0wI0tQMz-F0ZYAculngasvTXkAVcv0K6VSaZtHgREnTAIT4W6WreQeEimShqzcc1%3b%3bCREFURL%3dhttps%253a%252f%252fkroonika.delfi.ee%252fartikkel%252f120110364%252feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud%3bC%3d1;js=1;adfxid=9x;8238;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|0;cmpgdpr=;cmpgdprconsent=;fd=0|2&CREFURL=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

0ccf0538f52b60bcff6950afc612c3aa164efaaa929d554b7a9b191872875d89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 3981
expires: -1

GET
H2 200 ThirdParty Show response
af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:types/ Frame DDBF 35 KB
15 KB 32ms
30ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:types/ThirdParty
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 12dcd567b94e5ff847b6cb2f1761eae55c371d5df44749bc9db2b1f1a854085b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:39:11 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 172
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 15120
expires: Thu, 08 Dec 2022 20:39:32 GMT

GET
H2 200 ThirdParty Show response
af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:3rdparty/vendor/Adform:types/ Frame 3873 35 KB
15 KB 32ms
32ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:3rdparty/vendor/Adform:types/ThirdParty
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 497bc81fe6f908465004735b2f812cb1b4d6f50d39ddb5d7efadc859d2ee9c28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:38:14 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 229
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 15360
expires: Thu, 08 Dec 2022 20:34:03 GMT

GET
H2 200 Standard Show response
af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/ Frame 760D 86 KB
37 KB 37ms
31ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 734aaa0d44ca42191ab9c5a40691cbbb5bacfbf7a0531b609846bc0a3bd436f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:38:14 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 230
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 37268
expires: Thu, 08 Dec 2022 20:34:16 GMT

GET
H2 200 Standard Show response
af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/ Frame 8E46 91 KB
39 KB 35ms
32ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 9e66ef31e40868d5251f0832216c3a89a3a648e86115f10c208eed979ce28816

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:35:09 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 149
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 39909
expires: Thu, 08 Dec 2022 20:35:52 GMT

GET
H2 200 Floating Show response
af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:types/ Frame BAB0 110 KB
47 KB 31ms
31ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:types/Floating
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 3910d836521c087be3c3581884fe5744b9c447a9c02cd75ede647ab12161d589

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:41:32 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 31
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 48083
expires: Thu, 08 Dec 2022 20:33:35 GMT

GET
H2 200 Standard Show response
af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/ Frame 7437 91 KB
39 KB 32ms
32ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 9e66ef31e40868d5251f0832216c3a89a3a648e86115f10c208eed979ce28816

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:35:09 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 149
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 39909
expires: Thu, 08 Dec 2022 20:35:52 GMT

GET
H2 200 runtime.7025e20.js Show response
s2.getsitecontrol.com/widgets/es6/ 147 KB
51 KB 48ms
8ms Script
text/javascript 2400:52e0:1e00::1049:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.getsitecontrol.com/widgets/es6/runtime.7025e20.js
Requested by: Host: l.getsitecontrol.com
URL: https://l.getsitecontrol.com/zwxr83yw.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1049:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1049 /
Resource Hash: 8b0fb17b69c707614669f65102063f3535305f605e39f62a83da8ccea3acd072

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: br
cdn-edgestorageid: 860
x-amz-request-id: CXRJ00N16ZDVMXQK
cdn-cachedat: 11/28/2022 22:44:29
cdn-pullzone: 83560
x-amz-id-2: Z5yvVsRgxfi9G8NR/2F1OcbXxKWF2sZWZzo5376lxE7rbkJbgvEEU4bL5QcAy3xuYykQwqObQwg=
last-modified: Wed, 16 Nov 2022 15:14:09 GMT
server: BunnyCDN-DE1-1049
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"ebf697294905b3ed443e93bcba391de5"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: e3a1246b-2fdd-4153-9207-6ca707c9379d
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=22809600
cdn-requestid: 2bbcde91d5048bc4ffa74a4bbc06e713
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 8952 0
18 B 20ms
9ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://kroonika.delfi.ee
Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://kroonika.delfi.ee
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:04 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK imp Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 56ms
15ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/imp?adId=457870&bnId=47281754&pId=451075&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434924486&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&impRndId=ov5wbvri2vwbp8hn&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK imp Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 52ms
15ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/imp?adId=457889&bnId=47281720&pId=435609&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434924491&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&impRndId=wtpjektq5b4e0ttg&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK imp Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 50ms
14ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/imp?adId=457889&bnId=47281720&pId=435609&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434924495&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&impRndId=6hz34lwg6dq1dgup&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

POST
H2 200 /
track.adform.net/csimpr/ Frame 760D 35 B
470 B 26ms
25ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=60046065&csi=sxrYHEwt_KgtarxUoreykZke71KB7Ah2uzTmaJMVWe4CSGHUPR3ExLkGNzBbLMSxqSSvlcnx3ntEhOv2RqvJtSqPMtofzqQgQoHVkh2F6kEQCElX9w5ElLYSAhMhBQ8h5sGhql0G4RIau94oJsHc8Q2

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 56603052.jpg
af1.nh.ee/Banners/56603052/ Frame 760D 74 KB
75 KB 32ms
31ms Image
image/jpeg 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://af1.nh.ee/Banners/56603052/56603052.jpg?bv=2
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: af5d92a651ff61aa013f25f3233ecf41a48c1874d06a4a746c1e439ec15f3dff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:05:40 GMT
last-modified: Mon, 05 Dec 2022 08:55:39 GMT
server: DWS
x-amz-request-id: tx000005bb2aade6f16a478-006390c7e4-3293aae9-default
age: 2183
x-cache-status: MISS
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 75943

POST
H2 200 /
track.adform.net/csimpr/ Frame 8E46 35 B
470 B 26ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=60128054&csi=Cwv1N9Nw5S5HcRbTPV_LfA2d9yM2sChsV5GRrKaDTb0CSGHUPR3ExLkGNzBbLMSxqSSvlcnx3ntEhOv2RqvJtSqPMtofzqQgQoHVkh2F6kEQCElX9w5ElJzj4KeDeVHB5sGhql0G4RIau94oJsHc8Q2

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 12122730.js Show response
af1.nh.ee/Banners/Elements/Files/146996/12122730/ Frame 71ED 2 KB
1 KB 35ms
35ms Script
application/x-javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/Banners/Elements/Files/146996/12122730/12122730.js?ADFassetID=12122730&bv=257
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: daed3ed668202e766593e7ae1fd864a85ab1182b69569e33b15359853ef4e69e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:33:12 GMT
content-encoding: gzip
x-amz-request-id: tx0000053a198965dcc7b62-0063909616-3293868f-default
age: 14931
x-cache-status: HIT
content-length: 931
last-modified: Tue, 06 Dec 2022 14:09:44 GMT
server: DWS
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow

POST
H2 200 /
track.adform.net/csimpr/ Frame BAB0 35 B
470 B 26ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=59608988&csi=9GIIieOBXvrKDwabtEPcxE13TeLxPRw839MGhnNliLMCSGHUPR3ExLkGNzBbLMSxqSSvlcnx3ntEhOv2RqvJtSqPMtofzqQgQoHVkh2F6kEQCElX9w5ElCU7UqSeXZy75sGhql0G4RIau94oJsHc8Q2

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/csimpr/ Frame 7437 35 B
470 B 26ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=59586400&csi=Qnn1FLBUsC7O83sxSamdnyGR8qrs7KeyN_1hGSs_aZYCSGHUPR3ExLkGNzBbLMSxqSSvlcnx3ntEhOv2RqvJtSqPMtofzqQgQoHVkh2F6kEQCElX9w5ElB0tC8ChHCLq5sGhql0G4RIau94oJsHc8Q2

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 close2016.png
g1.nh.ee/b/ 2 KB
2 KB 31ms
31ms Image
image/png 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g1.nh.ee/b/close2016.png
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 43d770b69af69d2605e20517ba52e4bf913159fb0f3c20167513b0d9feb5cf6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:50:09 GMT
last-modified: Mon, 05 Sep 2016 13:54:18 GMT
server: DWS
age: 3115
content-type: image/png
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 1684
expires: Fri, 23 Dec 2022 09:29:45 GMT

GET
H2 200 12029198.js Show response
af1.nh.ee/Banners/Elements/Files/264064/12029198/main/ Frame 4AF3 3 KB
1 KB 32ms
32ms Script
application/x-javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/Banners/Elements/Files/264064/12029198/main/12029198.js?ADFassetID=12029198&bv=770
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 0846bbba2be93e676a32eeca7d7e199b0fc5575dbe53a5c91c6a8ed646fd453c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 06:50:44 GMT
content-encoding: gzip
x-amz-request-id: tx0000061fc908f90fce4bb-00639037c3-3293868f-default
age: 39080
x-cache-status: HIT
content-length: 1131
last-modified: Thu, 17 Nov 2022 11:42:43 GMT
server: DWS
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow

GET
H2 200 Standard Show response
af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCwv.8QFckAcAw/r:AdConstructor:contents/ImageTag:types/ Frame 3873 54 KB
23 KB 33ms
33ms Script
text/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCwv.8QFckAcAw/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: d13c75713381c668ec955f74116b433d677f22b38b7d7d948a34d533b485b11a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:39:03 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: DWS
age: 180
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 23558
expires: Thu, 08 Dec 2022 20:42:22 GMT

GET
H2 200 Adform.DHTML.js Show response
af1.nh.ee/banners/scripts/rmb/ Frame 71ED 30 KB
14 KB 33ms
32ms Script
application/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:38 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
server: DWS
x-amz-request-id: tx00000cfa17604a413d043-0063766211-329373d4-default
age: 29486
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 13537

GET
H2 200 D23_paywall_ribbon_670x100px.jpg
af1.nh.ee/Banners/Elements/Files/146996/12122730/bvpath_257/assets/ Frame 71ED 54 KB
55 KB 33ms
33ms Image
image/jpeg 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://af1.nh.ee/Banners/Elements/Files/146996/12122730/bvpath_257/assets/D23_paywall_ribbon_670x100px.jpg
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 9f946e1b3343b9faad43eaa52d71c45d4c72dcdeb64dab680ef894696099005f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:33:16 GMT
last-modified: Tue, 06 Dec 2022 14:09:44 GMT
server: DWS
x-amz-request-id: tx0000098afb70a0d776f0c-006390ce59-329354d9-default
age: 528
x-cache-status: HIT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 55556

GET
H2 200 events Show response
events.getsitectrl.com/api/v1/ 609 B
857 B 481ms
257ms Fetch
text/plain 52.205.79.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://events.getsitectrl.com/api/v1/events
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.79.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-79-164.compute-1.amazonaws.com
Software: Getsitecontrol /
Resource Hash: 115ecff66df8db77ce1140b16422dcf334245b2c5e411f411e46154a8536e5a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:05 GMT
server: Getsitecontrol
access-control-allow-methods: GET,POST
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: private, no-cache
access-control-allow-credentials: false
access-control-allow-headers: Content-Type,X-Requested-With
content-length: 609

GET
H/1.1 200
OK imp Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 17ms
17ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/imp?adId=721904&bnId=56603052&pId=435611&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434924641&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&impRndId=biix5dkwepjnedl7&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK imp Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 17ms
16ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/imp?adId=717985&bnId=56620520&pId=545131&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434924649&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&impRndId=vxo2f8pttxdl3rea&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H2

200

apstag.js Show response
d3div1mtym39ic.cloudfront.net/aax2/ Frame 5313
Redirect Chain

https://c.amazon-adsystem.com/aax2/apstag.js
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js

178 KB
45 KB

38ms
8ms

Script
application/javascript

2600:9000:2240:1c00:11:1ed0:3900:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 2600:9000:2240:1c00:11:1ed0:3900:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd8b521307332fcb0a59ff2cbfe324322d6f4108b24363b6c8d26a0ec8be50da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:15:28 GMT
content-encoding: gzip
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
last-modified: Wed, 09 Nov 2022 20:51:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 1597
x-amz-server-side-encryption: AES256
etag: W/"e675a6dfe90787fca79a6c96fd29c2d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: gJvYibT6Ss-5RgmXZ5kaPrR9Wk9UNRCbV06C9k5dPycTjemI9IQ2zw==

Redirect headers

date: Wed, 07 Dec 2022 00:42:33 GMT
via: 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront), 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P7, FRA56-P3
age: 61171
x-cache: Hit from cloudfront
content-type: text/html
location: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
content-length: 167
x-amz-cf-id: Z6we0N7sEM0RbvyQi7airOpXSji7mNK_RVO6XP5c8dC1WCxoZ-cZjQ==

GET
H2 200 adsm.macro.delfi.ee.js Show response
macro.adnami.io/macro/hosts/ Frame 5313 28 KB
6 KB 71ms
27ms Script
application/javascript 2606:4700:4400::6812:271f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://macro.adnami.io/macro/hosts/adsm.macro.delfi.ee.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:271f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c85fc7754f20007829760c6881ca59ff087a718b79eb2d313ebae8c7157b2f2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 2FUtOTMiuwPJSrd6O1ZgVA==
age: 835
x-ms-lease-status: unlocked
last-modified: Tue, 01 Nov 2022 14:27:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 4546c803-d01e-0071-68fe-ed121c000000
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 775f0e479a0c92ad-FRA
expires: Wed, 07 Dec 2022 21:42:04 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 5313 80 KB
27 KB 139ms
54ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ce95794a54014cee22df5b47dfec91372a275d24d04554bb69872427b62d68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27561
x-xss-protection: 0
server: sffe
etag: "1414 / 965 of 1000 / last-modified: 1670414835"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 07 Dec 2022 17:42:04 GMT

GET
H/1.1 200
OK track_banners_init.js Show response
cdn.cxense.com/ Frame 5313 22 KB
6 KB 33ms
33ms Script
application/x-javascript 2a02:26f0:6c00:2bf::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/track_banners_init.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bf::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 528aa7f04513aa2d4ebac4dd0ef1e6d516673e863d62978ce1d4ac3403c57e0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Oct 2022 13:50:11 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6082
Expires: Wed, 07 Dec 2022 18:42:04 GMT

GET
H2 200 otToken.js Show response
storage.googleapis.com/fledge-tests/ Frame 5313 413 B
1000 B 133ms
39ms Script
application/x-javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/fledge-tests/otToken.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9a0be1678fb27836fba9453a29914702070cc954f5f04e6983b7dce6cd78d7aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:44:32 GMT
age: 3452
x-guploader-uploadid: ADPycdttfoCHOq4RsDibWe7cNvW7uBvNSt2BGlnLeGjtMEEYovygBK1dsThwyd5O8H218lueMQe_7i4QHeu0qhYGoyPc
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 413
last-modified: Tue, 08 Nov 2022 10:42:35 GMT
server: UploadServer
etag: "483749ebdd3ce30b016713e5624a0bf8"
x-goog-generation: 1667904155021583
x-goog-hash: crc32c=4ZqF4w==, md5=SDdJ69084wsBZxPlYkoL+A==
content-type: application/x-javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 413
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:44:32 GMT

GET
H2 200 Adform.DHTML.js Show response
af1.nh.ee/banners/scripts/rmb/ Frame 4AF3 30 KB
14 KB 32ms
32ms Script
application/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:38 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
server: DWS
x-amz-request-id: tx00000cfa17604a413d043-0063766211-329373d4-default
age: 29486
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 13537

GET
H/1.1 200
OK imp Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 16ms
15ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/imp?adId=716538&bnId=56372738&pId=651009&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434924714&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&impRndId=xjj2ut1isbjwvb9j&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H2

200

apstag.js Show response
d3div1mtym39ic.cloudfront.net/aax2/ Frame 7DD9
Redirect Chain

https://c.amazon-adsystem.com/aax2/apstag.js
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js

178 KB
45 KB

20ms
16ms

Script
application/javascript

2600:9000:2240:1c00:11:1ed0:3900:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 2600:9000:2240:1c00:11:1ed0:3900:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd8b521307332fcb0a59ff2cbfe324322d6f4108b24363b6c8d26a0ec8be50da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:15:28 GMT
content-encoding: gzip
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
last-modified: Wed, 09 Nov 2022 20:51:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 1597
x-amz-server-side-encryption: AES256
etag: W/"e675a6dfe90787fca79a6c96fd29c2d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: KVVzk9dQIHVQSE1oeZDSKPHEfEKH-bQBW83S_Neh7_LA13T6ba1ISg==

Redirect headers

date: Wed, 07 Dec 2022 00:42:33 GMT
via: 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront), 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P7, FRA56-P3
age: 61171
x-cache: Hit from cloudfront
content-type: text/html
location: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
content-length: 167
x-amz-cf-id: FWMhVUEr9HyhruwMopC9qA8Sq8GMfdND3xlpvP39kIbwLwjZty_7WA==

GET
H2 200 adsm.macro.delfi.ee.js Show response
macro.adnami.io/macro/hosts/ Frame 7DD9 28 KB
6 KB 36ms
35ms Script
application/javascript 2606:4700:4400::6812:271f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://macro.adnami.io/macro/hosts/adsm.macro.delfi.ee.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:271f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c85fc7754f20007829760c6881ca59ff087a718b79eb2d313ebae8c7157b2f2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 2FUtOTMiuwPJSrd6O1ZgVA==
age: 835
x-ms-lease-status: unlocked
last-modified: Tue, 01 Nov 2022 14:27:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 4546c803-d01e-0071-68fe-ed121c000000
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 775f0e479a2892ad-FRA
expires: Wed, 07 Dec 2022 21:42:04 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 7DD9 80 KB
27 KB 147ms
115ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3eac4d0f6d99ee509b341a9c3954b6c179d52bf0851fed3c55d6931f8cf1598

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27555
x-xss-protection: 0
server: sffe
etag: "1414 / 4 of 1000 / last-modified: 1670414835"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 07 Dec 2022 17:42:04 GMT

GET
H/1.1 200
OK track_banners_init.js Show response
cdn.cxense.com/ Frame 7DD9 22 KB
6 KB 34ms
33ms Script
application/x-javascript 2a02:26f0:6c00:2bf::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/track_banners_init.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bf::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 528aa7f04513aa2d4ebac4dd0ef1e6d516673e863d62978ce1d4ac3403c57e0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Oct 2022 13:50:11 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6082
Expires: Wed, 07 Dec 2022 18:42:04 GMT

GET
H2 200 otToken.js Show response
storage.googleapis.com/fledge-tests/ Frame 7DD9 413 B
475 B 80ms
39ms Script
application/x-javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/fledge-tests/otToken.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9a0be1678fb27836fba9453a29914702070cc954f5f04e6983b7dce6cd78d7aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:44:32 GMT
age: 3452
x-guploader-uploadid: ADPycdttfoCHOq4RsDibWe7cNvW7uBvNSt2BGlnLeGjtMEEYovygBK1dsThwyd5O8H218lueMQe_7i4QHeu0qhYGoyPc
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 413
last-modified: Tue, 08 Nov 2022 10:42:35 GMT
server: UploadServer
etag: "483749ebdd3ce30b016713e5624a0bf8"
x-goog-generation: 1667904155021583
x-goog-hash: crc32c=4ZqF4w==, md5=SDdJ69084wsBZxPlYkoL+A==
content-type: application/x-javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 413
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:44:32 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 3873 35 B
470 B 26ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=52259268&csi=uH4jvj9GodOrBxK5lCtKmE2F0wNmpdGKaQIN5P7nS38JDwKV3Zer3F0ZYAculngajzDjzHW_CQMOVWppQQ0nc96vWmW1dlSa0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 56604967.jpg
s1.adform.net/Banners/56604967/ 166 KB
166 KB 27ms
27ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/56604967/56604967.jpg?bv=2
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f15b4b0fa23d6baa61aca3295d3c0af639ad37035b7fae67606edc012bf163c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
last-modified: Tue, 06 Dec 2022 08:28:27 GMT
server: nginx
x-amz-request-id: tx00000d69c69b71352a085-00639043d9-32941e2b-default
etag: "7df600b6a7d6a860f2c58c5e1380b034"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 169726

GET
H2

200

apstag.js Show response
d3div1mtym39ic.cloudfront.net/aax2/ Frame 432F
Redirect Chain

https://c.amazon-adsystem.com/aax2/apstag.js
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js

178 KB
45 KB

17ms
17ms

Script
application/javascript

2600:9000:2240:1c00:11:1ed0:3900:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Server: 2600:9000:2240:1c00:11:1ed0:3900:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd8b521307332fcb0a59ff2cbfe324322d6f4108b24363b6c8d26a0ec8be50da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:15:28 GMT
content-encoding: gzip
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
last-modified: Wed, 09 Nov 2022 20:51:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 1597
x-amz-server-side-encryption: AES256
etag: W/"e675a6dfe90787fca79a6c96fd29c2d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: vCOVZwW48657FlGrMFHdMqVnoFLd2a8QKyORDr8CqSpS5xpJVQko8w==

Redirect headers

date: Wed, 07 Dec 2022 00:42:33 GMT
via: 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront), 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P7, FRA56-P3
age: 61171
x-cache: Hit from cloudfront
content-type: text/html
location: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
content-length: 167
x-amz-cf-id: RjLnpiqs3Nmtd5UazFTDEA8GsjMhc9wTKswb6oZzeiPxlBTm7TtxZg==

GET
H2 200 adsm.macro.delfi.ee.js Show response
macro.adnami.io/macro/hosts/ Frame 432F 28 KB
6 KB 27ms
25ms Script
application/javascript 2606:4700:4400::6812:271f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://macro.adnami.io/macro/hosts/adsm.macro.delfi.ee.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:271f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c85fc7754f20007829760c6881ca59ff087a718b79eb2d313ebae8c7157b2f2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 2FUtOTMiuwPJSrd6O1ZgVA==
age: 835
x-ms-lease-status: unlocked
last-modified: Tue, 01 Nov 2022 14:27:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 4546c803-d01e-0071-68fe-ed121c000000
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 775f0e47ca8b92ad-FRA
expires: Wed, 07 Dec 2022 21:42:04 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 432F 80 KB
27 KB 93ms
92ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ce95794a54014cee22df5b47dfec91372a275d24d04554bb69872427b62d68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27561
x-xss-protection: 0
server: sffe
etag: "1414 / 762 of 1000 / last-modified: 1670414835"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 07 Dec 2022 17:42:04 GMT

GET
H/1.1 200
OK track_banners_init.js Show response
cdn.cxense.com/ Frame 432F 22 KB
6 KB 36ms
33ms Script
application/x-javascript 2a02:26f0:6c00:2bf::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/track_banners_init.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bf::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 528aa7f04513aa2d4ebac4dd0ef1e6d516673e863d62978ce1d4ac3403c57e0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Oct 2022 13:50:11 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6082
Expires: Wed, 07 Dec 2022 18:42:04 GMT

GET
H2 200 otToken.js Show response
storage.googleapis.com/fledge-tests/ Frame 432F 413 B
475 B 47ms
39ms Script
application/x-javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/fledge-tests/otToken.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9a0be1678fb27836fba9453a29914702070cc954f5f04e6983b7dce6cd78d7aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:44:32 GMT
age: 3452
x-guploader-uploadid: ADPycdttfoCHOq4RsDibWe7cNvW7uBvNSt2BGlnLeGjtMEEYovygBK1dsThwyd5O8H218lueMQe_7i4QHeu0qhYGoyPc
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 413
last-modified: Tue, 08 Nov 2022 10:42:35 GMT
server: UploadServer
etag: "483749ebdd3ce30b016713e5624a0bf8"
x-goog-generation: 1667904155021583
x-goog-hash: crc32c=4ZqF4w==, md5=SDdJ69084wsBZxPlYkoL+A==
content-type: application/x-javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 413
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:44:32 GMT

GET
H2 200 12029200.jpg
af1.nh.ee/Banners/Elements/Files/264064/ Frame 4AF3 109 KB
109 KB 32ms
31ms Image
image/jpeg 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://af1.nh.ee/Banners/Elements/Files/264064/12029200.jpg
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: d47ddc632997f08acf02e8adc338712025bf65f440143edf9911aeb5933d8670

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:22:11 GMT
last-modified: Thu, 17 Nov 2022 11:42:43 GMT
server: DWS
x-amz-request-id: tx00000bdb94f6d2b38cdf3-006390cbbb-32940f80-default
age: 1193
x-cache-status: HIT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 111516

GET
H2 200 adsm.macro.rmb.js Show response
macro.adnami.io/macro/gen/ Frame 5313 86 KB
23 KB 29ms
29ms Script
application/javascript 2606:4700:4400::6812:271f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://macro.adnami.io/macro/gen/adsm.macro.rmb.js
Requested by: Host: macro.adnami.io
URL: https://macro.adnami.io/macro/hosts/adsm.macro.delfi.ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:271f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ea1ec0aefaa90f6a24d14704bfec78915269414c3b56eaa9783cbb02a0f08e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mbteeMxaIprxmsIdmBj8Kg==
age: 3803
x-ms-lease-status: unlocked
last-modified: Mon, 05 Dec 2022 12:38:10 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: dc31d8f2-c01e-002a-49a6-081560000000
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 775f0e47eab092ad-FRA
expires: Wed, 07 Dec 2022 21:42:04 GMT

POST
H2 200 /
track.adform.net/Serving/Event/ Frame BAB0 35 B
470 B 27ms
27ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/Event/?bn=59608988&event=24&time=0&baid=56392328&asid=12034605&name=Floating%20Banner%20Shown&imprid=7578805727504212994&icid=5084446025291268402&eData=9GIIieOBXvovonAXnMwRzW9Q8Y8j1W0ZNv9eZnf1nu1dKw_57esI4r80wNI6bl8i20ex1NiNs48kuWXXnSlQMtOgRlBu9ztPqUPVN5fAX1oStiCs-YKyllex3QJB_TIpaOJDsqAYsG41&adxvars=nD5YIuf_TIaS-mwBdRBNshQTA2h_zpI5nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciipgyXzcmYtzeiXypNwto4Qs_wGtsFlA_gRG14gPy_uADC5xuFnjd_ze8-wWkU7tDPXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjn-xmpvcLKzEwJ_dfLtPn_A2&rtbdata=fg2VYS8DBV1aLwvbXEkxDcjcd8PPeqZ7wXyML_GWQf8TE7tZt6XS_Yp-BrszzkeawPg7Qp89DyWBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2&rtbwp=vR5KWVVM5-81&rnd=790753111

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 adsm.macro.rmb.js Show response
macro.adnami.io/macro/gen/ Frame 7DD9 86 KB
23 KB 27ms
27ms Script
application/javascript 2606:4700:4400::6812:271f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://macro.adnami.io/macro/gen/adsm.macro.rmb.js
Requested by: Host: macro.adnami.io
URL: https://macro.adnami.io/macro/hosts/adsm.macro.delfi.ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:271f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ea1ec0aefaa90f6a24d14704bfec78915269414c3b56eaa9783cbb02a0f08e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mbteeMxaIprxmsIdmBj8Kg==
age: 3803
x-ms-lease-status: unlocked
last-modified: Mon, 05 Dec 2022 12:38:10 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: dc31d8f2-c01e-002a-49a6-081560000000
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 775f0e47fac092ad-FRA
expires: Wed, 07 Dec 2022 21:42:04 GMT

GET
H2 200 12034605.js Show response
af1.nh.ee/Banners/Elements/Files/2029728/12034605/main/ Frame 5995 978 B
929 B 33ms
32ms Script
application/x-javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/Banners/Elements/Files/2029728/12034605/main/12034605.js?ADFassetID=12034605&bv=516
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 89af0bb6af72eb533322e596deb7238dcbafbbcbb566953222d339cec663ac7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 08:37:41 GMT
content-encoding: gzip
x-amz-request-id: tx0000050e0f177fc978e3e-00639050d5-32941e2b-default
age: 32663
x-cache-status: MISS
content-length: 539
last-modified: Fri, 18 Nov 2022 08:40:33 GMT
server: DWS
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow

GET
H2 200 adsm.macro.rmb.js Show response
macro.adnami.io/macro/gen/ Frame 432F 86 KB
23 KB 52ms
51ms Script
application/javascript 2606:4700:4400::6812:271f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://macro.adnami.io/macro/gen/adsm.macro.rmb.js
Requested by: Host: macro.adnami.io
URL: https://macro.adnami.io/macro/hosts/adsm.macro.delfi.ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:271f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ea1ec0aefaa90f6a24d14704bfec78915269414c3b56eaa9783cbb02a0f08e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mbteeMxaIprxmsIdmBj8Kg==
age: 3803
x-ms-lease-status: unlocked
last-modified: Mon, 05 Dec 2022 12:38:10 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: dc31d8f2-c01e-002a-49a6-081560000000
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 775f0e480ad892ad-FRA
expires: Wed, 07 Dec 2022 21:42:04 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 5313 6 KB
3 KB 24ms
8ms XHR
application/javascript 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 02:43:12 GMT
x-amz-version-id: KO0V33_zzBQMkGMaMpLupHqINiAUum0D
content-encoding: gzip
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 53933
x-cache: Hit from cloudfront
last-modified: Wed, 07 Dec 2022 02:43:04 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: BKFjNo993E7tDsXUv4x82slv3XI28Ikz3kG_4LCM5oK00f50Gu-PEg==

GET
H/1.1 200
OK imp Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 27ms
27ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/imp?adId=721890&bnId=56602588&pId=451075&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434924818&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&impRndId=voimx0e9lv650vyq&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 7DD9 6 KB
3 KB 15ms
8ms XHR
application/javascript 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 02:43:12 GMT
x-amz-version-id: KO0V33_zzBQMkGMaMpLupHqINiAUum0D
content-encoding: gzip
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 53933
x-cache: Hit from cloudfront
last-modified: Wed, 07 Dec 2022 02:43:04 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: TXIoYBn_fSvY7u0ovAiPeQEo12YYmRgLRwODMYgRC8lRnk8bI8Cn_A==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 432F 6 KB
3 KB 11ms
9ms XHR
application/javascript 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 02:43:12 GMT
x-amz-version-id: KO0V33_zzBQMkGMaMpLupHqINiAUum0D
content-encoding: gzip
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 53933
x-cache: Hit from cloudfront
last-modified: Wed, 07 Dec 2022 02:43:04 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: hF5bYGUQUC3JdvfqsBeS6sipxCCvY_JWw73nqnxlHe5Fozo8IxNWCg==

GET
H2 200 Adform.DHTML.js Show response
af1.nh.ee/banners/scripts/rmb/ Frame 5995 30 KB
14 KB 32ms
30ms Script
application/javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:types/Floating
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:30:38 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
server: DWS
x-amz-request-id: tx00000cfa17604a413d043-0063766211-329373d4-default
age: 29486
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 13537

GET
H2 200 style.css
af1.nh.ee/Banners/Elements/Files/2029728/12034605/main/bvpath_516/css/ Frame 5995 2 KB
922 B 34ms
32ms Stylesheet
text/css 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/Banners/Elements/Files/2029728/12034605/main/bvpath_516/css/style.css
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:types/Floating
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: cb7d4b6defac029139f3ead2887c67528d65814ec12d46d6933590be69b39999

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 08:37:49 GMT
content-encoding: gzip
x-amz-request-id: tx0000080a2748a509a9d60-00639050dd-32941e2b-default
age: 32655
x-cache-status: MISS
content-length: 548
last-modified: Fri, 18 Nov 2022 08:40:33 GMT
server: DWS
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow

GET
H2 200 main.js Show response
af1.nh.ee/Banners/Elements/Files/2029728/12034605/main/bvpath_516/js/ Frame 5995 4 KB
2 KB 34ms
32ms Script
application/x-javascript 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to

Full URL: https://af1.nh.ee/Banners/Elements/Files/2029728/12034605/main/bvpath_516/js/main.js
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/load/v/0.0.225/e/.gSBgiLQ/i/vCAv.IAAAAAUAA/r:AdConstructor:types/Floating
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 658c24a761f1cd67cd477a948235f1cf41ae27701c644672a362e807a5f52e90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 08:33:23 GMT
content-encoding: gzip
x-amz-request-id: tx000001f0f7915e56fa3de-00639050dd-3293aae9-default
age: 32655
x-cache-status: MISS
content-length: 1313
last-modified: Fri, 18 Nov 2022 08:40:33 GMT
server: DWS
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 54ms
20ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkroonika.delfi.ee%2F&domain=kroonika.delfi.ee&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://kroonika.delfi.ee
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 07 Dec 2022 17:42:04 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 562062
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 pubads_impl_2022120101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 5313 384 KB
130 KB 119ms
41ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0b59c362ae740c391e742fa4517d90b9461b416b9bec855d14c04603dbaf71c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 14:54:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10035
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133241
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 09:36:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 07 Dec 2023 14:54:49 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame 5313 113 B
107 B 143ms
70ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=kroonika.delfi.ee

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e3e8f4dd61d9d371d0903f3e3dfbd49e8a3e28a2204efa9c539cb6ae97dfc03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82
x-xss-protection: 0
expires: Wed, 07 Dec 2022 17:42:04 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 5313
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkroonika.delfi.ee%2F&domain=kroonika.delfi.ee&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=t-wrbHxFRkhEVlB3a0EwR0JzaXhmaVAyV0d1bGFVcWRzUFpmWmJ1V1lxT1k2RnNlUnNJOFBrcmlWMTZuVUY4REgxSWRQdlBnR2RmOEVxWVNCWHgvT0p2T1dVMUhIdmo0aks0dTBYS3BNTjF4QzJSa1FSWHBjVTZxNEZaQi...

370 B
652 B

47ms
17ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=t-wrbHxFRkhEVlB3a0EwR0JzaXhmaVAyV0d1bGFVcWRzUFpmWmJ1V1lxT1k2RnNlUnNJOFBrcmlWMTZuVUY4REgxSWRQdlBnR2RmOEVxWVNCWHgvT0p2T1dVMUhIdmo0aks0dTBYS3BNTjF4QzJSa1FSWHBjVTZxNEZaQi9UVzBCQ2xpRXQvNEVPb0tYd3FJODU3T2VDNks5SVY3STFkWkFYTlJKaGJYcjhqRmE5R1ZjREYxSVNHVUdZT3Rkbng4Y1NvOWZWR3UvSThDMkdPemcrOEZEL1hoZ0p6RHlEcDI1Umc2TW4zcFBkYjA2R1JSL0plSHd0TUFLMW41QkdRUlRYcHhXfA&cppv=2

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

13555dce7f25cc3884e6269ceb322506f4b9a06932e67789041de2e0702daf6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1364319
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=t-wrbHxFRkhEVlB3a0EwR0JzaXhmaVAyV0d1bGFVcWRzUFpmWmJ1V1lxT1k2RnNlUnNJOFBrcmlWMTZuVUY4REgxSWRQdlBnR2RmOEVxWVNCWHgvT0p2T1dVMUhIdmo0aks0dTBYS3BNTjF4QzJSa1FSWHBjVTZxNEZaQi9UVzBCQ2xpRXQvNEVPb0tYd3FJODU3T2VDNks5SVY3STFkWkFYTlJKaGJYcjhqRmE5R1ZjREYxSVNHVUdZT3Rkbng4Y1NvOWZWR3UvSThDMkdPemcrOEZEL1hoZ0p6RHlEcDI1Umc2TW4zcFBkYjA2R1JSL0plSHd0TUFLMW41QkdRUlRYcHhXfA&cppv=2
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 602589
content-length: 0
expires: 0

POST
H/1.1 200 prebid Show response
id5-sync.com/api/config/ Frame 5313 135 B
546 B 37ms
11ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

2f3f6589e4f416de5c6c38d9b3b2acae2ebfed796634fc627eb0dc58148fc2b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 5313 1 KB
2 KB 8ms
8ms XHR
application/json 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fkroonika.delfi.ee&pubid=083e9dd7-27dd-4e36-908f-28796c83c8ad
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 5cd230bf83d57586f16713d39089731184ea39e5810f039a7e5ec7abae4c61ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:50:26 GMT
via: 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 3098
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1366
x-amz-cf-id: P9Jz7Rv7J215rux7qhRWjKZS8xMMLPWumjegdEfEnREAOqOfgM8CRA==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 5313 1 KB
2 KB 9ms
8ms XHR
application/json 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fkroonika.delfi.ee&pubid=083e9dd7-27dd-4e36-908f-28796c83c8ad
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 5cd230bf83d57586f16713d39089731184ea39e5810f039a7e5ec7abae4c61ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:50:26 GMT
via: 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 3098
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1366
x-amz-cf-id: XQtPkyzzDQU5Vjrf2OgO1nmJRD_oLfd8Uh8CsOXLLtpe2tzNuwd1Tg==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ Frame 5313 23 B
463 B 79ms
51ms XHR
text/javascript 52.222.228.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&pid=q8eWMAYp7c9l7&cb=0&ws=1200x400&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%22dee_995x300_05_content_foreign%22%2C%22s%22%3A%5B%22970x250%22%2C%22995x300%22%2C%221200x400%22%5D%2C%22sn%22%3A%22%2F99287527%2C72743801%2Fdelfi_ee%2Fros_ee%2Fdee_995x300_05_content_foreign%22%7D%5D&schain=1.0%2C1!adnetmedia.lt%2C168%2C1%2C%2C%2C&pubid=083e9dd7-27dd-4e36-908f-28796c83c8ad&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.228.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-228-76.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P4
x-amz-rid: 5VNWQZ21NNWK834JVHC4
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: dGTqjntd2stUsQSzqsCdVpzYivmc7Cdlbz24FRpy-3Jk2ruDWmPkPg==

GET
H/1.1 200
OK imp Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 30ms
29ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/imp?adId=716846&bnId=56392328&pId=569270&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434924888&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&impRndId=gxjxcpc2chpwbzko&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK segment Show response
api.cxense.com/profile/user/ 62 B
695 B 147ms
119ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/profile/user/segment?callback=cXJsonpCB2&persisted=9bc51b3b50d830eeacfdf8a62ed1e60d6cc78c79&json=%7B%22identities%22%3A%5B%7B%22id%22%3A%22lbdxtobwxu5y2838%22%2C%22type%22%3A%22cx%22%7D%5D%7D

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

9e9a0fee08f54a7955afc0f906fdbfca87e2d33860d26a713bf052bc185588f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-length: 62
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

/
dmp.adform.net/serving/cookie/match/
Redirect Chain

https://csyn-r.cxense.com/?cxsite=1145189970857384309&partnerId=csr&cxckp=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t
https://dmp.adform.net/serving/cookie/match/?party=1077&cid=1hp4d1gz1pjzn3oepuy6c44ld6

35 B
469 B

119ms
26ms

Image
image/gif

37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1077&cid=1hp4d1gz1pjzn3oepuy6c44ld6

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

location: https://dmp.adform.net/serving/cookie/match/?party=1077&cid=1hp4d1gz1pjzn3oepuy6c44ld6
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31600
server: Jetty(9.4.28.v20200408)
content-length: 109

GET
H2 200 aax.js Show response
c.aaxads.com/ Frame 5313 475 KB
131 KB 83ms
49ms Script
text/javascript 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-153.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b35254e22213eab05ffc2b800d06c393f207d4bd337dfce8249fd3d4e611a5e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Apache
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
expires: Wed, 07 Dec 2022 18:12:04 GMT

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ Frame 5313 53 KB
17 KB 41ms
7ms Script
application/javascript 104.111.219.144
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.219.144 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-219-144.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0767c070293f17944c5246f47d8c610131ee16556a032dc3b5820bdac5ec725f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
last-modified: Thu, 13 Oct 2022 18:14:48 GMT
server: Apache
etag: "d4ed-5eaee7c12df48-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17131
expires: Wed, 07 Dec 2022 17:57:04 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ Frame 5313 57 KB
17 KB 72ms
29ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
server: cloudflare
x-amz-request-id: ZR9FS0KF8SF3XPE6
age: 3196
etag: W/"9ee82d693d1e83b3a37ee20226716f78"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 775f0e48dfef9b4b-FRA
x-amz-id-2: VistZBWckkAiP7GIvEPImKlKdXTBIKzx8WeKiNFm3NFnvLcmQwjT/xkLRFzAOFbFMk+ugJS7Fn+m45POSdZmLQ==

GET
H2 200 close2016.png
g.delfi.ee/b/ Frame 5995 2 KB
2 KB 36ms
35ms Image
image/png 185.20.100.193
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.delfi.ee/b/close2016.png
Requested by: Host: af1.nh.ee
URL: https://af1.nh.ee/Banners/Elements/Files/2029728/12034605/main/bvpath_516/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.193 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy2.delfi.ee
Software: DWS /
Resource Hash: 43d770b69af69d2605e20517ba52e4bf913159fb0f3c20167513b0d9feb5cf6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af1.nh.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:42:46 GMT
last-modified: Mon, 05 Sep 2016 13:54:18 GMT
server: DWS
age: 3557
content-type: image/png
cache-control: max-age=3024000
accept-ranges: bytes
content-length: 1684
expires: Fri, 23 Dec 2022 09:33:20 GMT

GET
H2 200 12034606.jpg
af1.nh.ee/Banners/Elements/Files/2029728/ Frame 5995 53 KB
54 KB 33ms
33ms Image
image/jpeg 185.20.100.192
EKSPRESS-DIGITAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://af1.nh.ee/Banners/Elements/Files/2029728/12034606.jpg
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.20.100.192 Harjumaa, Estonia, ASN199328 (EKSPRESS-DIGITAL, EE),
Reverse DNS: proxy1.delfi.ee
Software: DWS /
Resource Hash: 1781ead518eda813051f0c08ee1276948608f3ecd6cb35558f4fbcd2701b71e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:15:33 GMT
last-modified: Fri, 18 Nov 2022 08:40:33 GMT
server: DWS
x-amz-request-id: tx0000024b84e87ed76f446-006390cb3e-329373d4-default
age: 1325
x-cache-status: HIT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 54414

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 20ms
20ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkroonika.delfi.ee%2F&domain=kroonika.delfi.ee&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://kroonika.delfi.ee
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 07 Dec 2022 17:42:04 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 550220
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 pubads_impl_2022120101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 432F 384 KB
130 KB 82ms
42ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0b59c362ae740c391e742fa4517d90b9461b416b9bec855d14c04603dbaf71c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 14:54:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10035
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133241
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 09:36:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 07 Dec 2023 14:54:49 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame 432F 124 B
112 B 141ms
105ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=kroonika.delfi.ee

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfe0eaff17ffdaa22d618142d46972e211a8cf20f2c1aa2736c4309b51e47798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87
x-xss-protection: 0
expires: Wed, 07 Dec 2022 17:42:05 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 432F
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkroonika.delfi.ee%2F&domain=kroonika.delfi.ee&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=RzwnOXx4SC9UL2xJZkQ5SlVxZHpxVUZWLzFaanNJSncwZlZvWUpFemxYaEFhc0h4Z3FtUTlCM3BsK2pnQk1MRnlMdUttWEt4SU1XT21ZaU5mdTJ4b3dzaElDaisya3FLcSszNlN2K2Y3WDFneTBsTW9LbFpLZE81SFhRYV...

370 B
653 B

48ms
18ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=RzwnOXx4SC9UL2xJZkQ5SlVxZHpxVUZWLzFaanNJSncwZlZvWUpFemxYaEFhc0h4Z3FtUTlCM3BsK2pnQk1MRnlMdUttWEt4SU1XT21ZaU5mdTJ4b3dzaElDaisya3FLcSszNlN2K2Y3WDFneTBsTW9LbFpLZE81SFhRYVBsMmJSYUVwbWVzQ1JYQ0NUUVBzeEZCMTVHZ2c2SS8zdlVFaU1LSDJOWFRFVlhBWWRiNUJMVXpEZWk5QlhXdFJXV2ZscU00L0ZEQjJ6NUptMlZ3STZCSzR2eFdxUXlONDIycFlMOXhHamlXWGl5djJhdElZdWRLbWJOWjczWVV4ZlVVU0xrcFpPfA&cppv=2

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0be61f51d52b972e22066696cd22061bb83129a4a38e3556d86f6780b6721758

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1597250
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=RzwnOXx4SC9UL2xJZkQ5SlVxZHpxVUZWLzFaanNJSncwZlZvWUpFemxYaEFhc0h4Z3FtUTlCM3BsK2pnQk1MRnlMdUttWEt4SU1XT21ZaU5mdTJ4b3dzaElDaisya3FLcSszNlN2K2Y3WDFneTBsTW9LbFpLZE81SFhRYVBsMmJSYUVwbWVzQ1JYQ0NUUVBzeEZCMTVHZ2c2SS8zdlVFaU1LSDJOWFRFVlhBWWRiNUJMVXpEZWk5QlhXdFJXV2ZscU00L0ZEQjJ6NUptMlZ3STZCSzR2eFdxUXlONDIycFlMOXhHamlXWGl5djJhdElZdWRLbWJOWjczWVV4ZlVVU0xrcFpPfA&cppv=2
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 355508
content-length: 0
expires: 0

POST
H/1.1 200 prebid Show response
id5-sync.com/api/config/ Frame 432F 135 B
546 B 10ms
7ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

2f3f6589e4f416de5c6c38d9b3b2acae2ebfed796634fc627eb0dc58148fc2b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 432F 1 KB
2 KB 8ms
8ms XHR
application/json 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fkroonika.delfi.ee&pubid=083e9dd7-27dd-4e36-908f-28796c83c8ad
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 5cd230bf83d57586f16713d39089731184ea39e5810f039a7e5ec7abae4c61ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:50:26 GMT
via: 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 3098
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1366
x-amz-cf-id: u_ljsW7LnEs14H75LSt2zBoFX-2I5OXs_oFAQNR7Nqgzi-Bfe5rBhw==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 432F 1 KB
2 KB 9ms
8ms XHR
application/json 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fkroonika.delfi.ee&pubid=083e9dd7-27dd-4e36-908f-28796c83c8ad
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 5cd230bf83d57586f16713d39089731184ea39e5810f039a7e5ec7abae4c61ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:50:26 GMT
via: 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 3098
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1366
x-amz-cf-id: qDplzsD4sFHWEiaiTHdkRsPqytaT0W-6a3sf8UQUOacrUvrRy6wP7A==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ Frame 432F 23 B
463 B 48ms
48ms XHR
text/javascript 52.222.228.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&pid=6MGa7DthgJCXh&cb=0&ws=300x600&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%22dee_300x600_05_tower_foreign%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F99287527%2C72743801%2Fdelfi_ee%2Fros_ee%2Fdee_300x600_05_tower_foreign%22%7D%5D&schain=1.0%2C1!adnetmedia.lt%2C168%2C1%2C%2C%2C&pubid=083e9dd7-27dd-4e36-908f-28796c83c8ad&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.228.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-228-76.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P4
x-amz-rid: H9QF7SZTVJFX0B3W1HC3
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: R-T3Qs_P0V4xALRnPDYaStAlvvXwhobBAWd-QTFxF2LMOyczDASegA==

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 18ms
15ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkroonika.delfi.ee%2F&domain=kroonika.delfi.ee&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://kroonika.delfi.ee
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 07 Dec 2022 17:42:04 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 521755
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 pubads_impl_2022120101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 7DD9 384 KB
130 KB 79ms
56ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0b59c362ae740c391e742fa4517d90b9461b416b9bec855d14c04603dbaf71c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 14:54:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10035
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133241
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 09:36:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 07 Dec 2023 14:54:49 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame 7DD9 113 B
107 B 158ms
139ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=kroonika.delfi.ee

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e3e8f4dd61d9d371d0903f3e3dfbd49e8a3e28a2204efa9c539cb6ae97dfc03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82
x-xss-protection: 0
expires: Wed, 07 Dec 2022 17:42:05 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 7DD9
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkroonika.delfi.ee%2F&domain=kroonika.delfi.ee&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=MK-ryHxSLzYxR0MxUEUzV0ZIb2VKelVkUEw0eUc1cjlXenRMQVBQd3pOVUIyaE9FbTg3d3NyK0F6WW5OUk55bXdhbkFIWHdlbVBDOGtYOFoxK0tUK3VuT2o2ZjVlVzAzaE5SYXRJblh3TVJPYnN1cXVNWWZ0MjhjamhiMk...

370 B
654 B

47ms
17ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=MK-ryHxSLzYxR0MxUEUzV0ZIb2VKelVkUEw0eUc1cjlXenRMQVBQd3pOVUIyaE9FbTg3d3NyK0F6WW5OUk55bXdhbkFIWHdlbVBDOGtYOFoxK0tUK3VuT2o2ZjVlVzAzaE5SYXRJblh3TVJPYnN1cXVNWWZ0MjhjamhiMkMyVGNlcXVoNTlqYmQxVTlpNVZvVFpZUTAxK0MyRlZkZUJTTjJmM1pLdWkza0pOUzVOdHVrOUNsd0dDRGtlOGxpODk3bFYrUTlWMmRkaTVqeWpBVkRmOFQ0THZ5dERsMENlaXB5TG15Y0RMcXNhbGwrdUl2eExWK2VCMUNiK1RlL2RtdFE0VmRGfA&cppv=2

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a5620ee6ac728746de133d1efffe0c832aafe5ec0d0c4471784cddfc309f6bdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1422610
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=MK-ryHxSLzYxR0MxUEUzV0ZIb2VKelVkUEw0eUc1cjlXenRMQVBQd3pOVUIyaE9FbTg3d3NyK0F6WW5OUk55bXdhbkFIWHdlbVBDOGtYOFoxK0tUK3VuT2o2ZjVlVzAzaE5SYXRJblh3TVJPYnN1cXVNWWZ0MjhjamhiMkMyVGNlcXVoNTlqYmQxVTlpNVZvVFpZUTAxK0MyRlZkZUJTTjJmM1pLdWkza0pOUzVOdHVrOUNsd0dDRGtlOGxpODk3bFYrUTlWMmRkaTVqeWpBVkRmOFQ0THZ5dERsMENlaXB5TG15Y0RMcXNhbGwrdUl2eExWK2VCMUNiK1RlL2RtdFE0VmRGfA&cppv=2
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1030986
content-length: 0
expires: 0

POST
H/1.1 200 prebid Show response
id5-sync.com/api/config/ Frame 7DD9 135 B
546 B 10ms
8ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

2f3f6589e4f416de5c6c38d9b3b2acae2ebfed796634fc627eb0dc58148fc2b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 7DD9 1 KB
2 KB 11ms
7ms XHR
application/json 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fkroonika.delfi.ee&pubid=083e9dd7-27dd-4e36-908f-28796c83c8ad
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 5cd230bf83d57586f16713d39089731184ea39e5810f039a7e5ec7abae4c61ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:50:26 GMT
via: 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 3098
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1366
x-amz-cf-id: qsFTZaxEnissCTIRp67VP_5bRiQoOFilZnhbwn929nHr8K52gEB5Cw==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 7DD9 1 KB
2 KB 11ms
7ms XHR
application/json 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fkroonika.delfi.ee&pubid=083e9dd7-27dd-4e36-908f-28796c83c8ad
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 5cd230bf83d57586f16713d39089731184ea39e5810f039a7e5ec7abae4c61ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:50:26 GMT
via: 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 3098
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1366
x-amz-cf-id: Ds3RuJ2SFCCgAFCBqfWoyoGONmVxYehqpn6pCDnTN9j1CNTlm0N8wg==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ Frame 7DD9 23 B
464 B 45ms
42ms XHR
text/javascript 52.222.228.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&pid=zT8pDFqaOpTDR&cb=0&ws=300x600&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%22dee_300x600_05_tower_foreign%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F99287527%2C72743801%2Fdelfi_ee%2Fros_ee%2Fdee_300x600_05_tower_foreign%22%7D%5D&schain=1.0%2C1!adnetmedia.lt%2C168%2C1%2C%2C%2C&pubid=083e9dd7-27dd-4e36-908f-28796c83c8ad&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.228.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-228-76.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P4
x-amz-rid: AKNRVPKGK2JQV96TJSTV
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: r1p1QxkYTR1_BV9uSRJLOA2HqDQ_rXtUxI7jkwZfh0KmHD8iszwxpA==

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame 5313 33 B
404 B 39ms
9ms XHR
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

84f67b2966de0f841622921ca23f6c07016c100670bfe1e3bc2194f04124b0a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 aax.js Show response
c.aaxads.com/ Frame 7DD9 475 KB
131 KB 64ms
64ms Script
text/javascript 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-153.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b35254e22213eab05ffc2b800d06c393f207d4bd337dfce8249fd3d4e611a5e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
date: Wed, 07 Dec 2022 17:42:05 GMT
server: Apache
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
expires: Wed, 07 Dec 2022 18:12:05 GMT

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ Frame 7DD9 53 KB
17 KB 9ms
9ms Script
application/javascript 104.111.219.144
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.219.144 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-219-144.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0767c070293f17944c5246f47d8c610131ee16556a032dc3b5820bdac5ec725f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
last-modified: Thu, 13 Oct 2022 18:14:48 GMT
server: Apache
etag: "d4ed-5eaee7c12df48-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17131
expires: Wed, 07 Dec 2022 17:57:04 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ Frame 7DD9 57 KB
16 KB 28ms
27ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
server: cloudflare
x-amz-request-id: ZR9FS0KF8SF3XPE6
age: 3196
etag: W/"9ee82d693d1e83b3a37ee20226716f78"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 775f0e48f8279b4b-FRA
x-amz-id-2: VistZBWckkAiP7GIvEPImKlKdXTBIKzx8WeKiNFm3NFnvLcmQwjT/xkLRFzAOFbFMk+ugJS7Fn+m45POSdZmLQ==

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame 432F 33 B
404 B 25ms
8ms XHR
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

84f67b2966de0f841622921ca23f6c07016c100670bfe1e3bc2194f04124b0a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 aax.js Show response
c.aaxads.com/ Frame 432F 475 KB
131 KB 44ms
43ms Script
text/javascript 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-153.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b35254e22213eab05ffc2b800d06c393f207d4bd337dfce8249fd3d4e611a5e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
date: Wed, 07 Dec 2022 17:42:04 GMT
server: Apache
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
expires: Wed, 07 Dec 2022 18:12:04 GMT

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ Frame 432F 53 KB
17 KB 8ms
7ms Script
application/javascript 104.111.219.144
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.219.144 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-219-144.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0767c070293f17944c5246f47d8c610131ee16556a032dc3b5820bdac5ec725f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
content-encoding: gzip
last-modified: Thu, 13 Oct 2022 18:14:48 GMT
server: Apache
etag: "d4ed-5eaee7c12df48-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17131
expires: Wed, 07 Dec 2022 17:57:04 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ Frame 432F 57 KB
16 KB 26ms
26ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
server: cloudflare
x-amz-request-id: ZR9FS0KF8SF3XPE6
age: 3196
etag: W/"9ee82d693d1e83b3a37ee20226716f78"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 775f0e49082e9b4b-FRA
x-amz-id-2: VistZBWckkAiP7GIvEPImKlKdXTBIKzx8WeKiNFm3NFnvLcmQwjT/xkLRFzAOFbFMk+ugJS7Fn+m45POSdZmLQ==

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame 7DD9 33 B
404 B 20ms
7ms XHR
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

84f67b2966de0f841622921ca23f6c07016c100670bfe1e3bc2194f04124b0a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 68ms
15ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 07 Dec 2022 17:42:04 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 407359
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H/1.1 200 563.json Show response
id5-sync.com/g/v2/ Frame 5313 216 B
627 B 24ms
9ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/563.json

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

89f1fe4576f06f0a45750e6b565640813f99097b91b2c0134676e6cdb0285407

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 64ms
15ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 07 Dec 2022 17:42:04 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 377821
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 64ms
16ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 07 Dec 2022 17:42:04 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 419082
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H/1.1 200 563.json Show response
id5-sync.com/g/v2/ Frame 432F 216 B
627 B 24ms
8ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/563.json

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

7808cefe03b8d274a4a62d9b0eea281a30c7ec6b4528d3759bea36bb4cab076a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

POST
H/1.1 200 563.json Show response
id5-sync.com/g/v2/ Frame 7DD9 216 B
627 B 26ms
11ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/563.json

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

ee72d5b4f5b501955ab0ed550f5f3a57474e1bf8aae144d6bf5e6cc99d5947a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 aacxs.php Show response
c.aaxads.com/ Frame 9A99 22 KB
9 KB 22ms
21ms Document
text/html 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://c.aaxads.com/aacxs.php?flg=AAXEYBR49&fv=1&fy=37&ke=1&suylg=218%2C79%2C213%2C368%2C310%2C206%2C54%2C292%2C263%2C264%2C195%2C330%2C369%2C89%2C29%2C355%2C356%2C306%2C23%2C282&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0

Requested by

Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-153.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

bb9b4b3419b5b5e15972fe87a101473561bfbf5424a6ddf9d41baf458407e2ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8760
content-type: text/html; charset=UTF-8
date: Wed, 07 Dec 2022 17:42:05 GMT
expires: Fri, 09 Dec 2022 17:42:05 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=604800
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 pxusr.gif
c.aaxads.com/ Frame 5313 43 B
220 B 9ms
9ms Image
image/gif 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.aaxads.com/pxusr.gif

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-153.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=604800
last-modified: Mon, 26 Feb 2018 13:29:58 GMT
server: Apache
content-type: image/gif
cache-control: max-age=887482
accept-ranges: bytes
content-length: 43
expires: Sun, 18 Dec 2022 00:13:27 GMT

GET
H/1.1 200
OK pxext.gif
www.aaxdetect.com/ Frame 5313 43 B
323 B 37ms
7ms Image
image/gif 104.111.243.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aaxdetect.com/pxext.gif
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.243.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-243-142.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:05 GMT
Last-Modified: Mon, 26 Feb 2018 13:29:58 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=730763
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Fri, 16 Dec 2022 04:41:28 GMT

GET
H2 200 pxusr.gif
c.aaxads.com/ Frame 432F 43 B
220 B 8ms
7ms Image
image/gif 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.aaxads.com/pxusr.gif

Requested by

Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-153.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=604800
last-modified: Mon, 26 Feb 2018 13:29:58 GMT
server: Apache
content-type: image/gif
cache-control: max-age=887482
accept-ranges: bytes
content-length: 43
expires: Sun, 18 Dec 2022 00:13:27 GMT

GET
H/1.1 200
OK pxext.gif
www.aaxdetect.com/ Frame 432F 43 B
323 B 7ms
7ms Image
image/gif 104.111.243.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aaxdetect.com/pxext.gif
Requested by: Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.243.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-243-142.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:05 GMT
Last-Modified: Mon, 26 Feb 2018 13:29:58 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=730763
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Fri, 16 Dec 2022 04:41:28 GMT

GET
H2 200 aacxs.php Show response
c.aaxads.com/ Frame 2A24 22 KB
9 KB 17ms
16ms Document
text/html 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-153.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

bb9b4b3419b5b5e15972fe87a101473561bfbf5424a6ddf9d41baf458407e2ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8760
content-type: text/html; charset=UTF-8
date: Wed, 07 Dec 2022 17:42:05 GMT
expires: Fri, 09 Dec 2022 17:42:05 GMT
server: Apache
strict-transport-security: max-age=604800
vary: Accept-Encoding
x-mnet-hl2: E

GET
H/1.1 200
OK log
c21lg-d.media.net/ Frame 9A99 35 B
296 B 218ms
161ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?___stu13p=5idgihgb3r73nr56xnl0ch00yxnzunr&gho=1&yvlg=3134365258397449000V10&ruljlq=1&iow=0&syjlg[]=028AAX&syjlg[]=041AAX&syjlg[]=054AAX&syjlg[]=345AAX&syjlg[]=076AAX&syjlg[]=080AAX&syjlg[]=097AAX&syjlg[]=109AAX
Requested by: Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAXEYBR49&fv=1&fy=37&ke=1&suylg=218%2C79%2C213%2C368%2C310%2C206%2C54%2C292%2C263%2C264%2C195%2C330%2C369%2C89%2C29%2C355%2C356%2C306%2C23%2C282&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.aaxads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:05 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Wed, 07 Dec 2022 17:42:05 GMT

GET
H2 200 pxusr.gif
c.aaxads.com/ Frame 7DD9 43 B
220 B 7ms
7ms Image
image/gif 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.aaxads.com/pxusr.gif

Requested by

Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-153.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=604800
last-modified: Mon, 26 Feb 2018 13:29:58 GMT
server: Apache
content-type: image/gif
cache-control: max-age=887482
accept-ranges: bytes
content-length: 43
expires: Sun, 18 Dec 2022 00:13:27 GMT

GET
H/1.1 200
OK pxext.gif
www.aaxdetect.com/ Frame 7DD9 43 B
323 B 23ms
23ms Image
image/gif 104.111.243.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aaxdetect.com/pxext.gif
Requested by: Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.243.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-243-142.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:05 GMT
Last-Modified: Mon, 26 Feb 2018 13:29:58 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=730763
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Fri, 16 Dec 2022 04:41:28 GMT

GET
H2 200 aacxs.php Show response
c.aaxads.com/ Frame CA68 22 KB
9 KB 24ms
24ms Document
text/html 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAXEYBR49&hst=kroonika.delfi.ee&ver=1.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-153.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

bb9b4b3419b5b5e15972fe87a101473561bfbf5424a6ddf9d41baf458407e2ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8760
content-type: text/html; charset=UTF-8
date: Wed, 07 Dec 2022 17:42:05 GMT
expires: Fri, 09 Dec 2022 17:42:05 GMT
server: Apache
strict-transport-security: max-age=604800
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 log
l3.aaxads.com/ Frame 5313 35 B
173 B 16ms
8ms Image
image/gif 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=183&dgw=desktop&flg=AAXEYBR49&fw=FRANKFURT&ff=DE&xjg=4&dss=0&skw=400&slg=8PR6YK195&gq=kroonika.delfi.ee&vhuyqdph=ssp-serving-54f64c9956-nh7z9&vyu=120110_495_120110_465_ssp&vf=HE&yhuvlrq=4&yk=400&yz=1200&yvlg=&ylg=00001670434925052031177838083199&vvsDeExfnhw=CONTROL&oz=1&gdss=green&lwbshlg=6&vg=3&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=Y-N&jgsu=1&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_control&deg=2&fdeg=0&gdeg=2&ghqg=182&fhqg=25&hqg=73&gvwduw=26&fvwduw=25&vwduw=25&uhtxuo=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&nzui=
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-153.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 07 Dec 2022 17:42:05 GMT
content-length: 35
content-type: image/gif

GET
H2 200 log
l3.aaxads.com/ Frame 432F 35 B
173 B 14ms
7ms Image
image/gif 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=103&dgw=desktop&flg=AAXEYBR49&fw=FRANKFURT&ff=DE&xjg=4&dss=0&skw=600&slg=8PR6YK195&gq=kroonika.delfi.ee&vhuyqdph=ssp-serving-54f64c9956-nh7z9&vyu=120110_495_120110_465_ssp&vf=HE&yhuvlrq=4&yk=600&yz=300&yvlg=&ylg=00001670434925114031177838087633&vvsDeExfnhw=CONTROL&oz=1&gdss=green&lwbshlg=6&vg=3&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=Y-N&jgsu=1&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_control&deg=2&fdeg=0&gdeg=2&ghqg=103&fhqg=4&hqg=56&gvwduw=4&fvwduw=4&vwduw=4&uhtxuo=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&nzui=
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-153.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 07 Dec 2022 17:42:05 GMT
content-length: 35
content-type: image/gif

GET
H/1.1 200
OK log
c21lg-d.media.net/ Frame 2A24 35 B
296 B 171ms
156ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?___stu13p=5idgihgb3r73nr56xnl0ch00yxnzunr&gho=1&yvlg=3134365258397449000V10&ruljlq=1&iow=0&syjlg[]=028AAX&syjlg[]=041AAX&syjlg[]=054AAX&syjlg[]=345AAX&syjlg[]=076AAX&syjlg[]=080AAX&syjlg[]=097AAX&syjlg[]=109AAX
Requested by: Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAXEYBR49&fv=1&fy=37&ke=1&suylg=218%2C79%2C213%2C368%2C310%2C206%2C54%2C292%2C263%2C264%2C195%2C330%2C369%2C89%2C29%2C355%2C356%2C306%2C23%2C282&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.aaxads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:05 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Wed, 07 Dec 2022 17:42:05 GMT

GET
H2 200 log
l3.aaxads.com/ Frame 7DD9 35 B
173 B 8ms
7ms Image
image/gif 104.111.239.153
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=108&dgw=desktop&flg=AAXEYBR49&fw=FRANKFURT&ff=DE&xjg=4&dss=0&skw=600&slg=8PR6YK195&gq=kroonika.delfi.ee&vhuyqdph=ssp-serving-54f64c9956-nh7z9&vyu=120110_495_120110_465_ssp&vf=HE&yhuvlrq=4&yk=600&yz=300&yvlg=&ylg=00001670434925190031177838082620&vvsDeExfnhw=CONTROL&oz=1&gdss=green&lwbshlg=6&vg=3&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=Y-N&jgsu=1&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_control&deg=2&fdeg=0&gdeg=2&ghqg=108&fhqg=4&hqg=59&gvwduw=4&fvwduw=4&vwduw=4&uhtxuo=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&nzui=
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.239.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-153.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 07 Dec 2022 17:42:05 GMT
content-length: 35
content-type: image/gif

GET
H/1.1 200
OK log
c21lg-d.media.net/ Frame CA68 35 B
296 B 1247ms
1234ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?___stu13p=5idgihgb3r73nr56xnl0ch00yxnzunr&gho=1&yvlg=3134365258397449000V10&ruljlq=1&iow=0&syjlg[]=028AAX&syjlg[]=041AAX&syjlg[]=054AAX&syjlg[]=345AAX&syjlg[]=076AAX&syjlg[]=080AAX&syjlg[]=097AAX&syjlg[]=109AAX
Requested by: Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAXEYBR49&fv=1&fy=37&ke=1&suylg=218%2C79%2C213%2C368%2C310%2C206%2C54%2C292%2C263%2C264%2C195%2C330%2C369%2C89%2C29%2C355%2C356%2C306%2C23%2C282&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.aaxads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:06 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Wed, 07 Dec 2022 17:42:06 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 95ms
95ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:04 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

POST
H2 200 /
adx.adform.net/adx/unload/ 35 B
490 B 26ms
25ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/unload/?1670434925523

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 760D 35 B
461 B 28ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&pud=zfUUlUgkwtDedjBvpJm6hFM1T03v9edaA8EQOTBzmUnhtCU0AtLE0YChqpCB9lMVuyCJoBORB7tSlKPlgbDD4LsgiaATkQe7mkhyT8bLbdOOcQ1yp0EKR-oUQGuAkT4_0CZ6QET-QL41&unload=5084446025291268402@@60046065,1636714356154275772,100|1166|0|0|0|0|0|0|0||292|0|||||1|0|0|txWOJ7hybhh5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4GrL015AFXL9CulUmmbR4ERJkAW6OdCBF7A2|nD5YIuf_TIatuMovGlnfNruRWU8jbYd-nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciio9e8WWz71rJGHBmtPu7N5FSqcwzdCso9JTxd82iILd1xXAl4m320ye8tFDxYPxcOnFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhsXLWvpLcCdKw2|1|11|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/Serving/Event/ Frame 760D 35 B
470 B 31ms
30ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/Event/?bn=60046065&event=178&time=2&baid=56603052&name=Viewable%20impressions&imprid=1636714356154275772&icid=5084446025291268402&eData=sxrYHEwt_KiqzEoQidydFm9Q8Y8j1W0ZNv9eZnf1nu1dKw_57esI4r80wNI6bl8i20ex1NiNs48kuWXXnSlQMtOgRlBu9ztPqUPVN5fAX1pucPEFO8F3h1ex3QJB_TIpaOJDsqAYsG41&adxvars=nD5YIuf_TIatuMovGlnfNruRWU8jbYd-nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciio9e8WWz71rJGHBmtPu7N5FSqcwzdCso9JTxd82iILd1xXAl4m320ye8tFDxYPxcOnFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhsXLWvpLcCdKw2&rtbdata=fg2VYS8DBV0HVtvqcok2EkiPdDL9k4o5NEJi6EmeeVDUB4RsvAWwkIp-BrszzkeatqtsaRvAfZ-Bc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2&rtbwp=vR5KWVVM5-81&rnd=916869157

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 760D 35 B
470 B 28ms
27ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5084446025291268402@@60046065,1636714356154275772,100|1167|0|0|0|0|0|0|0||292|0|||||1|0|0|txWOJ7hybhh5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4GrL015AFXL9CulUmmbR4ERJkAW6OdCBF7A2|nD5YIuf_TIatuMovGlnfNruRWU8jbYd-nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciio9e8WWz71rJGHBmtPu7N5FSqcwzdCso9JTxd82iILd1xXAl4m320ye8tFDxYPxcOnFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhsXLWvpLcCdKw2|1|01|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7437 35 B
470 B 27ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&pud=ZGQqBI1HlLXedjBvpJm6hGyXF-C1C1PcDqphzAyNRQAzET0LVekrhUDUgs9QdsCn1ED75HECui_OYvhhDYcR96e0Ti-zqqw87QEfR63HH9fUQPvkcQK6L77IitUmQRNB2qw_Z4W4bF01&unload=5084446025291268402@@59586400,4054163688644432563,100|1093|0|0|0|0|0|0|0||364|0|||||1|0|0|40M42WCbHxd5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4Gv041y3KWyvqbJJNuTGHckBkAW6OdCBF7A2|nD5YIuf_TIYVwk06H5Z3uA-UKhUZI6fAHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciim98h4Y44EYAlLs_KZ9CVp3mnapyvrlhJRzwsOPfTpfxG1OopE-qwQxlJ0QIrUe_VXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhvusmYOe6DKaw2|1|11|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/Serving/Event/ Frame 7437 35 B
470 B 29ms
28ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/Event/?bn=59586400&event=178&time=2&baid=56372738&name=Viewable%20impressions&imprid=4054163688644432563&icid=5084446025291268402&eData=Qnn1FLBUsC7GmLMY79Z76W9Q8Y8j1W0ZNv9eZnf1nu1dKw_57esI4r80wNI6bl8i20ex1NiNs48kuWXXnSlQMtOgRlBu9ztPqUPVN5fAX1q-zJxetfQ16lex3QJB_TIpaOJDsqAYsG41&adxvars=nD5YIuf_TIYVwk06H5Z3uA-UKhUZI6fAHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciim98h4Y44EYAlLs_KZ9CVp3mnapyvrlhJRzwsOPfTpfxG1OopE-qwQxlJ0QIrUe_VXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhvusmYOe6DKaw2&rtbdata=0fQ_vxSbAMBashRmZO8bEfb9Ug5ClusafUciiG6vDQeYRUDsCGVo_Ip-BrszzkeaHJdyrb0uc7GBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2&rtbwp=Q8yR5Xr0r8Y1&rnd=87152909

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7437 35 B
461 B 27ms
27ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5084446025291268402@@59586400,4054163688644432563,100|1095|0|0|0|0|0|0|0||365|0|||||1|0|0|40M42WCbHxd5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4Gv041y3KWyvqbJJNuTGHckBkAW6OdCBF7A2|nD5YIuf_TIYVwk06H5Z3uA-UKhUZI6fAHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciim98h4Y44EYAlLs_KZ9CVp3mnapyvrlhJRzwsOPfTpfxG1OopE-qwQxlJ0QIrUe_VXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhvusmYOe6DKaw2|1|01|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H/1.1 200
OK in-screen Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 17ms
17ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/in-screen?adId=721904&bnId=56603052&pId=435611&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434926106&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&timeOnScreen=1&v_imp=true&impRndId=biix5dkwepjnedl7&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:06 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK in-screen Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 15ms
15ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/in-screen?adId=716538&bnId=56372738&pId=651009&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434926110&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&timeOnScreen=1&v_imp=true&impRndId=xjj2ut1isbjwvb9j&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:06 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK in-screen Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 15ms
15ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/in-screen?adId=716846&bnId=56392328&pId=569270&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434926112&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&timeOnScreen=1&v_imp=true&impRndId=gxjxcpc2chpwbzko&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:06 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

POST
H2 200 /
track.adform.net/serving/unload/ Frame BAB0 35 B
470 B 27ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&pud=ty_GgiPlw3XedjBvpJm6hE5Onz3_j-z5Gs5gtUpK4zvhtCU0AtLE0YChqpCB9lMVuyCJoBORB7tSlKPlgbDD4LsgiaATkQe7mkhyT8bLbdOOcQ1yp0EKR-0mSG85si520rt2oOVUHWs1&unload=5084446025291268402@@59608988,7578805727504212994,100|1070|0|800|1150|0|0|0|0||22|0|||||1|0|0|fBu1JHGLCWZ5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4GjySYV8KrECRGHNgWaELV-VkAW6OdCBF7A2|nD5YIuf_TIaS-mwBdRBNshQTA2h_zpI5nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciipgyXzcmYtzeiXypNwto4Qs_wGtsFlA_gRG14gPy_uADC5xuFnjd_ze8-wWkU7tDPXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjn-xmpvcLKzEwJ_dfLtPn_A2||11|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/Serving/Event/ Frame BAB0 35 B
461 B 28ms
27ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/Event/?bn=59608988&event=178&time=2&baid=56392328&name=Viewable%20impressions&imprid=7578805727504212994&icid=5084446025291268402&eData=9GIIieOBXvovonAXnMwRzW9Q8Y8j1W0ZNv9eZnf1nu1dKw_57esI4r80wNI6bl8i20ex1NiNs48kuWXXnSlQMtOgRlBu9ztPqUPVN5fAX1oStiCs-YKyllex3QJB_TIpaOJDsqAYsG41&adxvars=nD5YIuf_TIaS-mwBdRBNshQTA2h_zpI5nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciipgyXzcmYtzeiXypNwto4Qs_wGtsFlA_gRG14gPy_uADC5xuFnjd_ze8-wWkU7tDPXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjn-xmpvcLKzEwJ_dfLtPn_A2&rtbdata=fg2VYS8DBV1aLwvbXEkxDcjcd8PPeqZ7wXyML_GWQf8TE7tZt6XS_Yp-BrszzkeawPg7Qp89DyWBc3N1PheuqTKu-Lshl6ZgFKwlS9sxSLyhyrE41uAB40mQWrZ6KCQe0zCDqhBpUhTDeIjrSAcYFw2&rtbwp=vR5KWVVM5-81&rnd=326455067

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame BAB0 35 B
470 B 27ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5084446025291268402@@59608988,7578805727504212994,100|1071|0|800|1150|0|0|0|0||22|0|||||1|0|0|fBu1JHGLCWZ5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4GjySYV8KrECRGHNgWaELV-VkAW6OdCBF7A2|nD5YIuf_TIaS-mwBdRBNshQTA2h_zpI5nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciipgyXzcmYtzeiXypNwto4Qs_wGtsFlA_gRG14gPy_uADC5xuFnjd_ze8-wWkU7tDPXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjn-xmpvcLKzEwJ_dfLtPn_A2||01|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 169ms
86ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221129&st=env

Requested by

Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7797a72d98e5347b064e83d9394ceef4080c873c4b9c5f6398fc5d094338dfbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11157
x-xss-protection: 0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=C08ADEC9225746F08A8EFD3CFC5BFF30&RedC=c.clarity.ms&MXFR=35211A3C4C396D1D1080084F48396305
https://c.clarity.ms/c.gif?CtsSyncId=C08ADEC9225746F08A8EFD3CFC5BFF30&MUID=3911E058642260700611F22B65496179

42 B
390 B

28ms
24ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=C08ADEC9225746F08A8EFD3CFC5BFF30&MUID=3911E058642260700611F22B65496179
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
server: Microsoft-IIS/10.0
etag: "40db785d3fdfd81:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D16F232199CA4EE79258E0078EE701AE Ref B: FRAEDGE1413 Ref C: 2022-12-07T17:42:07Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=C08ADEC9225746F08A8EFD3CFC5BFF30&MUID=3911E058642260700611F22B65496179
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 200
OK segment Show response
api.cxense.com/profile/user/ 166 B
800 B 31ms
30ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/profile/user/segment?callback=cXJsonpCB3&persisted=b04a959c2ea64c1ef725a6abb04ccecbbd9e6671&json=%7B%22identities%22%3A%5B%7B%22id%22%3A%22lbdxtobwxu5y2838%22%2C%22type%22%3A%22cx%22%7D%5D%7D

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

ed343bd6fc027c96a1b983d60e2fd05c862e4d7c2fdd9a96c98815803b77f9c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
content-type: text/javascript;charset=utf-8
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-length: 166
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 7ms
7ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1884980121754918&ev=CxSegments&dl=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&rl=&if=false&ts=1670434927190&cd[segmentIds]=8msoz891pzwg%2C8mt7ihdvwgr1%2C8n42hqlatmtu%2C8nffug5nx7e8%2C8nqgnd255ftt%2C8nqixztc4wiw%2Ciu6x268ylot6&sw=1600&sh=1200&v=2.9.89&r=stable&ec=2&o=30&fbp=fb.1.1670434923951.2066633158&it=1670434923833&coo=false&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 07 Dec 2022 17:42:07 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 143ms
53ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:42:07 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8682 13 KB
5 KB 132ms
39ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3910
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 16:36:57 GMT
expires: Thu, 07 Dec 2023 16:36:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8E89 783 B
535 B 139ms
49ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f577446f56c55ba9e79422cfae2f5bbc11aa041763a5e139a2366d8df928102b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tq6_EEhESKAJB8UZp2D9JA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-tq6_EEhESKAJB8UZp2D9JA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:07 GMT
expires: Wed, 07 Dec 2022 17:42:07 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8E89 0
0 139ms
138ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221129&jk=3411371172332950&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js Show response
pagead2.googlesyndication.com/bg/ Frame 8682 36 KB
16 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16917
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:00:10 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8682 0
10 B 38ms
38ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Xm86Lg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:07 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 5313 483 B
1021 B 45ms
19ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:07 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 1213856
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ohRqQHTinYjFyHHSRBwBavSyaIEy5oeZwGqOAwS3Qhec3EyoHVvKnYBqGY%2BFaPzUneFXpr4HGVqbFPV5CZJ5dOOgNyqr590r%2F7IoA2hcFymKb%2Ftsz%2BMvDDnghJDVXKsGYZPNxcUdyLrRbsDZ"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 775f0e5b78e4918f-FRA

GET
H/1.1 200
OK cc Show response
cc-endpoint.digitalmatter.ai/api/ Frame 5313 2 B
289 B 269ms
193ms Fetch
application/json 85.206.141.183
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL: https://cc-endpoint.digitalmatter.ai/api/cc?c=q75n-an4g-2w1a-m02d
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.206.141.183 Vilnius, Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS: 85-206-141-183.static.zebra.lt
Software: nginx / PHP/8.0.26
Resource Hash: 61835352dfbbfbfae4345655fc7451e580272b28a4aa3377fe008701ac7ebf34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: br
Server: nginx
X-Powered-By: PHP/8.0.26
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive

POST
H/1.1 400
Bad Request cookie_sync Show response
prebid.adnxs.com/pbs/v1/ Frame 5313 35 B
432 B 73ms
14ms XHR
text/plain 185.89.208.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://prebid.adnxs.com/pbs/v1/cookie_sync

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.89.208.11 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

prebid.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

fe0d9b0c47e56700062e1e6cfcaa084f5bfd85a7901721f9c8ce651b60c59a6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:07 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.21.3
Vary: Origin
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 35
Expires: 0

POST
H/1.1 200
OK auction Show response
prebid.adnxs.com/pbs/v1/openrtb2/ Frame 5313 2 KB
2 KB 145ms
88ms XHR
application/json 185.89.208.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.adnxs.com/pbs/v1/openrtb2/auction
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.89.208.11 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: prebid.ams3.adnexus.net
Software: nginx/1.21.3 /
Resource Hash: 288fb3e67b906e3e1b248af651918a4df57cf701a2b0ad2b4585cf596209a914

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: gzip
Server: nginx/1.21.3
X-Prebid: pbs-go/0.233.0
Transfer-Encoding: chunked
Vary: Accept-Encoding, Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 0

POST
H2 200 dsh Show response
hb.adscale.de/ Frame 5313 11 B
472 B 221ms
195ms XHR
text/plain 35.158.81.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adscale.de/dsh
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.81.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-81-23.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
vary: origin
p3p: CP=NOI PSA OUR
access-control-allow-origin: https://kroonika.delfi.ee
content-type: text/plain
cache-control: no-cache
access-control-allow-credentials: true
x-robots-tag: none

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 5313 241 B
573 B 335ms
120ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16854&site_id=153086&zone_id=1669408&size_id=57&p_pos=btf&gdpr=1&rp_schain=1.0,1!adnetmedia.lt,168,1,,,!digitalmatter.ai,168,1,,,&eid_criteo.com=YkJjNl9PSVNUWjUyNVZkank0WExWM2V4b3UlMkZMZEIzbkRNbzdESVZwWWdrRVVnaWhkJTJCYzJ6JTJGVndMSE1OJTJGbDE4aiUyRmF0UXg4NlJVdHNtc0lkeHBKdkxscTJKMGclM0QlM0Q%5E1&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fkroonika.delfi.ee%2Fa%2F120110364&tk_flint=pbjs_lite_v7.24.0&x_source.tid=50d1e94c-5a3c-48e4-ac51-7685a8dce263&l_pb_bid_id=8cf1a3a7ed12fd&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3502819930413641
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 51888b7a624cdd15f47dc2d3394afec8d984518206187c5a18e832149c0b2b33

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 241
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
adnet-d.openx.net/w/1.0/ Frame 5313 72 B
378 B 131ms
42ms XHR
application/json 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://adnet-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkroonika.delfi.ee%2Fa%2F120110364&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=50d1e94c-5a3c-48e4-ac51-7685a8dce263&nocache=1670434927900&gdpr=1&criteoid=YkJjNl9PSVNUWjUyNVZkank0WExWM2V4b3UlMkZMZEIzbkRNbzdESVZwWWdrRVVnaWhkJTJCYzJ6JTJGVndMSE1OJTJGbDE4aiUyRmF0UXg4NlJVdHNtc0lkeHBKdkxscTJKMGclM0QlM0Q&id5id=0&pubcid=33dabaf5-e4c8-4376-b51c-f58142651c3f&schain=1.0%2C1!adnetmedia.lt%2C168%2C1%2C%2C%2C!digitalmatter.ai%2C168%2C1%2C%2C%2C&aus=970x250%2C995x300%2C1200x400&divids=dee_995x300_05_content_foreign&aucs=&auid=541043715
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: cc6875534131c837c1f154950dd07dba354bc8f001e278135351e1324819a9c0

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 / Show response
ssp.wp.pl/bidder/ Frame 5313 0
57 B 309ms
88ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?bdver=5.7&pbver=7.24.0&inver=0
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
server: nginx
vary: Origin
uber-trace-id: 00000000000000007d3a8f7869d308b3:c522e1e88aa80804:0:0
accept-ch-lifetime: 604800
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs-simple.com/ut/v3/ Frame 5313 18 KB
9 KB 205ms
147ms XHR
application/json 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs-simple.com/ut/v3/prebid

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6812a2572b917d923a3911976851569cdf0bbaa7a945475bc721ee132180c34b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs-simple.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 24fd76c8-7782-4006-b1eb-d951743b04ae
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 5313 171 B
565 B 359ms
142ms XHR
application/json 185.86.139.116
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 8b9b81833890ca4d17a848f43d9e0a2f9901c114841bfda055c7b0855c8ba861

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 5313 24 B
404 B 65ms
26ms XHR
application/json 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.24.0
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: f2b03f4b55d9742943b14e9f2155c3e2b4c555e13f2998b5043d0bd9eb873895

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 07 Dec 2022 17:42:07 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 5313 0
219 B 76ms
21ms XHR
text/plain 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.24.0&cb=32254139120&lsavail=1&bundle=mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3l6NVd0Wk9jWHlXS1RzbVhiWWpTY3h1TVMzWWtIVHlNemtKZHY0VUs5Y2lNJTJCQnRDVGxuJTJCNXpkNVhHMENVd2RWelpkYnklMkZqJTJGMzZ2UmdqczhoJTJCd0tTV0lieg

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 17:42:07 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 5313 1 KB
2 KB 382ms
167ms XHR
application/json 148.251.121.152
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 148.251.121.152 Braunlage, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: egon
Software: /
Resource Hash: cf1d5d86ca5d28adc1ef6e0c8e2b6e00fc6ad5967c02c5d9249032294e22dfc1

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1340
expires: 0

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 5313 0
179 B 55ms
17ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:07 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 200 prebid Show response
mp.4dex.io/ Frame 5313 114 B
535 B 75ms
39ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f654317493fce1d2f546f3011b67f1007603835f6e534d967cedd45a8258d7d4

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

x-version: 3.0.0-gcp-ams
date: Wed, 07 Dec 2022 17:42:07 GMT
x-err: Shapings: no adunits with size and seat and mapping
via: 1.1 google
cf-cache-status: DYNAMIC
content-encoding: gzip
x-warn: Process Floors. 2 inventory rules not found for mediatype: banner and adUnitCode: dee_995x300_05_content_foreign
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 775f0e5ba9359279-FRA
expires: 0

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame 5313 2 KB
2 KB 97ms
96ms XHR
application/json 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8caf34bb3d754280d433d860fa573a145ceb3f600da646c2d4f8594d3c04de94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ Frame 5313 37 B
572 B 193ms
147ms XHR
application/json 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=723022
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac3c56b2ac3ad7dce46b8a74bf0a84a8797a6075c304e39afb8c2538478aee45

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LcozFoTnv8gRlS5tMempSP1Oiu0Ve41Aq4%2B%2B41h0ci5ddWmJHejvCZeprguy6OV%2BaT1Q6JIse%2FRKwjGgQbU0dRvWm%2FqqPTgjDxkSTNUpL7zpxKRc%2FOWuu5D%2Br0uXUgT%2FpX8d4Vqr"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 775f0e5bcc9fbb8c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 432F 483 B
1021 B 30ms
16ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:07 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 1213856
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pCQ8MDrIjLIobhn9bmXhRaUFnLKXxa%2BB5tSHU9AdLq3lFNw8x6DM30uVzjF2aIh0n0ukVifWOAoH6lTIebDp1saBWNHu0%2FQue8a3fsFSYLNA0mAn%2FwvJkVJs0Ca0O0AIkk9r1LsZg6IfEvq%2B"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 775f0e5b992b918f-FRA

GET
H/1.1 200
OK cc Show response
cc-endpoint.digitalmatter.ai/api/ Frame 432F 2 B
289 B 271ms
200ms Fetch
application/json 85.206.141.183
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL: https://cc-endpoint.digitalmatter.ai/api/cc?c=q75n-an4g-2w1a-m02d
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.206.141.183 Vilnius, Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS: 85-206-141-183.static.zebra.lt
Software: nginx / PHP/8.0.26
Resource Hash: 61835352dfbbfbfae4345655fc7451e580272b28a4aa3377fe008701ac7ebf34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: br
Server: nginx
X-Powered-By: PHP/8.0.26
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive

POST
H/1.1 400
Bad Request cookie_sync Show response
prebid.adnxs.com/pbs/v1/ Frame 432F 35 B
432 B 44ms
14ms XHR
text/plain 185.89.208.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://prebid.adnxs.com/pbs/v1/cookie_sync

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.89.208.11 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

prebid.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

fe0d9b0c47e56700062e1e6cfcaa084f5bfd85a7901721f9c8ce651b60c59a6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:07 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.21.3
Vary: Origin
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 35
Expires: 0

POST
H/1.1 200
OK auction Show response
prebid.adnxs.com/pbs/v1/openrtb2/ Frame 432F 2 KB
2 KB 119ms
73ms XHR
application/json 185.89.208.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.adnxs.com/pbs/v1/openrtb2/auction
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.89.208.11 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: prebid.ams3.adnexus.net
Software: nginx/1.21.3 /
Resource Hash: e9be87a74ed06a19fbc76e30339df8d46b95c55d82645ac78fd5d86f6af2f679

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: gzip
Server: nginx/1.21.3
X-Prebid: pbs-go/0.233.0
Transfer-Encoding: chunked
Vary: Accept-Encoding, Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 0

POST
H2 200 dsh Show response
hb.adscale.de/ Frame 432F 11 B
473 B 140ms
139ms XHR
text/plain 35.158.81.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adscale.de/dsh
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.81.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-81-23.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
vary: origin
p3p: CP=NOI PSA OUR
access-control-allow-origin: https://kroonika.delfi.ee
content-type: text/plain
cache-control: no-cache
access-control-allow-credentials: true
x-robots-tag: none

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 432F 1 KB
2 KB 349ms
152ms XHR
application/json 148.251.121.152
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 148.251.121.152 Braunlage, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: egon
Software: /
Resource Hash: 899a6741bef37726e85db4ebfc9e191314ec13061f4f7e261ab9b038c039449b

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1339
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 432F 0
218 B 56ms
21ms XHR
text/plain 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.24.0&cb=13454935025&lsavail=1&bundle=mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3l6NVd0Wk9jWHlXS1RzbVhiWWpTY3h1TVMzWWtIVHlNemtKZHY0VUs5Y2lNJTJCQnRDVGxuJTJCNXpkNVhHMENVd2RWelpkYnklMkZqJTJGMzZ2UmdqczhoJTJCd0tTV0lieg

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 17:42:07 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 432F 94 B
505 B 116ms
84ms XHR
application/json 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.24.0
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: 4f90e6c4fcfdb035349045252a3a8db6ce3bbb987881a31696e2bbae6cac681b

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 07 Dec 2022 17:42:07 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 100

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 432F 261 B
820 B 298ms
112ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16854&site_id=153086&zone_id=1669404&size_id=15&alt_size_ids=10&gdpr=1&rp_schain=1.0,1!adnetmedia.lt,168,1,,,!digitalmatter.ai,168,1,,,&eid_criteo.com=Hy4ee183dU45TmNTQ3RlNDBDQnlvRGlmTE1rRFBEckR0VzRLNGphbHBQSiUyRk9SbGtCVXNmZWZhMHRuSTZVU1FYRkF1OEY4Tlg5RzZNVWhOR0Q1Z0lVS0VXWHd3JTNEJTNE%5E1&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fkroonika.delfi.ee%2Fa%2F120110364&tk_flint=pbjs_lite_v7.24.0&x_source.tid=3354e8b1-b028-4c4c-b909-6884b7ad31df&l_pb_bid_id=14ed9575f8abb68&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.891666895059152
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9cc6ab73ac2eaa21257d8ba0164a60a54bff592eafc719ca9c593deb7be1314e

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 261
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ Frame 432F 114 B
191 B 57ms
39ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2954e20a0a06a61c69c8333a126041986bbf67ec08a2a7a23011492fb193a5b

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
x-err: Shapings: no adunits with size and seat and mapping
x-version: 3.0.0-gcp-ams
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 775f0e5ba9369279-FRA
expires: 0

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ Frame 432F 0
159 B 54ms
17ms XHR
text/plain 52.57.214.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.214.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-214-50.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame 432F 2 KB
2 KB 58ms
57ms XHR
application/json 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d053185630eea870e007fda9b79eca89d525028a5e440545c2f2bc8e51a1d88c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs-simple.com/ut/v3/ Frame 432F 145 B
849 B 175ms
145ms XHR
application/json 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs-simple.com/ut/v3/prebid

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

7276acf61173c532dce357fd73ece5d5575a0b26b3a192bab57cbbb81ead8195

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:08 GMT
AN-X-Request-Uuid: a70e9950-d8af-4824-8a95-fa4bf8f79d4e
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs-simple.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 432F 171 B
565 B 372ms
182ms XHR
application/json 185.86.139.116
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 8b9b81833890ca4d17a848f43d9e0a2f9901c114841bfda055c7b0855c8ba861

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

GET
H2 200 arj Show response
adnet-d.openx.net/w/1.0/ Frame 432F 73 B
145 B 101ms
44ms XHR
application/json 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://adnet-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkroonika.delfi.ee%2Fa%2F120110364&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=3354e8b1-b028-4c4c-b909-6884b7ad31df&nocache=1670434927932&gdpr=1&criteoid=Hy4ee183dU45TmNTQ3RlNDBDQnlvRGlmTE1rRFBEckR0VzRLNGphbHBQSiUyRk9SbGtCVXNmZWZhMHRuSTZVU1FYRkF1OEY4Tlg5RzZNVWhOR0Q1Z0lVS0VXWHd3JTNEJTNE&id5id=0&pubcid=33dabaf5-e4c8-4376-b51c-f58142651c3f&schain=1.0%2C1!adnetmedia.lt%2C168%2C1%2C%2C%2C!digitalmatter.ai%2C168%2C1%2C%2C%2C&aus=300x600%2C300x250&divids=dee_300x600_05_tower_foreign&aucs=&auid=541043714
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 6b29a24ecbfdf39d98324d3bc72a89a354841a9525b7ae43dff67fd23fbe6860

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 / Show response
ssp.wp.pl/bidder/ Frame 432F 0
223 B 277ms
87ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?bdver=5.7&pbver=7.24.0&inver=0
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
server: nginx
vary: Origin
uber-trace-id: 000000000000000090f40a3c98acf1ad:96a332569afcaa13:0:0
accept-ch-lifetime: 604800
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true

POST
H2 200 bid-request Show response
a.teads.tv/hb/ Frame 432F 16 B
391 B 70ms
42ms XHR
application/json 184.30.21.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/hb/bid-request
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.21.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-21-51.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 42
expires: Wed, 07 Dec 2022 17:42:07 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 432F 0
180 B 29ms
16ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:07 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ Frame 432F 2 KB
1 KB 285ms
260ms XHR
application/json 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=723022
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62735486991538728d8c30f29d00bb8e5a0502099c94bfcc0f9041dd5cd7d1ab

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3RTNh2dkMCvO8YwVnXcflPoULow58rrYK%2F3XyO3ONQT8zPizv5lMl5eTrvrA4AsCejq300JIK65OacCxubsiZMpqhRRmFyakO%2BMn%2F6BOnzJJb9NhdrxUMmkp9xH%2FWNNHBXMCNNbm"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 775f0e5bcca5bb8c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 7DD9 483 B
1 KB 44ms
44ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:07 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 1213856
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2Fy73GypujZOdGc9R0IwgzxFhUBwTx4kPjH%2FPOC9EDj%2B9T8SgWzcXBbXZwsZuvrR0ZCHQdRPJSniPM4oNbhHEisGg5M1JPX8EdZayspAfpSqhDrULX%2F%2FHG%2B%2FgNZGolOLnNiWIFEkDuGW%2Fpb5"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 775f0e5ba945bc04-FRA

GET
H/1.1 200
OK cc Show response
cc-endpoint.digitalmatter.ai/api/ Frame 7DD9 2 B
289 B 287ms
204ms Fetch
application/json 85.206.141.183
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL: https://cc-endpoint.digitalmatter.ai/api/cc?c=q75n-an4g-2w1a-m02d
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.206.141.183 Vilnius, Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS: 85-206-141-183.static.zebra.lt
Software: nginx / PHP/8.0.26
Resource Hash: 61835352dfbbfbfae4345655fc7451e580272b28a4aa3377fe008701ac7ebf34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: br
Server: nginx
X-Powered-By: PHP/8.0.26
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive

POST
H/1.1 400
Bad Request cookie_sync Show response
prebid.adnxs.com/pbs/v1/ Frame 7DD9 35 B
432 B 39ms
18ms XHR
text/plain 185.89.208.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://prebid.adnxs.com/pbs/v1/cookie_sync

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.89.208.11 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

prebid.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

fe0d9b0c47e56700062e1e6cfcaa084f5bfd85a7901721f9c8ce651b60c59a6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:07 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.21.3
Vary: Origin
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 35
Expires: 0

POST
H/1.1 200
OK auction Show response
prebid.adnxs.com/pbs/v1/openrtb2/ Frame 7DD9 2 KB
2 KB 81ms
61ms XHR
application/json 185.89.208.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.adnxs.com/pbs/v1/openrtb2/auction
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.89.208.11 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: prebid.ams3.adnexus.net
Software: nginx/1.21.3 /
Resource Hash: 4b369b8004a7314dddf53a1ef5006d42f971ae7838e7f5f6369f8f1202f2ea2b

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: gzip
Server: nginx/1.21.3
X-Prebid: pbs-go/0.233.0
Transfer-Encoding: chunked
Vary: Accept-Encoding, Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 0

POST
H2 200 bid-request Show response
a.teads.tv/hb/ Frame 7DD9 16 B
391 B 56ms
44ms XHR
application/json 184.30.21.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/hb/bid-request
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.21.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-21-51.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 42
expires: Wed, 07 Dec 2022 17:42:08 GMT

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame 7DD9 2 KB
2 KB 54ms
54ms XHR
application/json 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c92250f6278d3c4b22d509d860abe40ab033b5283a3e8113756758fff06661d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 / Show response
ssp.wp.pl/bidder/ Frame 7DD9 0
56 B 259ms
88ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?bdver=5.7&pbver=7.24.0&inver=0
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
server: nginx
vary: Origin
uber-trace-id: 0000000000000000873a8ad1a1f1e05d:17a728a7e5659a10:0:0
accept-ch-lifetime: 604800
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 7DD9 171 B
565 B 314ms
143ms XHR
application/json 185.86.139.116
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 8b9b81833890ca4d17a848f43d9e0a2f9901c114841bfda055c7b0855c8ba861

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 7DD9 1 KB
2 KB 291ms
121ms XHR
application/json 148.251.121.152
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 148.251.121.152 Braunlage, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: egon
Software: /
Resource Hash: 7e78a8b632cbbc743af9a2c010c3109e8e882bbf6f2b46827a280390545dff37

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1339
expires: 0

POST
H2 200 prebid Show response
mp.4dex.io/ Frame 7DD9 114 B
189 B 51ms
51ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8c9f4c47d3f08140b298e893618cf3262a736cf6bf1533f486bd24ba160d968

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
x-err: Shapings: no adunits with size and seat and mapping
x-version: 3.0.0-gcp-ams
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 775f0e5bb9489279-FRA
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs-simple.com/ut/v3/ Frame 7DD9 139 B
843 B 49ms
14ms XHR
application/json 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs-simple.com/ut/v3/prebid

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

fcea1bf8b53192d0e9f786bc6b7900a1a65e59caecc6aaffaeb25e7ed0bac2d9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:07 GMT
AN-X-Request-Uuid: 3dbf1d4c-398d-44bf-b871-36d6d1efaf8d
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs-simple.com
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 7DD9 0
218 B 27ms
21ms XHR
text/plain 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.24.0&cb=56971814141&lsavail=1&bundle=mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3l6NVd0Wk9jWHlXS1RzbVhiWWpTY3h1TVMzWWtIVHlNemtKZHY0VUs5Y2lNJTJCQnRDVGxuJTJCNXpkNVhHMENVd2RWelpkYnklMkZqJTJGMzZ2UmdqczhoJTJCd0tTV0lieg

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 17:42:07 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ Frame 7DD9 1 KB
1 KB 154ms
150ms XHR
application/json 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=723022
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c63d9de578c3fb4ae746a6e56699eb4f22ad2926f76449974fc4728a0706c495

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bO4xsM%2FAMNg2tYWDatJKcInzqlJLQ7XSvsga61QGAW46PF5rXK%2Fj0DoiB6i5r%2Fmkl38zGL3n4b2DPvPdVGzbUv2fQG%2F83%2FHnm%2BOlfW%2FAj0v0bZZK4IXDnHy7QBkoldTF8ZDEnE79"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 775f0e5bcca8bb8c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

GET
H2 200 arj Show response
adnet-d.openx.net/w/1.0/ Frame 7DD9 73 B
148 B 75ms
43ms XHR
application/json 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://adnet-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkroonika.delfi.ee%2Fa%2F120110364&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e0bd2e7b-b0b0-4b78-9eee-fc673d2bb6a3&nocache=1670434927958&gdpr=1&criteoid=TTiBjl8yVzdCRTYlMkIlMkY1Q1JDOUt2R3V4ek5tcThiM3E4WlV4bHAxdDBaODBhJTJGRDhPT2JGb0Q3V2gxQ2FDRzM1d3plVlRoSXclMkZLa0tPVTZXRnVJY0JhWTZ2QkxRJTNEJTNE&id5id=0&pubcid=33dabaf5-e4c8-4376-b51c-f58142651c3f&schain=1.0%2C1!adnetmedia.lt%2C168%2C1%2C%2C%2C!digitalmatter.ai%2C168%2C1%2C%2C%2C&aus=300x600%2C300x250&divids=dee_300x600_05_tower_foreign&aucs=&auid=541043714
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 83cb7f810bda6b1257e48d07c0e1c2b20c871b3b87a60375c82008c09e8f9f33

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:07 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ Frame 7DD9 0
158 B 26ms
17ms XHR
text/plain 52.57.214.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.214.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-214-50.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 7DD9 24 B
404 B 58ms
27ms XHR
application/json 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.24.0
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: c6242998611a072ddba615e6801def896faeb85cf731c71d70bae8856a942098

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 07 Dec 2022 17:42:07 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://kroonika.delfi.ee
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 7DD9 0
179 B 26ms
23ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:07 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 7DD9 261 B
592 B 271ms
117ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16854&site_id=153086&zone_id=1669404&size_id=15&alt_size_ids=10&gdpr=1&rp_schain=1.0,1!adnetmedia.lt,168,1,,,!digitalmatter.ai,168,1,,,&eid_criteo.com=TTiBjl8yVzdCRTYlMkIlMkY1Q1JDOUt2R3V4ek5tcThiM3E4WlV4bHAxdDBaODBhJTJGRDhPT2JGb0Q3V2gxQ2FDRzM1d3plVlRoSXclMkZLa0tPVTZXRnVJY0JhWTZ2QkxRJTNEJTNE%5E1&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fkroonika.delfi.ee%2Fa%2F120110364&tk_flint=pbjs_lite_v7.24.0&x_source.tid=e0bd2e7b-b0b0-4b78-9eee-fc673d2bb6a3&l_pb_bid_id=32c47e660c8d75a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3530372424214401
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 4164521f0481a8a6309eed9979efd9eb5e2a2fee4dd60f3721d6635122be5ab4

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 261
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 dsh Show response
hb.adscale.de/ Frame 7DD9 11 B
472 B 114ms
112ms XHR
text/plain 35.158.81.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adscale.de/dsh
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.81.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-81-23.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
vary: origin
p3p: CP=NOI PSA OUR
access-control-allow-origin: https://kroonika.delfi.ee
content-type: text/plain
cache-control: no-cache
access-control-allow-credentials: true
x-robots-tag: none

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ Frame 5313 74 KB
24 KB 58ms
30ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: BQTMHANZG6AZQR7D
Age: 1324366
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: +uKsQXR51lrvoH5Uc7pIWRqrNNQa3F1m1G6VtMKuLS+okkDDp2brGsPVbgf5RhcM5jTH45UwrMM=
Last-Modified: Tue, 22 Nov 2022 09:44:15 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ij4895wan6ssJcbX2jQJuu4eDVTwg3gxos%2BrH7b9Ud3D9RWIqZ5CRfhTHUQpwNjAvdU7kfRvHyoXR%2FmVhNrvNMZo3u6nzqjRXD%2BcCUw%2BJoVyKvQmBCyxvn6m%2BMZp0KYSYNSA2splLn4EquUP"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
CF-RAY: 775f0e5bf96dbbb0-FRA

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ Frame 432F 74 KB
24 KB 58ms
32ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: J7J9T27N8FDJP77E
Age: 1324284
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: UNGdoLnqU0zOzXuZNAg6f+PlSJNYi7cHzQPjd9i+U/mVA5Yb1hJY2yj2EyEAUZb2mtZ0bBVBEKs=
Last-Modified: Tue, 22 Nov 2022 09:44:15 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nJ8BSSXpwmYSYp4xEfC9X3vXWJNWexrfonW0kV4a1ar5a5kpzUOU1GifLA4G4%2FOq0sUGOcRg8S8K3eEkq7hOZF6evnUwqzCQmqLNVdt2hQpHgngieM75Yco6u9MCEKfxj4C6hRwk5EvscrIX"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
CF-RAY: 775f0e5bfbfd9a0f-FRA

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ Frame 7DD9 74 KB
24 KB 50ms
23ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:08 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: BQTMHANZG6AZQR7D
Age: 1324366
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: +uKsQXR51lrvoH5Uc7pIWRqrNNQa3F1m1G6VtMKuLS+okkDDp2brGsPVbgf5RhcM5jTH45UwrMM=
Last-Modified: Tue, 22 Nov 2022 09:44:15 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2uekTvHuwKgz6qMgFOAvAJRnl90YYH%2BJawQ%2BJUCYEWnnrP%2BThyiDCha1D5dngR96u5jNdGr51noSHhtiJYAvOvYIUuwqQJyu2KJTgObj5kJ4dXfcF7sx0xsAD%2ByM%2F59F68AsBQOvnki0x8Tw"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
CF-RAY: 775f0e5c2a04bbb0-FRA

POST
H2 200 log
bid-collector.digitalmatter.ai/api/ Frame 7DD9 0
0 256ms
31ms Fetch
application/json 193.200.125.19
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL

https://bid-collector.digitalmatter.ai/api/log

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

193.200.125.19 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 7DD9 107 B
122 B 136ms
64ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=kroonika.delfi.ee

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7DD9 107 B
122 B 125ms
47ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kroonika.delfi.ee

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7DD9 113 KB
37 KB 579ms
579ms XHR
text/plain 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=557284032441897&correlator=586581393650245&eid=31070872%2C31071091%2C31071151%2C44761478%2C31069125&output=ldjh&gdfp_req=1&vrg=2022120101&ptt=17&impl=fif&iu_parts=99287527%3A72743801%2Cdelfi_ee%2Cros_ee%2Cdee_300x600_05_tower_foreign&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C3x1%7C300x600%7C300x250&fluid=height&ifi=1&adks=1788590764&sfv=1-0-40&prev_scp=amznbid%3D2%26amznp%3D2%26hb_bidder_s2s%3DadformS2S%26hb_cache_path%3D%252Fpbc%252Fv1%252Fcache%26hb_advertiser_domain%3Do2online.de%26hb_size%3D300x250%26hb_pb%3D0.07%26hb_adid%3D36f59c78daf27bf%26hb_bidder%3Dadform%26upr_ab_test%3Da&cust_params=siteUrl%3Dkroonika.delfi.ee%252Fartikkel%252F120110364%252Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud%26domain%3Dkroonika.delfi.ee%26url_keywords%3Dkroonika%252Cdelfi%252Cee%252Cartikkel%252C120110364%252Ceesti%252Cuks%252Ctuntumaid%252Conlyfansitare%252Cpaljastas%252Ckui%252Cpalju%252Cta%252Ctanu%252Cplatvormile%252Craha%252Con%252Cteeninud%26fledge%3Dfalse&sc=1&cookie=ID%3Dd55806150c50b586-22caec7c59d80015%3AT%3D1670434923%3ART%3D1670434923%3AS%3DALNI_Mbe8iRd2L5Xwil1G0doKB4nLBf4og&cdm=kroonika.delfi.ee&gpic=UID%3D00000b8ed6bef3a1%3AT%3D1670434923%3ART%3D1670434923%3AS%3DALNI_MaREskVYWy9MGOhtU8_VcC5-tmVvg&abxe=1&dt=1670434928284&lmt=1670434928&dlt=1670434924290&idt=960&adxs=1052&adys=2268&biw=1600&bih=1200&isw=300&ish=600&scr_x=0&scr_y=0&btvi=1&ucis=sptksjr9k8ky&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=2&url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&top=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&frm=23&vis=1&psz=300x600&msz=300x-1&fws=256&ohw=0&ea=0&ga_vid=879261953.1670434923&ga_sid=1670434928&ga_hid=437070029&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6ff5cc2145c401af0972678f3699b00ce80ff12fb693e536f2d02fb26a50ad8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37545
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7DD9 14 KB
11 KB 85ms
85ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a7fd5de75ac14b088a668c435fdd1e330a17a6f83aa19c7ba8f4f0243ab641e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11156
x-xss-protection: 0

GET
H2 200 container.html Show response
6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6184 6 KB
3 KB 145ms
46ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Thu, 07 Dec 2023 17:42:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 log
bid-collector.digitalmatter.ai/api/ Frame 5313 0
0 254ms
61ms Fetch
application/json 193.200.125.19
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL

https://bid-collector.digitalmatter.ai/api/log

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

193.200.125.19 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 5313 107 B
122 B 92ms
45ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=kroonika.delfi.ee

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 5313 107 B
122 B 109ms
56ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kroonika.delfi.ee

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5313 122 KB
37 KB 642ms
642ms XHR
text/plain 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2888457196269617&correlator=1188646313902564&eid=31070873&output=ldjh&gdfp_req=1&vrg=2022120101&ptt=17&impl=fif&iu_parts=99287527%3A72743801%2Cdelfi_ee%2Cros_ee%2Cdee_995x300_05_content_foreign&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=3x1%7C970x250%7C995x300%7C1200x400&ifi=1&adks=1938916561&sfv=1-0-40&prev_scp=amznbid%3D2%26amznp%3D2%26hb_bidder_s2s%3DadformS2S%26hb_cache_path%3D%252Fpbc%252Fv1%252Fcache%26hb_size%3D970x250%26hb_pb%3D0.09%26hb_adid%3D34f09f5e5a0ce96%26hb_bidder%3Dappnexus%26upr_ab_test%3Da&cust_params=siteUrl%3Dkroonika.delfi.ee%252Fartikkel%252F120110364%252Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud%26domain%3Dkroonika.delfi.ee%26url_keywords%3Dkroonika%252Cdelfi%252Cee%252Cartikkel%252C120110364%252Ceesti%252Cuks%252Ctuntumaid%252Conlyfansitare%252Cpaljastas%252Ckui%252Cpalju%252Cta%252Ctanu%252Cplatvormile%252Craha%252Con%252Cteeninud%26fledge%3Dfalse&sc=1&cookie=ID%3Dd55806150c50b586-22caec7c59d80015%3AT%3D1670434923%3ART%3D1670434923%3AS%3DALNI_Mbe8iRd2L5Xwil1G0doKB4nLBf4og&cdm=kroonika.delfi.ee&gpic=UID%3D00000b8ed6bef3a1%3AT%3D1670434923%3ART%3D1670434923%3AS%3DALNI_MaREskVYWy9MGOhtU8_VcC5-tmVvg&abxe=1&dt=1670434928305&lmt=1670434928&dlt=1670434924269&idt=988&adxs=213&adys=3364&biw=1600&bih=1200&isw=1200&ish=400&scr_x=0&scr_y=0&btvi=1&ucis=fgmkz5m7ttaj&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=2&url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&top=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&frm=23&vis=1&psz=1200x300&msz=995x-1&fws=256&ohw=0&ga_vid=879261953.1670434923&ga_sid=1670434928&ga_hid=32933661&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3130878c82cd28f84aa889e281716e60208833e0d1884cef336605dad5d23801

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38141
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5313 14 KB
11 KB 85ms
85ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88942ce68164cfbbe371888de3267d0f25dcca9eb0c305b9edbf73e3f0d2dc99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11053
x-xss-protection: 0

GET
H2 200 container.html Show response
9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F1E3 6 KB
3 KB 143ms
45ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Thu, 07 Dec 2023 17:42:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 log
bid-collector.digitalmatter.ai/api/ Frame 432F 0
0 237ms
61ms Fetch
application/json 193.200.125.19
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL

https://bid-collector.digitalmatter.ai/api/log

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

193.200.125.19 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 432F 107 B
122 B 84ms
55ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=kroonika.delfi.ee

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 432F 107 B
122 B 99ms
64ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kroonika.delfi.ee

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 432F 27 KB
12 KB 458ms
458ms XHR
text/plain 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2821987588451632&correlator=4436153961251633&eid=44777901&output=ldjh&gdfp_req=1&vrg=2022120101&ptt=17&impl=fif&iu_parts=99287527%3A72743801%2Cdelfi_ee%2Cros_ee%2Cdee_300x600_05_tower_foreign&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C3x1%7C300x600%7C300x250&fluid=height&ifi=1&adks=1788590764&sfv=1-0-40&prev_scp=amznbid%3D2%26amznp%3D2%26hb_bidder_s2s%3DadformS2S%26hb_cache_path%3D%252Fpbc%252Fv1%252Fcache%26hb_advertiser_domain%3Do2online.de%26hb_size%3D300x250%26hb_pb%3D0.07%26hb_adid%3D364ce8a453b4a75%26hb_bidder%3Dadform%26upr_ab_test%3Da&cust_params=siteUrl%3Dkroonika.delfi.ee%252Fartikkel%252F120110364%252Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud%26domain%3Dkroonika.delfi.ee%26url_keywords%3Dkroonika%252Cdelfi%252Cee%252Cartikkel%252C120110364%252Ceesti%252Cuks%252Ctuntumaid%252Conlyfansitare%252Cpaljastas%252Ckui%252Cpalju%252Cta%252Ctanu%252Cplatvormile%252Craha%252Con%252Cteeninud%26fledge%3Dfalse&sc=1&cookie=ID%3Dd55806150c50b586-22caec7c59d80015%3AT%3D1670434923%3ART%3D1670434923%3AS%3DALNI_Mbe8iRd2L5Xwil1G0doKB4nLBf4og&cdm=kroonika.delfi.ee&gpic=UID%3D00000b8ed6bef3a1%3AT%3D1670434923%3ART%3D1670434923%3AS%3DALNI_MaREskVYWy9MGOhtU8_VcC5-tmVvg&abxe=1&dt=1670434928323&lmt=1670434928&dlt=1670434924295&idt=938&adxs=1052&adys=958&biw=1600&bih=1200&isw=300&ish=600&scr_x=0&scr_y=0&btvi=0&ucis=ttfbo8xfx5sa&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=2&url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&top=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&frm=23&vis=1&psz=300x600&msz=300x-1&fws=256&ohw=0&ea=0&ga_vid=879261953.1670434923&ga_sid=1670434928&ga_hid=1164475778&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08824b9150b8988f070d59236611e2acd04ae14d38e1cec9ce3c02cdba78f0bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12064
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://kroonika.delfi.ee
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 432F 15 KB
11 KB 86ms
85ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b0f65ee878e30a26b3ebc7fc2400a91d20d17831f0c57d0cdc3b94210e2c62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11281
x-xss-protection: 0

GET
H2 200 container.html Show response
0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5569 6 KB
3 KB 144ms
46ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Thu, 07 Dec 2023 17:42:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 143ms
143ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221129&jk=3411371172332950&bg=!UVKlUhbNAAa7eOFIm3g7ACkAdvg8WiUOl6PdwAxEXSjXtJhvvUad0T50qxsO0mEcvjOtCAc0_-v9kwIAAABRUgAAAAFoAQcKAJ0fN8POEkNiEXBG_GCOrjeeLr7Y7XBrhJNlhgR58JdhS2SGXyXEoqldrPDui6EfxIPPTzYmGdNhaKu8XbfPfk_67G6TK23sg3HhA1hjUYY96eM0HxtEbH9wMng4Wj32SgHOKqh_6easuPe16Z5X1Vp98J80kRTkMPAqjGL1PWrwzppOoH2NKuXpG-6lF06Lxerb6Mtx-zexCOEiAVzDmQKmFDo53RCc2m90i8yL_HcAmU2Yo7I50jxDidy8cbz_o9kBz0eji_jgc7zP1v-axXHfCOesyZajmffZfAZY7WbTOUhYUmvZbUbhEyBR3opQvXfM2t3UmIocUTIkiGp1zeSkfjuF4VMx7ZBvmL08vjBbrGz6OAHD2dwZqdcXuZHyT139m8OaX5zxrGFsCHiRuopst1rueTanP0lfLvifgTFwX8FqfvM4V7shTZRHUIv4BSVPVIJ2pjRNtPUG_9175yIfFffiqUTd54z7A0LiUT7OsEwTuGUhUjM5j9cFl1n3RJGm75r1cLFoaAwaAYRYgQbQETFhKNgDwGPXbjaqkXQQtzxdHCh4gWsS_czQvb9UdO65ZvykCoqWO5B4q6XXHN2T043JKL3Lt4u46VcwUGzZeh_N35Te199ZcD45lEK4jtH6UIJZ7qwnbO63BylFmQLfN46uECycODZ_fu1ADj5-w-M9S8KnaeJ5dtthlq4ySEcLblJSZ-jQhk9h_JNUkJ8ScZX_s1BMgMQfIKSvdL2rnU1Li48LrojYo2kP-6idI-8dOSlm0AQJp2zdlMVlQ-hXrqpUPvxGzEYN48msAs1Xrel0yBK5hWiUl6vyChw9qkiGy_EeKBqU_0pVOdRQFksj60uqWs3fdTf_n31thPneCZRbz4CNfnihweIsJluy9h__1okXjhtLBMGYwGKdJRDVS2UW7cFqR2VIS5DUFlvXrxZjb2w-7ZDVj-sakRybhIhp9OnbQh9yPDHMqD7ppoqwby91Sek9X8RKermkb82jzeTTeDXJq9XStE2ItkNJQYTiirgmsnoTattjyuQtOpgU4H0FZWLZh_EhzohH2-qG4ArwjTBgZoJoWqgDkMMzoSZldsExRf0EgivVGQGgTlWIJwM7TDIV
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7DD9 17 KB
6 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:42:08 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5313 17 KB
6 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:42:08 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 355C 13 KB
5 KB 39ms
38ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3911
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 16:36:57 GMT
expires: Thu, 07 Dec 2023 16:36:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 68FE 783 B
535 B 49ms
48ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

83dab66281ba3abd852360ae1859803e4343111d695a69beb27e27c5d99c9f60

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MngLG6zSruBtvCE70PHCyQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-MngLG6zSruBtvCE70PHCyQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Wed, 07 Dec 2022 17:42:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 432F 17 KB
6 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:42:08 GMT

GET
H/1.1 200
OK in-screen Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 15ms
15ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/in-screen?adId=721904&bnId=56603052&pId=435611&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434928520&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&timeOnScreen=2&impRndId=biix5dkwepjnedl7&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:08 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK in-screen Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 19ms
18ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/in-screen?adId=716538&bnId=56372738&pId=651009&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434928522&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&timeOnScreen=2&impRndId=xjj2ut1isbjwvb9j&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:08 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK in-screen Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 18ms
18ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/in-screen?adId=716846&bnId=56392328&pId=569270&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434928523&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&timeOnScreen=2&impRndId=gxjxcpc2chpwbzko&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:08 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H3 200 T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js Show response
pagead2.googlesyndication.com/bg/ Frame 355C 36 KB
16 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16918
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:00:10 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 68FE 0
0 139ms
139ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120101&jk=557284032441897&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4694 13 KB
5 KB 39ms
38ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3911
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 16:36:57 GMT
expires: Thu, 07 Dec 2023 16:36:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F2D6 783 B
536 B 49ms
49ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f97f3654e57ff30bfdf8e16a8ebb79a96268e60bbef8a6f9896098905d4eefc1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-q3m0pkLXoUeL5x6UwQ8aEA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-q3m0pkLXoUeL5x6UwQ8aEA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Wed, 07 Dec 2022 17:42:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8A85 13 KB
5 KB 39ms
38ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3911
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 16:36:57 GMT
expires: Thu, 07 Dec 2023 16:36:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BA19 783 B
534 B 62ms
61ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eafd4b85fd576c0fc4669625485be59a2723c3e34ca1f572087b0e62537c137a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HiOTLKaVQ_FIjzhWOGhnSg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-HiOTLKaVQ_FIjzhWOGhnSg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Wed, 07 Dec 2022 17:42:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js Show response
pagead2.googlesyndication.com/bg/ Frame 4694 36 KB
16 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16918
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:00:10 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F2D6 0
0 139ms
139ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120101&jk=2888457196269617&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BA19 0
0 139ms
139ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120101&jk=2821987588451632&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js Show response
pagead2.googlesyndication.com/bg/ Frame 8A85 36 KB
16 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16918
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:00:10 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 355C 0
10 B 39ms
39ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?bbBwTQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 publishertag.prebid.132.js Show response
static.criteo.net/js/ld/ Frame 432F 89 KB
29 KB 80ms
27ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.132.js

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 08 Dec 2022 17:42:08 GMT

GET
H2 200 publishertag.prebid.132.js Show response
static.criteo.net/js/ld/ Frame 7DD9 89 KB
29 KB 170ms
154ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.132.js

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 08 Dec 2022 17:42:08 GMT

GET
H2 200 pubcid.min.js Show response
id.sharedid.org/lib/ Frame 432F 732 B
903 B 539ms
170ms Script
application/javascript 44.239.16.115

General

Check archive.org

Show headers Download Go to

Full URL: https://id.sharedid.org/lib/pubcid.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.239.16.115 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
cache-control: public, max-age=86400
last-modified: Wed, 7 Dec 2022 12:46:10 GMT
accept-ranges: bytes
content-length: 732
vary: accept-encoding
content-type: application/javascript

GET
H2 200 esp.js Show response
oa.openxcdn.net/ Frame 432F 24 KB
8 KB 102ms
31ms Script
application/javascript 34.102.146.192

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 04:47:21 GMT
content-encoding: gzip
age: 2120087
x-guploader-uploadid: ADPycdvqYWr4XlcgogWQv1CUKqMPpl5vfnpXVcXgwGPC8Zdt9c3EaH1AN9TP9qap5Fs6TeD5UJ3zYNvH-rbYbZWiqGonRQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Mon, 13 Nov 2023 04:47:21 GMT

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ Frame 432F 58 KB
17 KB 28ms
28ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a97afd769b3d774563606be9e943789398af5a1bf3583c2bc9a81f99832aa2b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
server: cloudflare
x-amz-request-id: YMFZEZYBJKEKRNPV
age: 1296
etag: W/"91dadf6b1eddd8d91a5cc2e3be5ea8cf"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 775f0e6108509b4b-FRA
x-amz-id-2: rR7sHzWBBNucr3XhEuqI/nIptBfNR4Bk4gz/tZK0aI7ojtEYwwSH/6l9FgWTrmHoO3CAY8xfMq0=

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ Frame 432F 39 KB
13 KB 29ms
29ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f066a6392f3732829e95d97ac2a3dfb7dc7d35fc88d71a4ef62ff8f70399326c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-9c1f"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 08 Dec 2022 17:42:08 GMT

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ Frame 432F 959 B
1 KB 62ms
8ms Script
application/javascript 2600:9000:2250:4a00:a:e047:752:5701
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:4a00:a:e047:752:5701 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5fd8663b96c0916efbc46a80a2608bbf1a12cb81726c2655b49434b40041ed09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 03:22:21 GMT
Via: 1.1 615f944336054ae07b8e7c415ddbad44.cloudfront.net (CloudFront)
Last-Modified: Mon, 05 Dec 2022 03:22:17 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 51588
ETag: "ebc0b38d1fa3c656232b1058a1616e48"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 959
X-Amz-Cf-Id: FbrMjaixl06-D-X6SIIwGHHBw3_Za1hZ-ZDErndH7NVcMk8n7Jz9_w==

GET
H3 200 container.html Show response
0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A72E 6 KB
3 KB 117ms
39ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Thu, 07 Dec 2023 17:42:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 jquery.min.js Show response
keytarget.adnet.lt/stable/jquery/3.4.1/ Frame 432F 274 KB
100 KB 31ms
31ms Script
application/javascript 193.200.125.237
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL: https://keytarget.adnet.lt/stable/jquery/3.4.1/jquery.min.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.237 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: 5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
last-modified: Fri, 29 Nov 2019 12:46:15 GMT
server: nginx
age: 701
etag: "5de11317-4472c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 101393
expires: Thu, 08 Dec 2022 17:42:08 GMT

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ Frame 432F 0
326 B 10ms
9ms XHR
text/plain 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kroonika.delfi.ee
date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 3DB9 15 KB
6 KB 28ms
27ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=kroonika.delfi.ee

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
server: Kestrel
server-processing-duration-in-ticks: 922256
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 70EE 15 KB
6 KB 16ms
16ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=kroonika.delfi.ee

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.132.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
server: Kestrel
server-processing-duration-in-ticks: 654057
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 432F 89 KB
29 KB 53ms
26ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.132.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 08 Dec 2022 17:42:08 GMT

GET
H3 200 container.html Show response
6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1FD3 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Thu, 07 Dec 2023 17:42:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 jquery.min.js Show response
keytarget.adnet.lt/stable/jquery/3.4.1/ Frame 7DD9 274 KB
100 KB 31ms
31ms Script
application/javascript 193.200.125.237
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL: https://keytarget.adnet.lt/stable/jquery/3.4.1/jquery.min.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.237 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: 5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:08 GMT
content-encoding: gzip
last-modified: Fri, 29 Nov 2019 12:46:15 GMT
server: nginx
age: 701
etag: "5de11317-4472c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 101393
expires: Thu, 08 Dec 2022 17:42:08 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4694 0
10 B 38ms
38ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?npnaUQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 3DB9
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=delfi.ee&sn=ChromeSyncframe&so=3&topUrl=kroonika.delfi.ee&bundle=mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3...
https://mug.criteo.com/sid?cpp=_W7vDXx3cGlIOTFlZy9KdTE0SThPdUd3YlZZcVZSZU5sYTgrNTY3clE0RnM5bDJQSmpXYzdSMmJBVTJJM1gyOHpCV0dieVJIQnR5ZEJBa2VPVTArcVJ5cS84SGhQQjZsQWFZNVdwVUNHdDdBMXk0MlBOWVFMV2tMR2FWUG...

447 B
656 B

24ms
24ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=_W7vDXx3cGlIOTFlZy9KdTE0SThPdUd3YlZZcVZSZU5sYTgrNTY3clE0RnM5bDJQSmpXYzdSMmJBVTJJM1gyOHpCV0dieVJIQnR5ZEJBa2VPVTArcVJ5cS84SGhQQjZsQWFZNVdwVUNHdDdBMXk0MlBOWVFMV2tMR2FWUGt6YmlQMUNWVDhVdFJkcU5tdFFzY2cvNkJ3b0w2SEtDczlHOFJKTGo1U0Z3dFAwTU0wdzdueWE5Z3lUdzJIa1BkYkJTcm5ERjZqTUVqS0U0UUlPbDhkZ2FWR0NucExGWWlxRlhZVEtlWldGdzlCanZNM0RKTmp0a2dQMk1iTUtOU2R5Ty9WS2tvTWRodTFNcUhQT2o4OXVZbWtXSmx5Zz09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9d9c68df27c7b51af7b8fc378df8184ecbda9bdfb7a3e814cbd33307c524b779

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1435035
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=_W7vDXx3cGlIOTFlZy9KdTE0SThPdUd3YlZZcVZSZU5sYTgrNTY3clE0RnM5bDJQSmpXYzdSMmJBVTJJM1gyOHpCV0dieVJIQnR5ZEJBa2VPVTArcVJ5cS84SGhQQjZsQWFZNVdwVUNHdDdBMXk0MlBOWVFMV2tMR2FWUGt6YmlQMUNWVDhVdFJkcU5tdFFzY2cvNkJ3b0w2SEtDczlHOFJKTGo1U0Z3dFAwTU0wdzdueWE5Z3lUdzJIa1BkYkJTcm5ERjZqTUVqS0U0UUlPbDhkZ2FWR0NucExGWWlxRlhZVEtlWldGdzlCanZNM0RKTmp0a2dQMk1iTUtOU2R5Ty9WS2tvTWRodTFNcUhQT2o4OXVZbWtXSmx5Zz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 599916
content-length: 0
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 70EE
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=delfi.ee&sn=ChromeSyncframe&so=3&topUrl=kroonika.delfi.ee&bundle=mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3l6N...
https://mug.criteo.com/sid?cpp=mXme_XxGSC80bXN3RVNvT0R4Rk13RjhaNzdoR3hya1hacU9SbUxvbnI1SEMyOCsxTjZVZHFGSmgzWlFNMVpxNHcxTlVmbVh4Wng1bGJhYVl3QzBqb1lyNnBBY0lrTHVZZTV2ZkxjQ0JFb05HYXZJdEtzb3ZiWlNMNWcvYk...

441 B
658 B

18ms
18ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=mXme_XxGSC80bXN3RVNvT0R4Rk13RjhaNzdoR3hya1hacU9SbUxvbnI1SEMyOCsxTjZVZHFGSmgzWlFNMVpxNHcxTlVmbVh4Wng1bGJhYVl3QzBqb1lyNnBBY0lrTHVZZTV2ZkxjQ0JFb05HYXZJdEtzb3ZiWlNMNWcvYk8wQU53MldoVFNtdEsyeEhCb0FOcDd5RVpSdnFDZHFoY2Yyb01RV1pka2tpQWdQaER5eVB6OWRlZ3J4ZHlobVpGb21wbHYwbkZTUGdnQXlNM0xjZjZGWm5pUFNobm5uSWdMZGFRL1l3VDFHeU5KTGRlb2l1b2RJOTJmVm9pV1M1TFoxa1grWjhpOEl3V0RJTlBCWUl5bkN0TlM1VzR0UT09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d0620cf403bf1a2b1f9851996d3575f654558ef9a3214b5cc4326c67cb3fdaef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2228232
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=mXme_XxGSC80bXN3RVNvT0R4Rk13RjhaNzdoR3hya1hacU9SbUxvbnI1SEMyOCsxTjZVZHFGSmgzWlFNMVpxNHcxTlVmbVh4Wng1bGJhYVl3QzBqb1lyNnBBY0lrTHVZZTV2ZkxjQ0JFb05HYXZJdEtzb3ZiWlNMNWcvYk8wQU53MldoVFNtdEsyeEhCb0FOcDd5RVpSdnFDZHFoY2Yyb01RV1pka2tpQWdQaER5eVB6OWRlZ3J4ZHlobVpGb21wbHYwbkZTUGdnQXlNM0xjZjZGWm5pUFNobm5uSWdMZGFRL1l3VDFHeU5KTGRlb2l1b2RJOTJmVm9pV1M1TFoxa1grWjhpOEl3V0RJTlBCWUl5bkN0TlM1VzR0UT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 492797
content-length: 0
expires: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A72E 0
0 79ms
78ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CKcwxcNCQY9TyGsjlnsEP1_WOsAzJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTMxODI4NTgwODk5OTMxOTbIAQmpAjSmC2Z_rrE-4AIAqAMBqgTtAk_Q6za8JITAWhURVJwlj8I0HkAFaiNwPqVUcvdJxV92PcIKq4KT5IGuZ6GKI8xXxNywHK1MOpoS-iqWLgRbFhGTqcjxN5txzCbuoLLYoJghPgM_UlZSOIO1QtnmqGt1HoN-RUKBpNI5xXmbvtbGyelqKJiBT6gnWHOjs7DySAfm5iIzFZwPCLjZ5BKFK0oOllBgJB1tCkQZNnQUjtbKYETOfuPk9vqU2SBO4YvPqqO-Q4fRszuHzHNV9H2ccyxvzmiHqyo1ABBJPTut83kgR_ve8RJ49_cH1JbWM4Pm4d-KTtQLtyminE8ACQmuvJ1pypg5QZVTRRfgD5ikI-aKzgd_qug4E9R4N8jl3pV0ZZDiIXxdpPqinQxGNfIMUNF2y3qdk3IcCB-B430RPuJbQrowtD4se99U5cPGXdhaMoDAncV5DAJxCSArpXhPNWznCWAIoiBVU15xSlrd0XGklKzS1djhX5qLWyRme2x_4AQBgAbn44zkhL36rt8BoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNjczNzI1NjI2OTI1Njg4NoAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi0zMTgyODU4MDg5OTkzMTk2GPeWFw&sigh=dWI7naIqyAA&uach_m=[UACH]&cid=CAQSPADq26N9R3BSFl7qfhyqjghMqjVW-v_A80inUx-MqDA8JaTENK4pINSaj39BWAp47YBT6OCptH6DZK3WSBgBIBM
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame A72E 0
0 78ms
18ms Fetch 2a02:2638::2

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=k7S-FI-lBKwC2ASdg2ICAgAAAGvyYD-1CQ87G29FhzAH0LsQcNCQY3rwPuBYFgEHqNbbABIAAA&wp=Y5DQcAAGuVQCJ7LIAAO618K-IaxqqL-tw220bA

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 262574
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 3752 168 KB
53 KB 289ms
232ms Document
text/html 2a02:2638::b

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5DQcAAGuVQCJ7LIAAO618K-IaxqqL-tw220bA&u=%7Cnk96nItqpCnP5TFjWtHDOYlG6jIjvtdv7L7wTxZrQD4%3D%7C&c1=UbEogq-ADiNBjPo1rbOP0Ehtz6KQg1hE74PursDfbSrTTODPyqm-FFa-X_uCmy4tCZpjpvEIbRNSvdMGQwUM-NcO5HPl8ue5ZO08dZykgxvdR63nXohYatHJo1U1ZhvL3Y2gXduHj7KaX3ZRJKsjAOKNOSEFegYQXB1gZLNIxqIOGWhc_sUZdxPjE4I2LwgSk0vNzK-PmJ6LrKQdZ3UGTVSWPPywIJXDAkU2O9TOkkZWzhVrqZra08RLcyHAw0sCBdhMLhFaHicSwf85uHNldovBS8NxXggMIMhV6HGDXdu73WLwl6miKR0XrS_y4P0uSiA98kgO3md2NwuvXK6xda05Ts0sx6_NMU4lK8fIkUSMvR245X37d5n3DmHMjHw6BYBS0UFHdQaHGSaWCLmK56ppPX0viRZbfaqv4gKRa-TcaGwuGyw6DTYmg8641_ojXSF80x7Z54Se6Qcqbm09cIK3vK6tUsfmrbZgA0b59cgmAHla9wFJQVA3pyCKDTTyPi9kmM6OYrzDYrlWcluNE5ilKXR7yWZKFG7GiPabSwBoZ-g8xwiEdlyLy5qXh6fbzt6_lTxtqa3V5KBEM1dox4jUvott5rDyygv97ToJGuwg-tvIDJ4zpNBHZ5bVx_ldNFrPy4t7JRs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKtKncNCQY9TyGsjlnsEP1_WOsAzJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTMxODI4NTgwODk5OTMxOTbIAQmpAjSmC2Z_rrE-4AIAqAMBqgTwAk_Q6za8JITAWhURVJwlj8I0HkAFaiNwPqVUcvdJxV92PcIKq4KT5IGuZ6GKI8xXxNywHK1MOpoS-iqWLgRbFhGTqcjxN5txzCbuoLLYoJghPgM_UlZSOIO1QtnmqGt1HoN-RUKBpNI5xXmbvtbGyelqKJiBT6gnWHOjs7DySAfm5iIzFZwPCLjZ5BKFK0oOllBgJB1tCkQZNnQUjtbKYETOfuPk9vqU2SBO4YvPqqO-Q4fRszuHzHNV9H2ccyxvzmiHqyo1ABBJPTut83kgR_ve8RJ49_cH1JbWM4Pm4d-KTtQLtyminE8ACQmuvJ1pypg5QZVTRRfgD5ikI-aKzgd_qug4E9R4N8jl3pV0ZZDiIXxdpPqinQxGNfIMUNF2y3qdk3IcCB-B430RPuJbQrowtD4se99U5cPGXdhaMoDAncV5DAJxCWIphOrIuvD0tvwcAfBo9aZ4XlBr21-8Fhga6H4T4ISnQ6HM_3_Az1nE4AQBgAbn44zkhL36rt8BoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNjczNzI1NjI2OTI1Njg4NvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2QqcMjwfw-F3QzOZwTgTP5Wlqr5Q%26client%3Dca-pub-3182858089993196%26adurl%3D

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

e102a02b0c2a53736ea93c41b9afc3857d6ebd465feefc5f075851fbf8fa8f8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=h6HB2B-alKu4Tdzkxf4wbPMmDqZVNGFHtur058kNBqGRo85my0EmcJWex2TBsEjZRG1IHK7BS0OZL0yuOxOFuLGuJ64jkM7Q8TZLqKZS1MMSPb2oRZ5vpWRC_xG_Rtr3BCNeHIxSvd_xVpJnbo_3hmdvups8CHwkzqphuzjqR23maDA5MLV9kdGkAR_aQcayrLCZYakb4pvIHmRob4INULktLRz7PehijDibTakh6-GwH7HdJefCRjSi1hg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 216652296
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame A72E 3 KB
1 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/window_focus_fy2021.js

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 15:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7292
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 15:40:36 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0C73 1 KB
643 B 41ms
40ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27079
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 10:10:49 GMT
etag: 48472445140208031
expires: Thu, 08 Dec 2022 10:10:49 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame A72E 18 KB
7 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f066f881ead135cd4ee88cf0c80ddb796f8841fc536a7950d4f7102e0502be2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 01:16:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7443
x-xss-protection: 0
server: cafe
etag: 629801499763588852
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 01:16:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A72E 0
0 52ms
51ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQAlTbepCs8UDWQi-H6Kn-GBvVXDt1urMpHe8AwXnr5IjA3FPCFvp31z-8BlV2ASR_-mGemTqjDdp0azMLvdecPctImyA
Requested by: Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame A72E 24 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 09:30:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 202278
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 05 Dec 2023 09:30:50 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A72E 153 KB
47 KB 134ms
49ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f08c94a636dea8c08b6a50658ba1200281007d4fba996ac05cd2eeb0b873d32d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47692
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670243872199174"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:42:09 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8A85 0
10 B 47ms
47ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?UvTEUw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0073 6 KB
3 KB 42ms
41ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
expires: Thu, 07 Dec 2023 17:42:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 jquery.min.js Show response
keytarget.adnet.lt/stable/jquery/3.4.1/ Frame 5313 274 KB
100 KB 32ms
31ms Script
application/javascript 193.200.125.237
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to

Full URL: https://keytarget.adnet.lt/stable/jquery/3.4.1/jquery.min.js
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.237 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: 5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
last-modified: Fri, 29 Nov 2019 12:46:15 GMT
server: nginx
age: 701
etag: "5de11317-4472c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 101393
expires: Thu, 08 Dec 2022 17:42:09 GMT

GET
H3

200

esp Show response
oajs.openx.net/ Frame 432F
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&rid=esp&cc=1

85 B
103 B

172ms
141ms

Fetch
application/json

34.120.107.143

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&rid=esp&cc=1
Protocol: H3
Server: 34.120.107.143 -, , ASN (),
Reverse DNS
Software: / Express
Resource Hash: ed0a8519fdeb8659b31c662082424bd6058475171610cc5694ca051d63987a0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-lCCiN4DpndWcwcKx6Mjp1CJTmqA"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kroonika.delfi.ee
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Wed, 07 Dec 2022 17:42:09 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://kroonika.delfi.ee
location: /esp?url=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 css
fonts.googleapis.com/ Frame 1FD3 2 KB
1 KB 135ms
49ms Stylesheet
text/css 2a00:1450:4001:802::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 16:16:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Dec 2022 17:42:09 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame 1FD3 2 KB
765 B 39ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 02:44:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53857
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 02:44:32 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1FD3 0
0 84ms
84ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CYCMOcNCQY6PWFtWrkdUPxtaEsAeu4qPlbf_UkqmhEcmn2uvhNhABIL_pgiZgleKQgqAHoAHor-yIA8gBCakCAeXKnFyxsT7gAgCoAwHIA8sEqgTUAk_QSxnJf2ipPqjnH4QLglwu1QwTA0prapwyEoK3PW8DzOVJz0C1fOU1dUzIAThFoOSZZG1Zok9JAQe2g0ha427974fJOtMkZAeIOfR0mHVqT_8s8rCAuMcVDpdsvNvReRAh6PIKdHXQIrXsfm_xswSf-UnhTzH47YT_LmCth7Kh3-Q_IkcdJFKOyhkFT6GgSBmGcA2Euzh6X3tpFdsfzVAjjSnAO2OOV8Ww02ccWKuAcWgaPhqkvXJtdw_Se3m6Loso6ecDNaFXfoFyyURgi0wKBgh-CHJ9_AdTyZy1yy-ejuY1fmPvKh_xNqvgEfzb5ZLQvSzux1rsgatnHzqs_KEArKiUh6Bn2pLK5pzxZPgJo6_EBaUNNxB-AuWPuJCrPI6qXF3wju-p3rwjFBagnhvKSmq2_RTozN8E2hodbACrxHbiKz0OekAZqM2zqIMby1gE8vrABK_LnpmgBOAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeA0JN3qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEOLdDtIIEQiA4YAQEAEYHTICqgI6AoBA8ggbYWR4LXN1YnN5bi02NzM3MjU2MjY5MjU2ODg2gAoDyAsB2BML0BUBmBYBgBcBshceChwIABIUcHViLTMxODI4NTgwODk5OTMxOTYY95YX&sigh=93kbPXonBI8&uach_m=[UACH]&cid=CAQSPADq26N9cqI6w4T2wyUBzr_7oq-YFd2owwyH-hRS4s3K9pdyyUdSJs55lfc25ZKUg3_KZDQRj9f6P2MONRgBIBM&template_id=494
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/ Frame 1FD3 23 KB
9 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/abg_lite_fy2021.js

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e965485436a460b6ffc44695b148993598bd4e6cdb8447a547fb5609e3ca152

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:47:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14072
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9421
x-xss-protection: 0
server: cafe
etag: 8437175705735068947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 13:47:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame 1FD3 3 KB
1 KB 52ms
46ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 15:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 15:40:36 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame 1FD3 18 KB
7 KB 46ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f066f881ead135cd4ee88cf0c80ddb796f8841fc536a7950d4f7102e0502be2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 01:16:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7443
x-xss-protection: 0
server: cafe
etag: 629801499763588852
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 01:16:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1FD3 0
0 55ms
47ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSZdtFg59DIGKmAa_eDSzX9ABOoamMWsVjjNgIAiijWi8YnHGYqlVto_Z8uG0cbTkNww7HpNXURNzgfoj2BF92QjA93bw
Requested by: Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1FD3 153 KB
47 KB 142ms
104ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f08c94a636dea8c08b6a50658ba1200281007d4fba996ac05cd2eeb0b873d32d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47692
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670243872199174"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:42:09 GMT

GET
H2 200 83de75e735dabeddf4e705de6f0a2f41.js Show response
www.gstatic.com/mysidia/ Frame 1FD3 34 KB
14 KB 135ms
42ms Script
text/javascript 2a00:1450:4001:806::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/83de75e735dabeddf4e705de6f0a2f41.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355560
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14157
x-xss-protection: 0
last-modified: Wed, 30 Nov 2022 21:37:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 14:56:09 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 1FD3 27 KB
27 KB 140ms
38ms Image
image/jpeg 2a00:1450:4001:829::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcThQht79BaenL4aG1tDO-AEDLlDOUpTXqkCoAAhAlz3NvRMzhu2ddVW4Nws6Q&usqp=CAI

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3d0ee23a4134fb0629e358ad4a62bd027f25ece26b6b024ab10e0774f9be76c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 19:16:18 GMT
x-content-type-options: nosniff
age: 599151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27170
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 11:03:06 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 30 Nov 2023 19:16:18 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 1FD3 27 KB
27 KB 130ms
36ms Image
image/jpeg 2a00:1450:4001:829::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTQObKbWN5Gi-7E9fOK79kDM5dLv8r2B0cQG59NkzUXDYyDLxpAjjMdcd5nIg&usqp=CAI

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

9b58b63644421acc64b96b5faad50fafb186ee7e68d74cf809ca33a296c0d0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 16:14:43 GMT
x-content-type-options: nosniff
age: 523646
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27506
x-xss-protection: 0
last-modified: Thu, 12 Nov 2020 08:36:13 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 01 Dec 2023 16:14:43 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 1FD3 32 KB
32 KB 167ms
73ms Image
image/jpeg 2a00:1450:4001:829::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQsKfmMdmjKupybCNaJIjJrOZwPFemihpqlt1sptILZWgF_5gen88fYGVp_vA&usqp=CAI

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

06db07f26b8d09bc8fd2686db6ff8764d20caa0761d5aab96bdedd3913dc0514

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 09:45:46 GMT
x-content-type-options: nosniff
age: 460583
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32522
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 02:37:12 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 02 Dec 2023 09:45:46 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 1FD3 7 KB
7 KB 143ms
41ms Image
image/png 2a00:1450:4001:802::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcT0FeV1VtFud1eet9cNrUGROtFFx1f64wT0uwkHl4gxUirxhJA&usqp=CAI

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e5ac72556ce8b66d98fd8bba8465b9e236a65046592f90b42f5b3f0bc8c07938

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 14:48:49 GMT
x-content-type-options: nosniff
age: 442400
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6844
x-xss-protection: 0
last-modified: Fri, 30 Aug 2019 10:06:09 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 02 Dec 2023 14:48:49 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 61B0 15 KB
6 KB 23ms
22ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=kroonika.delfi.ee

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.132.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
server: Kestrel
server-processing-duration-in-ticks: 4948155
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 css
fonts.googleapis.com/ Frame 0073 2 KB
608 B 48ms
47ms Stylesheet
text/css 2a00:1450:4001:802::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 17:16:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Dec 2022 17:42:09 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame 0073 2 KB
765 B 38ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 02:44:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53857
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 02:44:32 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0073 0
0 83ms
83ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CxRc2cNCQY7jbF9LCnsEPj96NuAyu4qPlbf_UkqmhEcmn2uvhNhABIL_pgiZgleKQgqAHoAHor-yIA8gBCakCNKYLZn-usT7gAgCoAwHIA8sEqgTVAk_QqXbUVsRe7a-mUlLerNwaAcoQqSn1KjHsHckDTGbE0ZpmdVtOHXpTG37bV9ILNimPvN3UCJm63YbazmOJRPaZQ3dF7rNMlYWCYxmVP-hlyG-VfToAqyHIQW7COeglwOXHwI7a5ZcqDl89M-XnYpNuwoHuhyVt1-ZkigYIOyk7_pxmV-OlW_em7z5-PPPPIGqc7OOo6QbVO56pchwHMvhb0_0xf3zxhcQhx3b-c8fqDv9ywa0bFb2J1VrklTAvkurdCW1BBYwU-tHbRriUDGf6aOveK0YacnPftbF66lnX6UxYkE0o79cOJE6_Jskx_ctcu9pQXW7nzr40GDUD4q6Lt83fYnWGTMsFrLax-ysXZtvvNOmJfm07xkMy7_ONflEtyClQVxw-j5CzhMhyTO5AsUAkCLqhNsJG6h__fceiRS0q4WYXem6RFcisebcq3uGzOJAewASvy56ZoATgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHgNCTd6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBDK0hTSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tNjczNzI1NjI2OTI1Njg4NoAKA8gLAdgTC9AVAZgWAYAXAbIXHgocCAASFHB1Yi0zMTgyODU4MDg5OTkzMTk2GPeWFw&sigh=a0Z8pPH8nl4&uach_m=[UACH]&cid=CAQSPADq26N9xaJKxeyfnN3uS5PghEcQ9VLj3lPLi3KYFHNv6JOzUMp9EI8GTUtSgnR70wKI6RKZqXxLEGmFehgBIBM&template_id=494
Requested by: Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/ Frame 0073 23 KB
9 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/abg_lite_fy2021.js

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e965485436a460b6ffc44695b148993598bd4e6cdb8447a547fb5609e3ca152

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:47:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14072
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9421
x-xss-protection: 0
server: cafe
etag: 8437175705735068947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 13:47:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame 0073 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 15:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 15:40:36 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame 0073 18 KB
7 KB 41ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f066f881ead135cd4ee88cf0c80ddb796f8841fc536a7950d4f7102e0502be2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 01:16:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7443
x-xss-protection: 0
server: cafe
etag: 629801499763588852
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Dec 2022 01:16:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0073 0
0 49ms
46ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRrj7C-yFbwuFXfA-lsE21vpTFGJzpWLtVKfJ_v8u10B2ZLEwKxoKYLJ1gRDd8-h6bmfkwNtWUrOuziMkY0KaHBNPj5ng
Requested by: Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0073 153 KB
47 KB 135ms
55ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f08c94a636dea8c08b6a50658ba1200281007d4fba996ac05cd2eeb0b873d32d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47692
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670243872199174"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Dec 2022 17:42:09 GMT

GET
H2 200 83de75e735dabeddf4e705de6f0a2f41.js Show response
www.gstatic.com/mysidia/ Frame 0073 34 KB
14 KB 41ms
38ms Script
text/javascript 2a00:1450:4001:806::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/83de75e735dabeddf4e705de6f0a2f41.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355560
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14157
x-xss-protection: 0
last-modified: Wed, 30 Nov 2022 21:37:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 14:56:09 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 0073 29 KB
29 KB 358ms
36ms Image
image/jpeg 2a00:1450:4001:82b::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQlIb-Tc83fBTFG0sT5wK87x0AMnNRLKY4ysKJr8nHPzttTa2osu4Agk02wRw&usqp=CAI

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

8102bbc40c56e9c1d59491b9b7c02a1547c0f98558c57cc275447173ad2d836a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 15:05:25 GMT
x-content-type-options: nosniff
age: 527804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29354
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 02:29:47 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 01 Dec 2023 15:05:25 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 0073 28 KB
28 KB 94ms
88ms Image
image/jpeg 2a00:1450:4001:802::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQtdDSESGejVNC8sQLNXOZZc7D_E4xbXyCrqUzeyOyCSgpkXNadJ5j0BiBMgMA&usqp=CAI

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

312bba8b53066879826d9a1aa2802be89534450cfc11a2cee98fb9090b02953a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 06:45:12 GMT
x-content-type-options: nosniff
age: 471417
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28333
x-xss-protection: 0
last-modified: Fri, 30 Sep 2022 12:18:52 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 02 Dec 2023 06:45:12 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 0073 19 KB
19 KB 93ms
91ms Image
image/jpeg 2a00:1450:4001:829::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQC21pg6-ou2qV7vmW3SKpXIsF4A7C5P8IZb9tHa905MLIFfYzV3mU0VguTsQ&usqp=CAI

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

82b91c403bb4593185c877340c69d6b279f57903e9ebeffac57536b748058d5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 17:33:51 GMT
x-content-type-options: nosniff
age: 518898
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19478
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 00:33:28 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 01 Dec 2023 17:33:51 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 0073 34 KB
34 KB 50ms
44ms Image
image/jpeg 2a00:1450:4001:802::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSn5SE2axCJj14GJQXgmwf6ZQi2A-gZa7s8mLpYX8LnGZlZ_8C4Acw7-femaQ&usqp=CAI

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e0f21b5ae57fc9ddbfcdfa6a811e087f24c53ae5103b59d53856c5fc0d472e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 18:07:19 GMT
x-content-type-options: nosniff
age: 430490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34883
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 11:08:32 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 02 Dec 2023 18:07:19 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 0073 18 KB
18 KB 123ms
118ms Image
image/jpeg 2a00:1450:4001:802::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSjkIMrsok2vaTZyx_PHamCY0_kV4DcU6JfyeAOpVB71RuvQaFp3DMEOYKmyts&usqp=CAI

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1fd1dc8f5ee5cd680f4e3ce50e2fb9bdcd66fc1014b0337fbc2cd3444a9987c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 05:28:20 GMT
x-content-type-options: nosniff
age: 476029
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18747
x-xss-protection: 0
last-modified: Fri, 30 Sep 2022 09:22:34 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 02 Dec 2023 05:28:20 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 0073 7 KB
7 KB 120ms
115ms Image
image/png 2a00:1450:4001:802::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcT0FeV1VtFud1eet9cNrUGROtFFx1f64wT0uwkHl4gxUirxhJA&usqp=CAI

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e5ac72556ce8b66d98fd8bba8465b9e236a65046592f90b42f5b3f0bc8c07938

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 14:48:49 GMT
x-content-type-options: nosniff
age: 442400
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6844
x-xss-protection: 0
last-modified: Fri, 30 Aug 2019 10:06:09 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 02 Dec 2023 14:48:49 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0C73
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECohVrC2nyKeAmYoY2S661I&google_push=ASkJ3FaCLHe1a5hth4cStubBKjjd-LZdEB3Oxwjzxw_oRH7zHdQ0XCFS_c...

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECohVrC2nyKeAmYoY2S661I&google_push=ASkJ3FaCLHe1a5hth4cStubBKjjd-LZdEB3Oxwjzxw_oRH7zHdQ0XCFS_cw-SMLlgxrmeSvYQUtT4Avg4bh7VF4cJ8oi_shOoFk

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn4062-HHN
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1670434929.468222,VS0,VE89
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECohVrC2nyKeAmYoY2S661I&google_push=ASkJ3FaCLHe1a5hth4cStubBKjjd-LZdEB3Oxwjzxw_oRH7zHdQ0XCFS_cw-SMLlgxrmeSvYQUtT4Avg4bh7VF4cJ8oi_shOoFk
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0C73
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESENiZ09WV5Ermvmcyt5EgTgE&google_cver=1&google_push=ASkJ3FYn5EWsSPLzIUhQE5iZ9RxvzO8YloPDTsHiRllOTyRPfuRmInWLv67IIvlDmMkNPhMB3ik0LComFUtVuTLQZqQjVqj4s9E4
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RUYyRTc2MzM2MTkwNkU1MQ==

170 B
188 B

50ms
49ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RUYyRTc2MzM2MTkwNkU1MQ==

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RUYyRTc2MzM2MTkwNkU1MQ==
date: Wed, 07 Dec 2022 17:42:09 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0C73
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEMVsVdp3on65XDzvkA6KhiA&google_cver=1&google_push=ASkJ3FbKAfNon-dCNBXGbJXcU1uhRB0hTT6TzbNFmfZoQ4osOUzRVp-BbOAtDKS6v1ZdNnc1FlAlp0tvC5xODnaFfXdrATB...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMVsVdp3on65XDzvkA6KhiA&google_cver=1&google_push=ASkJ3FbKAfNon-dCNBXGbJXcU1uhRB0hTT6TzbNFmfZoQ4osOUzRVp-BbOAtDKS6v1ZdNnc1FlAlp0tvC5xODnaFfXdrA...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FbKAfNon-dCNBXGbJXcU1uhRB0hTT6TzbNFmfZoQ4osOUzRVp-BbOAtDKS6v1ZdNnc1FlAlp0tvC5xODnaFfXdrATB5UTnL

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FbKAfNon-dCNBXGbJXcU1uhRB0hTT6TzbNFmfZoQ4osOUzRVp-BbOAtDKS6v1ZdNnc1FlAlp0tvC5xODnaFfXdrATB5UTnL

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FbKAfNon-dCNBXGbJXcU1uhRB0hTT6TzbNFmfZoQ4osOUzRVp-BbOAtDKS6v1ZdNnc1FlAlp0tvC5xODnaFfXdrATB5UTnL
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 dds
rtb.openx.net/sync/ Frame 0C73 43 B
350 B 333ms
20ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGI--DiZSVsJxWoo0D1VjAg&google_cver=1&google_push=ASkJ3FZNYgUykd9lPazepalt7UIc6T7uZoAvjLaEzBRUSOiJ6xOBfZini2Q72e9O-NlhW58Dma7FiJXEHdkW8zlhgkKXa0pP_Mg_
Requested by: Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: lcqbe7fc73rd6cupc7t04n8ocqtfu7rb

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0C73
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESECFXBiLjNvIFO0y96phOLUM&google_cver=1&google_push=ASkJ3FaANWQA6dBdjq30HMZGCzjQF5gLCxsdRLSkqaFDC6tAPGyjmFYf5V9KyC-fRtwktWnsMtCnGD6Ga45I8...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESECFXBiLjNvIFO0y96phOLUM&google_push=ASkJ3FaANWQA6dBdjq30HMZGCzjQF5gLCxsdRLSkqaFDC6tAPGyjmFYf5V9KyC-fRtwktWnsMtCnGD6Ga45I8...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ASkJ3FaANWQA6dBdjq30HMZGCzjQF5gLCxsdRLSkqaFDC6tAPGyjmFYf5V9KyC-fRtwktWnsMtCnGD6Ga45I8as8wi-ilnrF4v_N&google_hm=Q3hlT0JqVVdSX1JKQ0ZG...

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ASkJ3FaANWQA6dBdjq30HMZGCzjQF5gLCxsdRLSkqaFDC6tAPGyjmFYf5V9KyC-fRtwktWnsMtCnGD6Ga45I8as8wi-ilnrF4v_N&google_hm=Q3hlT0JqVVdSX1JKQ0ZGNG1sZV8=

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:09 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ASkJ3FaANWQA6dBdjq30HMZGCzjQF5gLCxsdRLSkqaFDC6tAPGyjmFYf5V9KyC-fRtwktWnsMtCnGD6Ga45I8as8wi-ilnrF4v_N&google_hm=Q3hlT0JqVVdSX1JKQ0ZGNG1sZV8=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0C73
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEF4Aq2QmeaiAAVemsW3jM_0&google_cver=1&google_push=ASkJ3FZlPhhPjmwAna4hR9bkF8yphXY1xJYaYdYwIFREeCquQHm2lfcl7-oCABebJgO6iCi4mDjzmDFevC-ZlYVa_wll5np70oNI
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ASkJ3FZlPhhPjmwAna4hR9bkF8yphXY1xJYaYdYwIFREeCquQHm2lfcl7-oCABebJgO6iCi4mDjzmDFevC-ZlYVa_wll5np70oNI&google_hm=ZzQ2YmI0ZTNmMTgzZDY5...

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ASkJ3FZlPhhPjmwAna4hR9bkF8yphXY1xJYaYdYwIFREeCquQHm2lfcl7-oCABebJgO6iCi4mDjzmDFevC-ZlYVa_wll5np70oNI&google_hm=ZzQ2YmI0ZTNmMTgzZDY5YjY5NzU=

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ASkJ3FZlPhhPjmwAna4hR9bkF8yphXY1xJYaYdYwIFREeCquQHm2lfcl7-oCABebJgO6iCi4mDjzmDFevC-ZlYVa_wll5np70oNI&google_hm=ZzQ2YmI0ZTNmMTgzZDY5YjY5NzU=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 0C73 42 B
233 B 389ms
86ms Image
image/gif 174.137.133.49

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEDRoAqRUkjFBRdEPK5XJ7dc&google_cver=1&google_push=ASkJ3FaGEVzyrwmyjRX3_9B4MV5B62RTsMAGK5cElRa197NTuxvQDPCsL231tGCjqBOOU-iU0uvqacU3TEnGOAzQpc7V4XMmgw271g
Requested by: Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:09 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0C73 0
12 B 51ms
46ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KbHBCJNAMfTY0KLUhtJH-mmddINxvV64HCOu4njupeEg1wzL3964_U3gjx18O8Xc82u3qN0A

Requested by

Host: 0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

sid Show response
mug.criteo.com/ Frame 61B0
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=delfi.ee&sn=ChromeSyncframe&so=3&topUrl=kroonika.delfi.ee&bundle=mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3l6N...
https://mug.criteo.com/sid?cpp=PHwzo3xERHFUb0VXa3FRZWFMcVZTWFZ3bU84NW4xa1ZIeml0ZXhjUGIyM0RmR1R6aHBDaGtlOTNhVlRwYVNUQnFkTGtBU2Nwa2NtNHIyemswc2NoUVVYUDUrOFpvQ09GZzR6VHJhc2VkQmYwUEswTG1SSkIySjZiblJaKz...

415 B
646 B

22ms
22ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=PHwzo3xERHFUb0VXa3FRZWFMcVZTWFZ3bU84NW4xa1ZIeml0ZXhjUGIyM0RmR1R6aHBDaGtlOTNhVlRwYVNUQnFkTGtBU2Nwa2NtNHIyemswc2NoUVVYUDUrOFpvQ09GZzR6VHJhc2VkQmYwUEswTG1SSkIySjZiblJaKzdyT0VtanE0ZDlKKy8xQXFMVm5Kb2FubW9IS3N4cFZDRkw0bm1HTXpxTXlVakFxdUJwdFVJVGZjZWJYaCttdVJrZWVRLzl3RGtQU2lTeHlPQmVnd0xzd3FlRWlleE9sZ2NoQS9GRVRGUjdCQXRLMGdOc0dPbzYzb1FlcmFiTElmR0FQRHJ1RlR3WEZLcG1saVR5NnVISTRxaTlnSENndz09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

82988b54675d4bb4ed6430ba566bc19eb7e777f83535bdce2410468f1eed3d71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4422126
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=PHwzo3xERHFUb0VXa3FRZWFMcVZTWFZ3bU84NW4xa1ZIeml0ZXhjUGIyM0RmR1R6aHBDaGtlOTNhVlRwYVNUQnFkTGtBU2Nwa2NtNHIyemswc2NoUVVYUDUrOFpvQ09GZzR6VHJhc2VkQmYwUEswTG1SSkIySjZiblJaKzdyT0VtanE0ZDlKKy8xQXFMVm5Kb2FubW9IS3N4cFZDRkw0bm1HTXpxTXlVakFxdUJwdFVJVGZjZWJYaCttdVJrZWVRLzl3RGtQU2lTeHlPQmVnd0xzd3FlRWlleE9sZ2NoQS9GRVRGUjdCQXRLMGdOc0dPbzYzb1FlcmFiTElmR0FQRHJ1RlR3WEZLcG1saVR5NnVISTRxaTlnSENndz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 701857
content-length: 0
expires: 0

GET
DATA 200
OK truncated
/ Frame A72E 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 175d99eb1e12c6fa1714a20351234f13542366b9b0649250add751908eccb968

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 09CF 1 KB
643 B 50ms
38ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27080
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 10:10:49 GMT
etag: 48472445140208031
expires: Thu, 08 Dec 2022 10:10:49 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1FD3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8acafe6f4b12d740951707477252d2faf4d40ee944b015b31b3bbed8030d7720

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8123 1 KB
643 B 51ms
41ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27080
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 10:10:49 GMT
etag: 48472445140208031
expires: Thu, 08 Dec 2022 10:10:49 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0073 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b998f92e95d61d41ca185d6581bae80b77874b968aedd739d80d4c0f6b7c8b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 1FD3 20 KB
21 KB 224ms
36ms Font
font/woff2 2a00:1450:4001:80f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 21:33:43 GMT
x-content-type-options: nosniff
age: 418106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 21:33:43 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7DD9 0
0 147ms
146ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120101&jk=557284032441897&bg=!tbaltvLNAAa7eOFIm3g7ACkAdvg8WnSxIcKKYnwOfG3_isduHY2zOpkCbRESchwzm1Q165voFFNjsQIAAACoUgAAAAJoAQcKAFb6RbK1tEePMj5DbzWUBoVWUQIGlLFosAuM2RWFieumzuWcMvjx7-Uglshty1Ps7se5aY1KfPMD_AMomT5v5vbxyx9k0kGrlHsM-Pyzwl1g2OnPX1IxhZkC13G5fYAx6akGme0yV96EKWm6evDzMryeJ4MSk5VoX0au5qOCB8RQmDTk4aUUAyJ3bIx6xFMZwau5ScivDDICMK5nN4K18S9kGlbrtgDNza0h9fr9t7GKMhfTMt5n4RcRaT24JWcuQ3ZkSxTfSDS_YPA5p-jj3G-l8Yi8sn7aY-8vIV4xIUKkgyemzMvTdYrypzDW44H_MEGuv76KpyyFgE07Fpmm1aKkQAFrQvPMOX01BHwv8omT8H9VUItgbWrYSxM4aYxZsRchWBkH3uj_ULUXCgPjCwKDi413E124kpLi89hR3ICceVDxDNHunUkLI6c-aKCk6f5jw4Ty3fXmeyDX2vDBRPqcjd7aE8XlX9zPDtjN1iCPUEk2ohyyhb7R_aDIdgTVZyEbeeG-kq20Uu3jYbI8yPK-c5AWMDGTQpQuCAe_SzXg7T-SLyDDzOmjEbnqB5mXAQSPJCWlYsrudXx9AM6B8IkTI5XSCAstuCEUMf6TLjHWyifyhEVigsUIIaRq0IUWSd4QptnFAOKFN-1nIwZl74qzuqQnTxC2_ybUIF2kCiHx_f0nL7anq-3hkonBonx4vBpwXeSBW5XK8fE0DjDevdQ7vpwBuXowSVvBSKcf1NmkrmFpa33cdYDkwbQ7BONOcDlmowsg7yIfBDiECKIjbS7yQYAJlhGEa7bPkrkGJ_UPb9IEGWxIOLTVfYDbZsv99C-j-QDi82e9drpZUQ81gq1r5LnaBBhztAJ55AKYj3p9owb41k386WHn2fv_QYptY2SWEEYjpIJ0O-CFQRJzZd7MD7nlYGcl5aeA7DZassw_xsZtjPwZR3QFbtOsqo8wWn1Gz5aCY5wxYJ5g97MwC51frw9Si550-817l4qDBBTFc7WFEm3cwDWOn8fvNIcyM1UprpJapP1qsn714_q-GYfjMQoOXAG9vzXGXU9ed31AGqLctRQGn1T8GEit5OHE5oY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 0073 20 KB
20 KB 187ms
65ms Font
font/woff2 2a00:1450:4001:80f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 21:33:43 GMT
x-content-type-options: nosniff
age: 418106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 21:33:43 GMT

GET
H2 200 publishertag.prebid.132.js Show response
static.criteo.net/js/ld/ Frame 5313 89 KB
29 KB 26ms
25ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.132.js

Requested by

Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 08 Dec 2022 17:42:09 GMT

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 9FDF 0
91 B 55ms
40ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Wed, 07 Dec 2022 17:42:09 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 3752 2 KB
1 KB 28ms
20ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y5DQcAAGuVQCJ7LIAAO618K-IaxqqL-tw220bA&u=%7Cnk96nItqpCnP5TFjWtHDOYlG6jIjvtdv7L7wTxZrQD4%3D%7C&c1=UbEogq-ADiNBjPo1rbOP0Ehtz6KQg1hE74PursDfbSrTTODPyqm-FFa-X_uCmy4tCZpjpvEIbRNSvdMGQwUM-NcO5HPl8ue5ZO08dZykgxvdR63nXohYatHJo1U1ZhvL3Y2gXduHj7KaX3ZRJKsjAOKNOSEFegYQXB1gZLNIxqIOGWhc_sUZdxPjE4I2LwgSk0vNzK-PmJ6LrKQdZ3UGTVSWPPywIJXDAkU2O9TOkkZWzhVrqZra08RLcyHAw0sCBdhMLhFaHicSwf85uHNldovBS8NxXggMIMhV6HGDXdu73WLwl6miKR0XrS_y4P0uSiA98kgO3md2NwuvXK6xda05Ts0sx6_NMU4lK8fIkUSMvR245X37d5n3DmHMjHw6BYBS0UFHdQaHGSaWCLmK56ppPX0viRZbfaqv4gKRa-TcaGwuGyw6DTYmg8641_ojXSF80x7Z54Se6Qcqbm09cIK3vK6tUsfmrbZgA0b59cgmAHla9wFJQVA3pyCKDTTyPi9kmM6OYrzDYrlWcluNE5ilKXR7yWZKFG7GiPabSwBoZ-g8xwiEdlyLy5qXh6fbzt6_lTxtqa3V5KBEM1dox4jUvott5rDyygv97ToJGuwg-tvIDJ4zpNBHZ5bVx_ldNFrPy4t7JRs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKtKncNCQY9TyGsjlnsEP1_WOsAzJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTMxODI4NTgwODk5OTMxOTbIAQmpAjSmC2Z_rrE-4AIAqAMBqgTwAk_Q6za8JITAWhURVJwlj8I0HkAFaiNwPqVUcvdJxV92PcIKq4KT5IGuZ6GKI8xXxNywHK1MOpoS-iqWLgRbFhGTqcjxN5txzCbuoLLYoJghPgM_UlZSOIO1QtnmqGt1HoN-RUKBpNI5xXmbvtbGyelqKJiBT6gnWHOjs7DySAfm5iIzFZwPCLjZ5BKFK0oOllBgJB1tCkQZNnQUjtbKYETOfuPk9vqU2SBO4YvPqqO-Q4fRszuHzHNV9H2ccyxvzmiHqyo1ABBJPTut83kgR_ve8RJ49_cH1JbWM4Pm4d-KTtQLtyminE8ACQmuvJ1pypg5QZVTRRfgD5ikI-aKzgd_qug4E9R4N8jl3pV0ZZDiIXxdpPqinQxGNfIMUNF2y3qdk3IcCB-B430RPuJbQrowtD4se99U5cPGXdhaMoDAncV5DAJxCWIphOrIuvD0tvwcAfBo9aZ4XlBr21-8Fhga6H4T4ISnQ6HM_3_Az1nE4AQBgAbn44zkhL36rt8BoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNjczNzI1NjI2OTI1Njg4NvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2QqcMjwfw-F3QzOZwTgTP5Wlqr5Q%26client%3Dca-pub-3182858089993196%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 02 Dec 2023 17:42:09 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 3752 2 KB
1 KB 25ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 02 Dec 2023 17:42:09 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 3752 308 B
636 B 19ms
17ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 02 Dec 2023 17:42:09 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 3752 293 B
621 B 16ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 02 Dec 2023 17:42:09 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame 3752 43 B
348 B 81ms
24ms Image
image/gif 178.250.0.160

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=WQpqjdCmXsD_bLBDiYAmcGDy4PkE8gfvdHgTp25phzNtvFgztTEuaCOPRGreDkkNw--OseYcjpxid55RoyFpH5KHs3gpf4_suTbUX4jBGD4CtNqbJdzRGFucDu5UjxLxjNKmFsoDaA--lY_AuIz1FjZN1YUeF982mkwZkK4-iH2Lzb_SOPcs3dHsKvhDcbbqJnuWSNsl96EgNaF2QvV0aO4kx4BiVTSHZcmblBgL1nI6GbJP2Bw4gN6DD4ggl8IF-_bLiDerfWP5DQ_Shope4MsvbC8xEvNbMf57sfgfGGUwYymhJZrrZkQSdehXRnDrS7fC-mhk6jC75hDp5P0emgfnHu-PsvYbmsrfa0wrwNxhiW_E3MH8JlRD-KODb-5OpqNTWu53G44Z2Pl6LGkcShLzQAKrdtmCdVyfUL7SoDdIqtVU

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 4368857
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 0AD2 15 KB
6 KB 18ms
18ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=kroonika.delfi.ee

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.132.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 17:42:08 GMT
server: Kestrel
server-processing-duration-in-ticks: 2120551
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 3752 12 KB
5 KB 62ms
41ms Script
application/javascript 2606:4700::6811:180e

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1814897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nr0u%2FdqHlsLMd4t4Y5bWSQWU3w%2BrjDmHpSj2elQLDHzjFxYWlkUUgcPck%2BOSMQ5ogrzkPVZm%2Bag%2Fy85%2BVCC6E0tcW0dc7EaLC680ML%2BGyhvLZ5bb65nBM8m0SNxBDjfBu%2FUOScwp2C4aaKQ8mTTibrpX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 775f0e659a21bbf2-FRA
expires: Mon, 27 Nov 2023 17:42:09 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 3752 12 KB
6 KB 20ms
20ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 02 Dec 2023 17:42:09 GMT

GET
H2 200 3753f6ac31b748bf945ad731cbf52c0b_skyscannerrelative-book.woff
static.criteo.net/design/dt/ Frame 3752 68 KB
68 KB 29ms
29ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/3753f6ac31b748bf945ad731cbf52c0b_skyscannerrelative-book.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b40ed885c6eabc68309c7e3377008ec3aaba2add66e43fcf6fc2851cdc6a2f98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 29 Jul 2021 10:27:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"61028283-10ec0"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 02 Dec 2023 17:42:09 GMT

GET
H2 200 e228b6a4e90947dcaf6c5ad0025ee925_skyscannerrelative-bold.woff
static.criteo.net/design/dt/ Frame 3752 68 KB
68 KB 32ms
32ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/e228b6a4e90947dcaf6c5ad0025ee925_skyscannerrelative-bold.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

9cb93fc023cca355260310e41056be397ecad26f94a578c5b147762b40fc6d3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 29 Jul 2021 10:27:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"61028283-10f14"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 02 Dec 2023 17:42:09 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 3752 0
128 B 66ms
15ms Ping
text/plain 2a02:2638:1::17

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=h6HB2B-alKu4Tdzkxf4wbPMmDqZVNGFHtur058kNBqGRo85my0EmcJWex2TBsEjZRG1IHK7BS0OZL0yuOxOFuLGuJ64jkM7Q8TZLqKZS1MMSPb2oRZ5vpWRC_xG_Rtr3BCNeHIxSvd_xVpJnbo_3hmdvups8CHwkzqphuzjqR23maDA5MLV9kdGkAR_aQcayrLCZYakb4pvIHmRob4INULktLRz7PehijDibTakh6-GwH7HdJefCRjSi1hg&sds=2&rev=83862&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 -, , ASN (),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 3752 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 02 Dec 2023 17:42:09 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 3752 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 02 Dec 2023 17:42:09 GMT

GET
H2 206 e7cf04b0d6f0470ea83342559f3c9831_showcase_16x9_2.mp4
static.criteo.net/design/dt/2936/210730/ Frame 3752 1 MB
1 MB 23ms
23ms Media
video/mp4 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/2936/210730/e7cf04b0d6f0470ea83342559f3c9831_showcase_16x9_2.mp4?ibv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

bc088667e6fd51be04d5f244ecf781d63c479bcbb73aa672e12d3150b1fb7192

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 30 Jul 2021 08:11:16 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6103b424-12a759"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-1222488/1222489
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 1222489
expires: Sat, 02 Dec 2023 17:42:09 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 0AD2
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=delfi.ee&sn=ChromeSyncframe&so=3&topUrl=kroonika.delfi.ee&bundle=zApO1l9xVEZPOWxybUwxQlBQa1AySUhQTnUlMkJxVzJPc29iN2xRUkd5QTN6SmdUUmExJTJGV...
https://mug.criteo.com/sid?cpp=EEloyXxDZzFNMjB6VFJ5ZnF5SGJCTzVJcXJvc0dxYVZCN2VaMjdLSHlDaG5zdE95RlRhMUp1WVlrNjAxVlN0V3R3YkEvTytaeVpqSi9nVDlneTBYNG9CQ2ZGOWZhQ1FGL3Z4NlIvczVoaTVQNGdsTjRLQzZZaWpnRVpWUD...

430 B
651 B

23ms
22ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=EEloyXxDZzFNMjB6VFJ5ZnF5SGJCTzVJcXJvc0dxYVZCN2VaMjdLSHlDaG5zdE95RlRhMUp1WVlrNjAxVlN0V3R3YkEvTytaeVpqSi9nVDlneTBYNG9CQ2ZGOWZhQ1FGL3Z4NlIvczVoaTVQNGdsTjRLQzZZaWpnRVpWUDIwb2Q3MUtsL3U5TkRjbmVETnlHTitUcC9saGt4ampITVFYeVppaDJJdGVGY2xvS2ZxKzZYQ0pVR0pqdzhFMTZLQ2xGQWJwOFBnSG1wR1J6d1hvR0RKL3M0aFZhQ0xLbVA1MFJjTWxFOHh3cFY0VVN6UG82MjJRdGFxMGZGM3loVHJoTnl2bkJjelc2QXhxM2hvVXVEK1F4cnhPck1TQT09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d448536317882d8033f13215d287f666ce2a3ef2d5d1d8bb14580298563ed62e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:08 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3995021
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=EEloyXxDZzFNMjB6VFJ5ZnF5SGJCTzVJcXJvc0dxYVZCN2VaMjdLSHlDaG5zdE95RlRhMUp1WVlrNjAxVlN0V3R3YkEvTytaeVpqSi9nVDlneTBYNG9CQ2ZGOWZhQ1FGL3Z4NlIvczVoaTVQNGdsTjRLQzZZaWpnRVpWUDIwb2Q3MUtsL3U5TkRjbmVETnlHTitUcC9saGt4ampITVFYeVppaDJJdGVGY2xvS2ZxKzZYQ0pVR0pqdzhFMTZLQ2xGQWJwOFBnSG1wR1J6d1hvR0RKL3M0aFZhQ0xLbVA1MFJjTWxFOHh3cFY0VVN6UG82MjJRdGFxMGZGM3loVHJoTnl2bkJjelc2QXhxM2hvVXVEK1F4cnhPck1TQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 670149
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 09CF
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEBLmwOlxEX5nMQQbxLKM_Wg&google_cver=1&google_push=ASkJ3FZ4E0uG6Z2NOCkvvPOBtMqsPbnUL2OuxKyL9hakQGR-eQMQjVnUIZHcvy0UKLFCSb21cYUKWhJqJXf9XtNMujyseOuO2-Lm
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dlV5RDZzT2xDMS14SWNSRmN0Q1FZdw%3D%3D&google_push=ASkJ3FZ4E0uG6Z2NOCkvvPOBtMqsPbnUL2OuxKyL9hakQGR-eQMQjVnUIZHcvy0UKLFCSb21cYUKWhJqJXf9X...

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dlV5RDZzT2xDMS14SWNSRmN0Q1FZdw%3D%3D&google_push=ASkJ3FZ4E0uG6Z2NOCkvvPOBtMqsPbnUL2OuxKyL9hakQGR-eQMQjVnUIZHcvy0UKLFCSb21cYUKWhJqJXf9XtNMujyseOuO2-Lm

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dlV5RDZzT2xDMS14SWNSRmN0Q1FZdw%3D%3D&google_push=ASkJ3FZ4E0uG6Z2NOCkvvPOBtMqsPbnUL2OuxKyL9hakQGR-eQMQjVnUIZHcvy0UKLFCSb21cYUKWhJqJXf9XtNMujyseOuO2-Lm
date: Wed, 07 Dec 2022 17:42:10 GMT
cache-control: no-store
content-type: text/html; charset=utf-8
server: nginx
content-length: 243
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 09CF
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_push=AS...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&google_nid=index&google_push=ASkJ3FYrCCZdrgDku8-Ikky6p3YjoyzKqte6b...

170 B
188 B

47ms
47ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&google_nid=index&google_push=ASkJ3FYrCCZdrgDku8-Ikky6p3YjoyzKqte6bmVTOhEp4k-pJiB2N5W0c1a8117hp0EuXV2wKhYkx_XbYz94wSh9gxfL9ZzBwrsR

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pPTkmt76gidgv6xV6CR8%2BhR5CArPJZqXiE5RjIJFIZy06BzaWnpN%2BTO9IfIlsW%2Ftg%2BjtOyCylQ%2BDt9F%2BpygAl9DrFwBPrllEiOwGWsWywCA9CHgfTErR6qPSldswC09BUNMN8Cm9nrFSnA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&google_nid=index&google_push=ASkJ3FYrCCZdrgDku8-Ikky6p3YjoyzKqte6bmVTOhEp4k-pJiB2N5W0c1a8117hp0EuXV2wKhYkx_XbYz94wSh9gxfL9ZzBwrsR
cache-control: no-cache
cf-ray: 775f0e681c1d92a5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 09CF
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEJQO7DC2Js5WAJsZ9QGFJOc&google_cver=1&google_push=ASkJ3FbIPmdwvws-YO0BSIUb4N9NLIYefLqFQtd_SXgg-wGiZqChYsKRAqJ16WCFMUZuwRxJ8V3nilwEcK5muOYl...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FbIPmdwvws-YO0BSIUb4N9NLIYefLqFQtd_SXgg-wGiZqChYsKRAqJ16WCFMUZuwRxJ8V3nilwEcK5muOYlI-j7AK8UaCi1

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FbIPmdwvws-YO0BSIUb4N9NLIYefLqFQtd_SXgg-wGiZqChYsKRAqJ16WCFMUZuwRxJ8V3nilwEcK5muOYlI-j7AK8UaCi1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 07 Dec 2022 17:42:09 GMT
via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FbIPmdwvws-YO0BSIUb4N9NLIYefLqFQtd_SXgg-wGiZqChYsKRAqJ16WCFMUZuwRxJ8V3nilwEcK5muOYlI-j7AK8UaCi1
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: 7FH7PCwgdP1XqJvlBrbjt0wa3EarZb9lWcpWCtTzL739iCrg7esAnA==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 09CF
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEFsZ7wK2vC2rjem5UC4K1pI&google_cver=1&google_push=ASkJ3FYL6jY2QeHKxj07E0UFgu42L9j5e3wUztCzvRLAGKFLoq9-rIOhGLpT69URyha29LrSZKX4y0P5Vwfykmy19Bo3A96jRQm_
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ASkJ3FYL6jY2QeHKxj07E0UFgu42L9j5e3wUztCzvRLAGKFLoq9-rIOhGLpT69URyha29LrSZKX4y0P5Vwfykmy19Bo3A96jRQm...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU0MzM3NDQwODYzNzMxMjg2NjA0Mg%3D%3D&google_push=ASkJ3FYL6jY2QeHKxj07E0UFgu42L9j5e3wUztCzvRLAGKFLoq9-rIOh...

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU0MzM3NDQwODYzNzMxMjg2NjA0Mg%3D%3D&google_push=ASkJ3FYL6jY2QeHKxj07E0UFgu42L9j5e3wUztCzvRLAGKFLoq9-rIOhGLpT69URyha29LrSZKX4y0P5Vwfykmy19Bo3A96jRQm_

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU0MzM3NDQwODYzNzMxMjg2NjA0Mg%3D%3D&google_push=ASkJ3FYL6jY2QeHKxj07E0UFgu42L9j5e3wUztCzvRLAGKFLoq9-rIOhGLpT69URyha29LrSZKX4y0P5Vwfykmy19Bo3A96jRQm_
date: Wed, 07 Dec 2022 17:42:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET pub
cs.chocolateplatform.com/ Frame 09CF 0
0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 09CF 0
75 B 519ms
17ms Image
text/plain 185.86.137.107

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEJlrWfejFA4xGm8OH2iS2OY&google_cver=1&google_push=ASkJ3FYivKFD0rjBxDYqINdjFMeg-mkDPJy8fB7DsgLC4ob6mN-FE7ZMKKX6Ea_39efg_qHkgJHlGwKI9bCIUw2XP0XuJ9KWn47C
Requested by: Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.107 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:10 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 09CF
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEHOyfVealzt-Dhd7EaMAHnQ&google_cver=1&google_push=ASkJ3FY4k6RtgXTsXFoDq-OlcjW2DRrrrd4w8lVQDX8CnsbLLaJfcQPq1H0nlHZqgDgAYYW6cKo3ejbUq-baeOw-LrcP57O...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ASkJ3FY4k6RtgXTsXFoDq-OlcjW2DRrrrd4w8lVQDX8CnsbLLaJfcQPq1H0nlHZqgDgAYYW6cKo3ejbUq-baeOw-LrcP57OQedTMPg&google_hm=MjUxNTc5O...

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ASkJ3FY4k6RtgXTsXFoDq-OlcjW2DRrrrd4w8lVQDX8CnsbLLaJfcQPq1H0nlHZqgDgAYYW6cKo3ejbUq-baeOw-LrcP57OQedTMPg&google_hm=MjUxNTc5ODIwMDI5NDU0MDIxOA==

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ASkJ3FY4k6RtgXTsXFoDq-OlcjW2DRrrrd4w8lVQDX8CnsbLLaJfcQPq1H0nlHZqgDgAYYW6cKo3ejbUq-baeOw-LrcP57OQedTMPg&google_hm=MjUxNTc5ODIwMDI5NDU0MDIxOA==
Date: Wed, 07 Dec 2022 17:42:10 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 09CF 0
12 B 48ms
47ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LwnwPcdzqdVWTWgLQwftHkZgCvYciV2ABiimgb4MOsHW8Q3I5npCopp8gVCegwyer_RNVuDA

Requested by

Host: 6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
URL: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 8123
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESECtCFgYAZYJ1ZTh0vGMaoBE&google_cver=1&google_push=ASkJ3FayFWOdvOWPFZPI34QPDw-oUgYAqqj8RP1k7Ni_klVeNV0PwEhv3UB2WQQ6o7dJuTn5nhrIJ3j10q_KZM8yKhZ2YNhpjC9O
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzA4MTEzMDA1NjA2MTI4Mjk1Nw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECtCFgYAZYJ1ZTh0vGMaoBE&google_cver=1

43 B
398 B

88ms
50ms

Image
image/gif

2001:678:cb4:bbbb::11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECtCFgYAZYJ1ZTh0vGMaoBE&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECtCFgYAZYJ1ZTh0vGMaoBE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8123
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEBAjLX_zMbB_shqTFYutw7Q&google_cver=1&google_push=ASkJ3FanlJA9GBX4CRDvllalbwpez98gE-4-hYEuvxgJbN8r6lSFwTE9Kvib1cCccSJtVFS2WKumPuZ2qIuAatU0...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=KVNjkNBtRgCbp8uy5Yp3Yw&google_push=ASkJ3FanlJA9GBX4CRDvllalbwpez98gE-4-hYEuvxgJbN8r6lSFwTE9Kvib1cCccSJtVFS2WKumPuZ2qIuAatU0NfxDWof-...

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=KVNjkNBtRgCbp8uy5Yp3Yw&google_push=ASkJ3FanlJA9GBX4CRDvllalbwpez98gE-4-hYEuvxgJbN8r6lSFwTE9Kvib1cCccSJtVFS2WKumPuZ2qIuAatU0NfxDWof-SFLI

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 07 Dec 2022 17:42:09 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x3 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=KVNjkNBtRgCbp8uy5Yp3Yw&google_push=ASkJ3FanlJA9GBX4CRDvllalbwpez98gE-4-hYEuvxgJbN8r6lSFwTE9Kvib1cCccSJtVFS2WKumPuZ2qIuAatU0NfxDWof-SFLI
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Dec 2022 17:42:08 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8123
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEDN7qs1HiHws2LhZlrALxCw&google_cver=1&google_push=ASkJ3FZ4Nv964z0rfvdyGzEDs_otgMHAzhKDJOGUlJl9xPFjtYWxi9YWCspTGefikY4D7IXnXcDlZ6r_AAVb-ljDyZEmHU1dLko
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=61F61CA7EF004EFC9293008926BEC4F4&google_push=ASkJ3FZ4Nv964z0rfvdyGzEDs_otgMHAzhKDJOGUlJl9xPFjtYWxi9YWCspTGefikY4D7IXnXcDlZ6r_AAVb-lj...

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=61F61CA7EF004EFC9293008926BEC4F4&google_push=ASkJ3FZ4Nv964z0rfvdyGzEDs_otgMHAzhKDJOGUlJl9xPFjtYWxi9YWCspTGefikY4D7IXnXcDlZ6r_AAVb-ljDyZEmHU1dLko

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=61F61CA7EF004EFC9293008926BEC4F4&google_push=ASkJ3FZ4Nv964z0rfvdyGzEDs_otgMHAzhKDJOGUlJl9xPFjtYWxi9YWCspTGefikY4D7IXnXcDlZ6r_AAVb-ljDyZEmHU1dLko
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 06 Dec 2022 17:42:09 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 8123 0
173 B 192ms
44ms Image
text/plain 34.96.105.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEANoyI-atzw37AAgkyGp35I&google_cver=1&google_push=ASkJ3FbpCP_lB5g_Bi14iYatuB4glk7ZAI6BdGmV1qNrDEbZcrfyjAC2BZGHzExv7yJCzxhGCMU5ET8mpTT8NGQU6v02svNw41wJ
Requested by: Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8123
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_push=AS...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&google_nid=index&google_push=ASkJ3FaA2FTjXmsbSw6JECB3Q4V5HrGoDfx9H...

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&google_nid=index&google_push=ASkJ3FaA2FTjXmsbSw6JECB3Q4V5HrGoDfx9HwHU6E8WXVY1Mkyn_Q4ZW47S5QjJKfO6j99KcwkgUM3h5-Cbs8sFVtRq3OlJ8BkA

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZVAxi4TuaOSvWfCTk%2Fl7XRKcaIj%2BKRj2m2mEf918qq%2B6jw%2FhgfQ2bJ8iDvsalGdsqFZqWxx0lvENCWFKvxjWQJ4F7kI7BZa8P3NhO%2FpkF1jR9puzhmJPgEY%2FiQ%2BnvuGVmVeck5%2FKGKwJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&google_nid=index&google_push=ASkJ3FaA2FTjXmsbSw6JECB3Q4V5HrGoDfx9HwHU6E8WXVY1Mkyn_Q4ZW47S5QjJKfO6j99KcwkgUM3h5-Cbs8sFVtRq3OlJ8BkA
cache-control: no-cache
cf-ray: 775f0e681c1a92a5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8123
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDjYtZ6OkxenSXkZp0_DhzI&google_cver=1&google_push=ASkJ3FZJS4KZR6sHxSpH0_0dPMEumsZq1ukFNQrLG9LKjKvSE-FXjLjipai4jYfO5qsbDx_CnhavkDf8VVwQ...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ASkJ3FZJS4KZR6sHxSpH0_0dPMEumsZq1ukFNQrLG9LKjKvSE-FXjLjipai4jYfO5qsbDx_CnhavkDf8VVwQ7RyHzll_ibP99vCM

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ASkJ3FZJS4KZR6sHxSpH0_0dPMEumsZq1ukFNQrLG9LKjKvSE-FXjLjipai4jYfO5qsbDx_CnhavkDf8VVwQ7RyHzll_ibP99vCM

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ASkJ3FZJS4KZR6sHxSpH0_0dPMEumsZq1ukFNQrLG9LKjKvSE-FXjLjipai4jYfO5qsbDx_CnhavkDf8VVwQ7RyHzll_ibP99vCM
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

/
onetag-sys.com/match/ Frame 8123
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEDjYtZ6OkxenSXkZp0_DhzI&google_cver=1&google_push=ASkJ3FaKYCeGZWo_9MW2bkop6qOK4OujTo6HC_NbY2v4OjuwHhieWytv0hcjfcAWsnSkCKO6srJm2TXrwRS...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ASkJ3FaKYCeGZWo_9MW2bkop6qOK4OujTo6HC_NbY2v4OjuwHhieWytv0hcjfcAWsnSkCKO6srJm2TXrwRSutNronoR3nk89m2AbCQ
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

8ms
7ms

Image
text/plain

51.89.9.253

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Protocol

Server

51.89.9.253 -, , ASN (),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8123 0
12 B 49ms
47ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IEXV1ig87Sbl_hl5BNsHy8JHkIukTPMDQGBYe6Y7OrEQfqrDuPpx2fWNrFNl0E-uc2CGAsfA

Requested by

Host: 9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
URL: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:09 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js Show response
pagead2.googlesyndication.com/bg/ Frame 67BA 36 KB
16 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16919
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:00:10 GMT

GET
H3 200 T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js Show response
pagead2.googlesyndication.com/bg/ Frame D3FD 36 KB
16 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js

Requested by

Host: kroonika.delfi.ee
URL: https://kroonika.delfi.ee/artikkel/120110364/eesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16919
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:00:10 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7437 35 B
470 B 28ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5084446025291268402@@48614980,6386683915741368289,0|0|0|0|0|0|0|0|0||0|0|||||1|0|0|EmmdRxTJWh55lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4GgY7pHqiKHxvgQOIZBYC1INkAW6OdCBF7A2|nD5YIuf_TIa_8YJybgzkznZPtgP1s0ZtHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciiin6BI2OIDRcVOSWsPRL4ubt1WQ3lWwdg59z10szoBKTudruttvIdtDfGHYhGEBzsXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11CFH6nNkx_Tvqq5k3eQFWhvJzwpuiX5uzJAUEiXLohB2n5DrdWxfMQf-_J-dpdk2BEFRoqoHLMiubG9Tfq5DJVIHpLYUYizrl_4FPDAm3kwqaKO5bnWbqACrBJD9KfTTnpT9K7WtiEFJdSoZH7Cf12G91XJG5L6dHFZA2h9ITGl7S07Wn8k-xU_Peg91arP-6PG8vymJUoZVOxOVRvmbc8P9ey9Hz7E14BcXrmMXozfbvWqe2kU2Kiyy9rNXBFe4s4fL4mad3kA_4F3HsUVYuIc6LfYEOzGHXA7z_uuw_WOM1|1|11|0|0@@48615251,148439025013950122,0|0|0|0|0|0|0|0|0||0|0|||||1|0|0|sy4qMPlFvdx5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4GjaCkuiA6bQ0EJ7Sjf_bLX5kAW6OdCBF7A2|nD5YIuf_TIaref20VIODHA0DlzHD_EqoHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciin1jH-xn6I5UEDQjNhmY4wFvjabQjvA2OxezFzkxv7AFh7yZDYkU9noRzMQZFNLc-nFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0gZ90co6ScfZKFAa1zW8oCrCEcwVdWotqX8Ye-apRquHh0LadVUDNuk1||11|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7437 35 B
470 B 28ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5084446025291268402@@48615251,4522777917097286484,40|0|0|0|0|0|0|0|0||0|0|||||1|0|0|sy4qMPlFvdx5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4Gqd25uAJiO8Xi4q8kt0nyuVkAW6OdCBF7A2|nD5YIuf_TIaref20VIODHA0DlzHD_EqoHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciir8CgA6s_V6hvQY6_1vJ8rLQ0YHcZWvA32NGXb1Nsm2Nu-nUHaAYTD4RzMQZFNLc-nFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjh0LadVUDNuk1||11|0|0@@60045604,53601198894745165,0|0|0|200|1841|0|0|0|0||0|0|||||1|0|0|d9Sxl5MzRm15lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4GrL015AFXL9CulUmmbR4ERJkAW6OdCBF7A2|nD5YIuf_TIblc6QkIrA5Myx6lYBuTKbCHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciij8-Sl8zmJjFKH4lDqgYiPD4d1kzzEIA8Xm8GrW6ASaqiq82QMYQdBr5qQ5eDETz_nFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhv7L_o57ZL5ng2|1|11|0|0@@52259268,1049117389390255247,0|0|0|200|1841|0|0|0|0||0|0|||||1|0|0|qb7HjyPalCDxBx_RTJEBJ2aOioIwF8XcJoW8BgOD6VwR5J_1i-5NAfL_QlhaeLlf0||1|11|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7437 35 B
470 B 28ms
26ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5084446025291268402@@60046065,1636714356154275772,100|4824|0|0|0|0|0|0|0||1206|0|||||1|0|0|txWOJ7hybhh5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4GrL015AFXL9CulUmmbR4ERJkAW6OdCBF7A2|nD5YIuf_TIatuMovGlnfNruRWU8jbYd-nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciio9e8WWz71rJGHBmtPu7N5FSqcwzdCso9JTxd82iILd1xXAl4m320ye8tFDxYPxcOnFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhsXLWvpLcCdKw2|1|01|0|0@@60128054,7188545806036828487,0|0|0|353|2299|0|0|0|0||0|0|||||1|0|0|aBtvunFqNDJ5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4Gjq96O_HJHXBkuDpG2z7_6FkAW6OdCBF7A2|nD5YIuf_TIYJW1o2o5d_RucdEbKG9K27NJGRRU3BhjMRJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciiu8MzMrKMWY2sGtgjfyFDX9s0er9BiNWU_np379WcwZtgWUNseD0VrGev23ojFs40nFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjh0LadVUDNuk1||11|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7437 35 B
470 B 28ms
27ms Ping
image/gif 37.157.2.237
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5084446025291268402@@59608988,7578805727504212994,100|4501|0|800|1150|0|0|0|0||94|0|||||1|0|0|fBu1JHGLCWZ5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4GjySYV8KrECRGHNgWaELV-VkAW6OdCBF7A2|nD5YIuf_TIaS-mwBdRBNshQTA2h_zpI5nHMZ0pAgl68RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciipgyXzcmYtzeiXypNwto4Qs_wGtsFlA_gRG14gPy_uADC5xuFnjd_ze8-wWkU7tDPXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3Xjn-xmpvcLKzEwJ_dfLtPn_A2||01|0|0@@59586400,4054163688644432563,100|4723|0|0|0|0|0|0|0||1574|0|||||1|0|0|40M42WCbHxd5lT90q-mtzSwfhYJFo1RNScmBMvw1k1o-ifRR5dQMsaF9WWpVBJD3Y9MCNLUDM_hdGWAHLpZ4Gv041y3KWyvqbJJNuTGHckBkAW6OdCBF7A2|nD5YIuf_TIYVwk06H5Z3uA-UKhUZI6fAHs0S4XDfvH8RJd4KoiEGuJ64XXOQnUevib8FdwLHFo0BtzteIpciim98h4Y44EYAlLs_KZ9CVp3mnapyvrlhJRzwsOPfTpfxG1OopE-qwQxlJ0QIrUe_VXFNbdWUUaeHlCv0WMHyIcl_SUyxNHI0glrvVhVDAs8mxepLudoaLImfcgrpSEF-0MCrdTd1tRFqRE6_MbJm3Ts1STX_xBz8hHnUdxXEjXpvHm98btpGtScr9pGbIvyWkwpLnuJFvGyjb_gid-GHh66NXFlV80v6tlclhip4iPLoLa_r5Id3JUkFduGQ3aw6prb7j48RMt11Tg0pWoSjPwg1OvL7_7VoM3jz--vUsmuTBUT7zlDe3AutMxtRX86Q73gORKsYtLHOMIJ7AESLMm-WNwiqf4QnIN6MirTaNiPDiERF-_nAva3kkFZ-lOWt2Via5i-u2g72jdXfzsk4W8wUCmYgzL3vcTZX7V-9LQFLpcoAJb7hCLPoSgO253YaUujELMIe0MeRPs0oFetTA4nVevAEW8be0scnGUPLjdzxKFAa1zW8oCrCEcwVdWotqfz_dnJ7_3XjVMZlY6rAbhvusmYOe6DKaw2|1|01|0|0

Requested by

Host: af1.nh.ee
URL: https://af1.nh.ee/stoat/626/af1.nh.ee/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kroonika.delfi.ee/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://kroonika.delfi.ee
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5313 0
0 144ms
144ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120101&jk=2888457196269617&bg=!HxylHFjNAAa7eOFIm3g7ACkAdvg8WgEmCCccNfLcymGD0Q8VKusKtUUPqBkSYRYJXYe4dV3_v2lyKQIAAAEkUgAAAAJoAQeZAuJJ9uEXllHq7L13FUrZRRIS4DjPrVDU5Rz_dHj5wtxdyeZUxPyX6nMoUD2DaDyawL3FvShhJdLrLheUsA6e1wXEbJKzoWMgMYNsRCOw4NXQJwNVNN9tUiqeyrsJcfA5Jqt9rR1bG1cBtpgg-BhPHmm0kj6hAkuxBv_sso0wz2JC_2JCqOGcavrmUUzFqIybuzncKTs4-jMddwqaqpXrUMetWuGWEhjSgUwXGJJvdfOwlBoKZGBa59iOMe93w9PvNeJFl_f5YUW3kh23xpbvvEPT-0w78XqItm-taMaOfSp3258E3zBgzNCBmNJjbL26oF_ZW2bpb230P0hgLFOWBBNaWlahFCZVK8UBELPImUUF1zbS2mKGeJpzquXBAgR-WCG-QYknPvH_8P7pSQK-gXzw8bCsNr2cJU1o-GJ5U6fYohUEia6Q_011fAEAKH7QJ--031m-DGPQs6y0IjeTNEJrmKVt661pKHHs50Ya_tmRB3PDYk5SrLZkvTg6CgSW7ZXetHy_0VSHsQb6yB11LumYajacF0tzYrff2_sA9cO_ALBq_Jb68SB-omAEr8DcJ-VKGduwluMCfsk1t_9ikZJAuOKZO6dPrP4zKK4d9q1eIUgowV6CUU8TE54I5KHWUh84D1aR--0X8_iz7ITdbIT5yotdL-6jPPaFf7zXNtRzPkSRwLwVthJU7kpIbRWtGwmR7fD8RdFfD2bqetKBgEKL41l9SeIyqnmkMnEcwMb0QokzkdaKNO58gBSGy_cxq-wF9nhKVVrnt9zh6alw_LjkTwba94XAsEur12BXjS62tOfucue0uZK1wbPaQmyd0QmdyIe7W_TUjQpQAEWAWL3EnB0LCeh0DWTAUjhCUXYtPtM2TZR5zNpaCNZmia9XqU051UqDqESCzNp-D9VWoLhsr-e903lPalrMForB76Bi11bccU_mDKBzbOe1GjWD0LdLiwXMe2dLyqsvDctCVeIz4_g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 432F 0
0 145ms
144ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120101&jk=2821987588451632&bg=!Z2SlZCDNAAa7eOFIm3g7ACkAdvg8WhAy1YoWWbmgElcRKTBFHwNLsCiUOMwTPFoDdOR3VcLNBr4GcAIAAAFeUgAAAAJoAQcKAKBFGEZeRAgOnAurhzIWSe57lib6gOGkNen3v_EnbtdXqRvjJMTPWWDEo4mQVeoiPljjK0PUD8jXN0L6kfb8sDDm1_wieM9kpkjFeXZONYn7vRRqIe9JaDr3FFIQ56vJ-Ppj4VNoHr4NbgofZdRGemROI7Zd-QRC5U_ncuNqxhaDEDQ_WjuxXKlkbMMAtYeAgCmg3_Owv9M91-gW4TOcKmbYmQLigMuvgIB-kWRMsKNX9vMp6CMRpOmC_wNnSF_jsgTVEGW158X2xTDnTHVWDTnHw-rc_vv_KcpHu8uon9MeF89GmBcc6o8et1iXmgmxaAdeX_1KMzW_6XMRO4NQHRdp9U1Mhjwuqj3ONO-lPMwR_yfFg2kbm6KpGnCXfze_3COEx6E-QxU-FcBE5wY5RGNA3V2hMdFUvoj31R7tRlBjxgqfJaFespq_QDNfEoafr72drv09QaKvqJGhrN9VSZgR92Q7guT8LZ1RXtmV2bT5Z-m74tOQwX6kpYeGQoFUVtERUw7WoI_kCAGRkfdG9ZqEB5il_voXo6QmpKdNAp6RuIR_k2AVeQpiPgD8ph0DNBe44Xeve0bmbkaogDc-fT7gvvEWyBYWg9bv7Yra0kWePEOUgXYzFAZMU2yrzV0vG7QWE9jNeF-xgs4SfX5j_iedmeJQ88lyeekeI81QouvHe5Vn3Tbnxy-uLxYSfG2O5jGtY1300AV6XyZlwAQRCP7x1LmYYXpzUTgda3_45xfT9aQ6jH5tgaaeE-MZgDwFtarcBAxkeEDyzgAM3Bun4zbgnHeM8ZTRpyWUDPI5vs2I0Q1IcUldn95yx7VrNepE7ANwgnu9oa-TO2QFmHQz1l4IUxQlj2asQiwFOpNTzBBtYCkzDRgBQuwo9fXmx_52ebVtPOnxI7y1rNqqRjLLgJavb6TCuGAs77NKi1aH9LkYS7Knaz89JZWZI7zBRzJCNBAzFFFEkYE7g_aX7un3Uwafu_RSRvLVvdKwNbS908hQYie2mbt3TdbXmrPwwftnHiJe-0orvekItIdoE0_S-TNUkZl8gSHiRWGwroNVENTyisL4lXpz4c3hNa3Ve818G-c4s7e9N-OyQSeekdVXFfHrqMo9_8KlgD1ayyvx_twIfBZrHr3xVyFPQ-Jf_Gq8SR5iLXYYCNv2vYPkwJT_-D84eehEjy2ohg5r1rqYgLwLEwnEVyA0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H2 200 di_symbol_white.svg
keytarget.adnet.lt/stable/assets/ Frame 432F 1 KB
1 KB 32ms
31ms Image
image/svg+xml 193.200.125.237
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://keytarget.adnet.lt/stable/assets/di_symbol_white.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.237 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: 10500246a382cea643d5be30b598992a1abea3fd497f33cbe0527fdac47bf4ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:10 GMT
last-modified: Mon, 25 Oct 2021 14:08:36 GMT
server: nginx
age: 797
etag: "6176ba64-4d9"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 1241
expires: Thu, 08 Dec 2022 17:42:10 GMT

GET
H2 200 di_symbol_white.svg
keytarget.adnet.lt/stable/assets/ Frame 7DD9 1 KB
1 KB 32ms
31ms Image
image/svg+xml 193.200.125.237
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://keytarget.adnet.lt/stable/assets/di_symbol_white.svg
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.237 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: 10500246a382cea643d5be30b598992a1abea3fd497f33cbe0527fdac47bf4ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:10 GMT
last-modified: Mon, 25 Oct 2021 14:08:36 GMT
server: nginx
age: 797
etag: "6176ba64-4d9"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 1241
expires: Thu, 08 Dec 2022 17:42:10 GMT

GET
H2 200 di_symbol_white.svg
keytarget.adnet.lt/stable/assets/ Frame 5313 1 KB
1 KB 31ms
31ms Image
image/svg+xml 193.200.125.237
TELIA-LIETUVA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://keytarget.adnet.lt/stable/assets/di_symbol_white.svg
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.125.237 , Lithuania, ASN43811 (TELIA-LIETUVA, LT),
Reverse DNS
Software: nginx /
Resource Hash: 10500246a382cea643d5be30b598992a1abea3fd497f33cbe0527fdac47bf4ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Wed, 07 Dec 2022 17:42:10 GMT
last-modified: Mon, 25 Oct 2021 14:08:36 GMT
server: nginx
age: 797
etag: "6176ba64-4d9"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400, public
accept-ranges: bytes
content-length: 1241
expires: Thu, 08 Dec 2022 17:42:10 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 3752 0
127 B 15ms
14ms Ping
text/plain 2a02:2638:1::17

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 -, , ASN (),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:10 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 pbsync.html Show response
js.adscale.de/ Frame E14F 3 KB
2 KB 61ms
8ms Document
text/html 2600:9000:223f:b600:f:4f64:8940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:b600:f:4f64:8940:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4967
cache-control: max-age=7200
content-encoding: br
content-type: text/html
date: Wed, 07 Dec 2022 16:19:25 GMT
etag: W/"9f4e83cc82a56a2a6e9851eeee2f9f34"
last-modified: Wed, 07 Dec 2022 16:19:17 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-id: YxTdvQpnfmJx8EUi3vDHjPumL4BoNw8RLox-LN4liFBLfFZLjfmDjA==
x-amz-cf-pop: FRA56-P5
x-amz-version-id: zbeXC_EmkeL89awXGdjW2SgzghVaQEhD
x-cache: Hit from cloudfront

GET
H2 200 usersync Show response
ssp.wp.pl/bidder/ Frame 0C4A 477 B
410 B 32ms
32ms Document
text/html 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/usersync?tcf=2&pvid=97658695437786660000&sn=mc_adapter
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: 636c486cc865655e882b671daac5c2edad7fa375be58a343d57364e385f6ebf6

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
content-length: 281
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 17:42:11 GMT
last-modified: Thu, 17 Nov 2022 15:46:02 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 0439 0
80 B 46ms
40ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Wed, 07 Dec 2022 17:42:11 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame 5352 3 KB
2 KB 74ms
24ms Document
text/html 104.18.36.94

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.94 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 642
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 775f0e70cf93bb91-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 07 Dec 2022 17:42:11 GMT
expires: Wed, 07 Dec 2022 21:42:11 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame E4B2 281 B
554 B 38ms
7ms Document
text/html 23.79.143.124

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Dec 2022 17:42:11 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1

200
OK

setuid
rtb.adxpremium.services/ Frame 7DD9
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Frtb.adxpremium.services%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402

86 B
596 B

34ms
34ms

Image
image/png

148.251.121.152
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402
Protocol: HTTP/1.1
Server: 148.251.121.152 Braunlage, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: egon
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

expires: 0
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 86
vary: Origin
content-type: image/png

Redirect headers

location: https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402
date: Wed, 07 Dec 2022 17:42:11 GMT
server: nginx
content-length: 0
content-type: text/plain

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 7DD9 0
239 B 75ms
8ms Image
image/gif 69.173.144.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-lupon&gdpr=0&gdpr_consent=&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 pbsync.html Show response
js.adscale.de/ Frame AA8B 3 KB
2 KB 33ms
8ms Document
text/html 2600:9000:223f:b600:f:4f64:8940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:b600:f:4f64:8940:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4967
cache-control: max-age=7200
content-encoding: br
content-type: text/html
date: Wed, 07 Dec 2022 16:19:25 GMT
etag: W/"9f4e83cc82a56a2a6e9851eeee2f9f34"
last-modified: Wed, 07 Dec 2022 16:19:17 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-id: 8rvDoQ5FSXkBIyuj4W1h1EBmOJcuA87l5tYF04D_EbcaStlJ8pdMww==
x-amz-cf-pop: FRA56-P5
x-amz-version-id: zbeXC_EmkeL89awXGdjW2SgzghVaQEhD
x-cache: Hit from cloudfront

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 1BBA 281 B
554 B 20ms
7ms Document
text/html 23.79.143.124

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Dec 2022 17:42:11 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame B992 0
80 B 42ms
41ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Wed, 07 Dec 2022 17:42:11 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 usersync Show response
ssp.wp.pl/bidder/ Frame 8562 477 B
319 B 36ms
35ms Document
text/html 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/usersync?tcf=2&pvid=33412073619599438000&sn=mc_adapter
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: 636c486cc865655e882b671daac5c2edad7fa375be58a343d57364e385f6ebf6

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
content-length: 281
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 17:42:11 GMT
last-modified: Thu, 17 Nov 2022 15:46:02 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame 67F6 3 KB
1 KB 45ms
25ms Document
text/html 104.18.36.94

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.94 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 642
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 775f0e70cf97bb91-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 07 Dec 2022 17:42:11 GMT
expires: Wed, 07 Dec 2022 21:42:11 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 5313 0
239 B 59ms
9ms Image
image/gif 69.173.144.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-lupon&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

setuid
rtb.adxpremium.services/ Frame 5313
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Frtb.adxpremium.services%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402

86 B
596 B

34ms
34ms

Image
image/png

148.251.121.152
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402
Protocol: HTTP/1.1
Server: 148.251.121.152 Braunlage, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: egon
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

expires: 0
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 86
vary: Origin
content-type: image/png

Redirect headers

location: https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402
date: Wed, 07 Dec 2022 17:42:11 GMT
server: nginx
content-length: 0
content-type: text/plain

GET
H2 200 wpjslib-sync.js Show response
std.wpcdn.pl/wpjslib6/ Frame 0C4A 46 KB
17 KB 139ms
60ms Script
application/javascript 212.77.98.32

General

Check archive.org

Show headers Download Go to

Full URL: https://std.wpcdn.pl/wpjslib6/wpjslib-sync.js
Requested by: Host: ssp.wp.pl
URL: https://ssp.wp.pl/bidder/usersync?tcf=2&pvid=97658695437786660000&sn=mc_adapter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.98.32 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: a117b034192abecf44de07685723cbe687528fd32a62a1b3ca6710dba9c81be5

Request headers

Referer: https://ssp.wp.pl/
Origin: https://ssp.wp.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
content-encoding: br
last-modified: Wed, 07 Dec 2022 13:29:04 GMT
server: nginx
etag: W/"d8dfe523e4b7b95464256857c269aeaa"
access-control-max-age: 300
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: max-age=900, stale-while-revalidate=86400
timing-allow-origin: *
access-control-allow-headers: *

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame E4B2 34 KB
10 KB 7ms
7ms Script
text/html 23.79.143.124

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ca5ca6f70f766681b145025fbddc0c8c6c37837c0fcc1750d8e8673ea844034d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:11 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Dec 2022 07:13:24 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=48670
Connection: keep-alive
Content-Length: 10067
Expires: Thu, 08 Dec 2022 07:13:21 GMT

GET
H2 200 usersync Show response
ssp.wp.pl/bidder/ Frame C8A3 477 B
319 B 36ms
32ms Document
text/html 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/usersync?tcf=2&pvid=50571521353600100000&sn=mc_adapter
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: 636c486cc865655e882b671daac5c2edad7fa375be58a343d57364e385f6ebf6

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
content-length: 281
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 17:42:11 GMT
last-modified: Thu, 17 Nov 2022 15:46:02 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 pbsync.html Show response
js.adscale.de/ Frame 12E1 3 KB
2 KB 10ms
7ms Document
text/html 2600:9000:223f:b600:f:4f64:8940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:b600:f:4f64:8940:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4967
cache-control: max-age=7200
content-encoding: br
content-type: text/html
date: Wed, 07 Dec 2022 16:19:25 GMT
etag: W/"9f4e83cc82a56a2a6e9851eeee2f9f34"
last-modified: Wed, 07 Dec 2022 16:19:17 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-id: lrPOJWwKgtt3sYdBOFfpYcZB5HF5Y-GX5-c97R9hLOXOgiB4RM3aqw==
x-amz-cf-pop: FRA56-P5
x-amz-version-id: zbeXC_EmkeL89awXGdjW2SgzghVaQEhD
x-cache: Hit from cloudfront

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame CD22 281 B
554 B 16ms
15ms Document
text/html 23.79.143.124

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Dec 2022 17:42:11 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame 7B32 3 KB
1 KB 26ms
24ms Document
text/html 104.18.36.94

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.94 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 642
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 775f0e70f818bb91-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 07 Dec 2022 17:42:11 GMT
expires: Wed, 07 Dec 2022 21:42:11 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame AB17 0
0 30ms
30ms Document
text/plain 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13408460
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Wed, 07 Dec 2022 17:42:11 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap6ams1

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame 9C9B 0
35 B 77ms
41ms Document
text/html 35.244.159.8

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kroonika.delfi.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Wed, 07 Dec 2022 17:42:11 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 432F 0
239 B 17ms
8ms Image
image/gif 69.173.144.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-lupon&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: keytarget.adnet.lt
URL: https://keytarget.adnet.lt/stable/keytarget-delfiee.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

setuid
rtb.adxpremium.services/ Frame 432F
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Frtb.adxpremium.services%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402

86 B
596 B

19ms
18ms

Image
image/png

148.251.121.152
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402
Protocol: HTTP/1.1
Server: 148.251.121.152 Braunlage, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: egon
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

expires: 0
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 86
vary: Origin
content-type: image/png

Redirect headers

location: https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=5084446025291268402
date: Wed, 07 Dec 2022 17:42:11 GMT
server: nginx
content-length: 0
content-type: text/plain

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 1BBA 34 KB
10 KB 7ms
7ms Script
text/html 23.79.143.124

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ca5ca6f70f766681b145025fbddc0c8c6c37837c0fcc1750d8e8673ea844034d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:11 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Dec 2022 07:13:24 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=48670
Connection: keep-alive
Content-Length: 10067
Expires: Thu, 08 Dec 2022 07:13:21 GMT

GET
H2 200 wpjslib-sync.js Show response
std.wpcdn.pl/wpjslib6/ Frame 8562 46 KB
16 KB 72ms
61ms Script
application/javascript 212.77.98.32

General

Check archive.org

Show headers Download Go to

Full URL: https://std.wpcdn.pl/wpjslib6/wpjslib-sync.js
Requested by: Host: ssp.wp.pl
URL: https://ssp.wp.pl/bidder/usersync?tcf=2&pvid=33412073619599438000&sn=mc_adapter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.98.32 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: a117b034192abecf44de07685723cbe687528fd32a62a1b3ca6710dba9c81be5

Request headers

Referer: https://ssp.wp.pl/
Origin: https://ssp.wp.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
content-encoding: br
last-modified: Wed, 07 Dec 2022 13:29:04 GMT
server: nginx
etag: W/"d8dfe523e4b7b95464256857c269aeaa"
access-control-max-age: 300
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: max-age=900, stale-while-revalidate=86400
timing-allow-origin: *
access-control-allow-headers: *

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame CD22 34 KB
10 KB 10ms
9ms Script
text/html 23.79.143.124

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ca5ca6f70f766681b145025fbddc0c8c6c37837c0fcc1750d8e8673ea844034d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 17:42:11 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Dec 2022 07:13:24 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=48670
Connection: keep-alive
Content-Length: 10067
Expires: Thu, 08 Dec 2022 07:13:21 GMT

GET
H2 200 userconnect.js Show response
js.adscale.de/ Frame E14F 11 KB
4 KB 7ms
7ms Script
application/javascript 2600:9000:223f:b600:f:4f64:8940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/userconnect.js
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:b600:f:4f64:8940:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:19:25 GMT
content-encoding: gzip
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-version-id: gRyF1QzM9Fl37.5gEkpsatpmL0Q69UQN
last-modified: Wed, 07 Dec 2022 16:19:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 4967
etag: W/"988fbfb6c270a6080f89deb043243858"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=7200
x-amz-cf-id: yyDiRGQbNTHWzzXliORA3QotSMRiXsXICI8waUGIaP-hUJOIMOegwA==

GET
H2 200 wpjslib-sync.js Show response
std.wpcdn.pl/wpjslib6/ Frame C8A3 46 KB
16 KB 43ms
42ms Script
application/javascript 212.77.98.32

General

Check archive.org

Show headers Download Go to

Full URL: https://std.wpcdn.pl/wpjslib6/wpjslib-sync.js
Requested by: Host: ssp.wp.pl
URL: https://ssp.wp.pl/bidder/usersync?tcf=2&pvid=50571521353600100000&sn=mc_adapter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.98.32 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: a117b034192abecf44de07685723cbe687528fd32a62a1b3ca6710dba9c81be5

Request headers

Referer: https://ssp.wp.pl/
Origin: https://ssp.wp.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
content-encoding: br
last-modified: Wed, 07 Dec 2022 13:29:04 GMT
server: nginx
etag: W/"d8dfe523e4b7b95464256857c269aeaa"
access-control-max-age: 300
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: max-age=900, stale-while-revalidate=86400
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 userconnect.js Show response
js.adscale.de/ Frame AA8B 11 KB
4 KB 7ms
7ms Script
application/javascript 2600:9000:223f:b600:f:4f64:8940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/userconnect.js
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:b600:f:4f64:8940:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:19:25 GMT
content-encoding: gzip
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-version-id: gRyF1QzM9Fl37.5gEkpsatpmL0Q69UQN
last-modified: Wed, 07 Dec 2022 16:19:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 4967
etag: W/"988fbfb6c270a6080f89deb043243858"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=7200
x-amz-cf-id: rngW9MWv7CI4yMj5FP5tuiVA0r_psoWefw4o0o49dehhqkLX1bQobA==

GET
H3 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame F3FD 2 KB
1 KB 42ms
41ms Document
text/html 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b51cae9b4e7465391df8ca6e3030ae6820fe4ed09db0f5a324f920062085b92

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 775f0e71ac7092a5-FRA
content-encoding: br
content-type: text/html
date: Wed, 07 Dec 2022 17:42:11 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hEK6CArwhHzE%2ByfRrh5Xbf4wCXibm%2BaBqypFTS0Ke2nh%2Fj3oDezXlPWd1prtPoFPogrgwF2tIm2egh0itVqrzrtMwG6iPsaLYGSXm6eSbyLR6RNGpRpKapn8fgyEOk3hd9B7q2%2B7Hq0NSA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame 5313 1 KB
1 KB 54ms
54ms Document
text/html 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfed7b1fe796f54a11093db02cfa40651b4e66253019fd26bf3b2e5181e84655

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 775f0e71ac7c92a5-FRA
content-encoding: br
content-type: text/html
date: Wed, 07 Dec 2022 17:42:11 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoFAvmX5KK2cpLRD5mA%2FWDh6UbP0XvIVG3logLP%2BUnDVudNIav8PszfEoDSUmW9xr%2ByJiuQmCk4%2F9LL1yb7%2B95LVoelgOa7rV2W%2F1BeVC%2Bpuh6Tnoas%2BhuodR3Tkqw%2FH%2BW8YhDTwQCtdtA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 userconnect.js Show response
js.adscale.de/ Frame 12E1 11 KB
4 KB 7ms
7ms Script
application/javascript 2600:9000:223f:b600:f:4f64:8940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/userconnect.js
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:b600:f:4f64:8940:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/pbsync.html?gdpr=1&gdpr_consent=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:19:25 GMT
content-encoding: gzip
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-version-id: gRyF1QzM9Fl37.5gEkpsatpmL0Q69UQN
last-modified: Wed, 07 Dec 2022 16:19:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 4967
etag: W/"988fbfb6c270a6080f89deb043243858"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=7200
x-amz-cf-id: GT5Ct6vGFt_v0iV3ENNTzcIkfYQ4rVgnHIE75D3FiXK2CU28hKfwvg==

GET
H3 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame 1AA4 1 KB
1 KB 32ms
32ms Document
text/html 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: deeba3675aa919d5a842ee3c9776291d7d441daa96bfa3c6dae97dd9a6b1a805

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 775f0e71cc9f92a5-FRA
content-encoding: br
content-type: text/html
date: Wed, 07 Dec 2022 17:42:11 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=irpg0by%2Fwi3kap5rmsj%2F2vsQ9XOLYWClTHx8jC87WVtQRdP8uqNl%2BCdg2LNUHXAMXXtQdzBpNPaawW0JgQKBRn15OAMi5ea3RFWVFcNvXDbun9U6jUmznE08dZ6TPZ992SPG4iqGed%2FAag%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 userconnect Show response
ih.adscale.de/ Frame E14F 134 B
209 B 31ms
8ms Script
application/javascript 35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1670434931496&umd=false&gdpr=1&gdpr_version=2&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 636bddb174851e2833093b65e1a8623b7e1b1f4510c32a3689f0f7419e86fac7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 134
content-type: application/javascript

GET
H2 200 userconnect Show response
ih.adscale.de/ Frame AA8B 134 B
210 B 30ms
7ms Script
application/javascript 35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1670434931497&umd=false&gdpr=1&gdpr_version=2&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 636bddb174851e2833093b65e1a8623b7e1b1f4510c32a3689f0f7419e86fac7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 134
content-type: application/javascript

GET
H2 200 userconnect Show response
ih.adscale.de/ Frame 12E1 134 B
209 B 29ms
8ms Script
application/javascript 35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1670434931498&umd=false&gdpr=1&gdpr_version=2&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 636bddb174851e2833093b65e1a8623b7e1b1f4510c32a3689f0f7419e86fac7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 134
content-type: application/javascript

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F3FD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Y5DQceE0XKBdV2CiUqb5dAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGJrOi3iaLADtj6wzGaeCl8&google_cver=1

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGJrOi3iaLADtj6wzGaeCl8&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGJrOi3iaLADtj6wzGaeCl8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame F3FD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&gdpr_consent=&us_privacy=&gdpr=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_cver=1

43 B
846 B

55ms
51ms

Image
image/gif

172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H3
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Axg1%2FuK6039OHqmH5X4UUXAkHoR8hxkGGzzu%2FDFjbSmehOYlmbvW5eb%2F%2BtHNwyf64Ytj5qpCLPBDdzYeQQMmJYliZmF9tw%2BBOWdbY7wuIxhSotX1wXpLOZ0tbUfMjhjMkR8BysmNqJuyPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 775f0e725d8892a5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEIDMYPvG82UjBcK7i-A9614&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame F3FD
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&dcc=t

43 B
855 B

125ms
125ms

Image
image/gif

52.46.130.91

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

HTTP/1.1

Server

52.46.130.91 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: A0QWHZT3W2J74M7H1HTS
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: QVW95CSDDJ8AMBHCHE4D
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame F3FD 70 B
264 B 35ms
31ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F3FD
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=&gdpr_consent=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=9ccf0cb2-7a2e-4686-abca-42859a6e2ac4&us_privacy=null&gdpr_consent=null&gdpr=null

43 B
766 B

25ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=9ccf0cb2-7a2e-4686-abca-42859a6e2ac4&us_privacy=null&gdpr_consent=null&gdpr=null
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=9ccf0cb2-7a2e-4686-abca-42859a6e2ac4&us_privacy=null&gdpr_consent=null&gdpr=null
date: Wed, 07 Dec 2022 17:42:11 GMT
server: _
content-length: 0

GET
H3

200

crum
dsum.casalemedia.com/ Frame F3FD
Redirect Chain

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=a87ace9d-56a0-90a0-9b05e78b

43 B
867 B

69ms
51ms

Image
image/gif

104.18.33.19

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=a87ace9d-56a0-90a0-9b05e78b
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H3
Server: 104.18.33.19 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jaeIEuyatgH%2FavfmphQDPtArqbvSywEfKyLmuOrsxiMq00DNEnW4QCOM0UZsWSZ17WvhabA5Ctbev%2BwnG5ODFt%2F4vypx9vFqqkKioIpucXoTKz2R4zBu71fet0YvAAWTW3WgtvEs"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 775f0e737f05690d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

date: Wed, 07 Dec 2022 17:42:11 GMT
via: 1.1 google
server: nginx/1.23.2
p3p: CP='This is not a P3P policy!'
access-control-allow-origin: *
location: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=a87ace9d-56a0-90a0-9b05e78b
content-type: text/html; charset=utf-8
cache-control: max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119

GET
H2 200 Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame F3FD 43 B
601 B 37ms
34ms Image
image/gif 2a05:d018:d29:3602:2799:7e74:3a60:9ac2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB?gdpr_consent=&us_privacy=&gdpr=

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3602:2799:7e74:3a60:9ac2 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F3FD
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=2515798200294540218

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=2515798200294540218
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=2515798200294540218
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame F3FD 43 B
103 B 54ms
19ms Image
image/gif 104.18.36.94

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?Y5DQceE0XKBdV2CiUqb5dAAA%261138
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.94 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
age: 68998
etag: "902a3d-2b-546dc3a097100"
vary: Accept-Encoding
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 775f0e723d2c9143-FRA
content-length: 43
expires: Thu, 08 Dec 2022 17:42:11 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 1AA4
Redirect Chain

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8500468887705390744

43 B
766 B

27ms
10ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8500468887705390744
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
AN-X-Request-Uuid: 3103d88e-3c39-4563-848c-3427624dbde2
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1AA4
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3081130056061282957

43 B
766 B

33ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3081130056061282957
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3081130056061282957
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 1AA4
Redirect Chain

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&gdpr_consent=&us_privacy=&gdpr=
https://pr-bh.ybp.yahoo.com/sync/casale/Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB

43 B
601 B

34ms
33ms

Image
image/gif

2a05:d018:d29:3602:2799:7e74:3a60:9ac2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Server

2a05:d018:d29:3602:2799:7e74:3a60:9ac2 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

Redirect headers

location: https://pr-bh.ybp.yahoo.com/sync/casale/Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB
date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 1AA4
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ie
https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAJPdE7HIaEAACDlfaui4Q&expiration=1671644531

43 B
766 B

8ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAJPdE7HIaEAACDlfaui4Q&expiration=1671644531
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAJPdE7HIaEAACDlfaui4Q&expiration=1671644531
Date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 1AA4
Redirect Chain

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138?gdpr_consent=&us_privacy=&gdpr=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138

42 B
940 B

112ms
111ms

Image
image/gif

34.202.6.86

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

HTTP/1.1

Server

34.202.6.86 -, , ASN (),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

DCS: dcs-prod-va6-2-v044-064b61905.edge-va6.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 0ohI/OX5Qhg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-va6-1-v044-0cb61471e.edge-va6.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: +T79GuLkQ00=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 1AA4
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=29
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=5084446025291268402&expiration=1671644531

43 B
766 B

26ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=5084446025291268402&expiration=1671644531
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=5084446025291268402&expiration=1671644531
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 1AA4
Redirect Chain

https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=

43 B
766 B

7ms
6ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 1AA4
Redirect Chain

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=61F61CA7EF004EFC9293008926BEC4F4

43 B
766 B

36ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=61F61CA7EF004EFC9293008926BEC4F4
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=61F61CA7EF004EFC9293008926BEC4F4
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 06 Dec 2022 17:42:11 GMT

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame 1AA4 43 B
353 B 36ms
15ms Image
image/gif 104.18.36.94

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?Y5DQceE0XKBdV2CiUqb5dAAA%261138
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.94 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
age: 68998
etag: "902a3d-2b-546dc3a097100"
vary: Accept-Encoding
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 775f0e723d2f9143-FRA
content-length: 43
expires: Thu, 08 Dec 2022 17:42:11 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 5313
Redirect Chain

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8500468887705390744

43 B
766 B

23ms
8ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8500468887705390744
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
AN-X-Request-Uuid: 60be8d37-3d0b-487a-a963-7d7fbe0558ce
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8500468887705390744
Connection: keep-alive
X-Proxy-Origin: 185.213.155.166; 185.213.155.166; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 5313
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=29536390-d06d-4600-9ba7-cbb2e58a7763

43 B
766 B

30ms
8ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=29536390-d06d-4600-9ba7-cbb2e58a7763
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x25 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=29536390-d06d-4600-9ba7-cbb2e58a7763
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Dec 2022 17:42:10 GMT

GET
H2

200

Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 5313
Redirect Chain

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB&gdpr_consent=&us_privacy=&gdpr=
https://pr-bh.ybp.yahoo.com/sync/casale/Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB

43 B
601 B

35ms
34ms

Image
image/gif

2a05:d018:d29:3602:2799:7e74:3a60:9ac2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Server

2a05:d018:d29:3602:2799:7e74:3a60:9ac2 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

Redirect headers

location: https://pr-bh.ybp.yahoo.com/sync/casale/Y5DQceE0XKBdV2CiUqb5dAAABHIAAAAB
date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 5313
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ie
https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAG0xE7HIaEAACBpgdIPyg&expiration=1671644531

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAG0xE7HIaEAACBpgdIPyg&expiration=1671644531
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAG0xE7HIaEAACBpgdIPyg&expiration=1671644531
Date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5313
Redirect Chain

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=18e8e313-cb29-f8cf-81279325

43 B
766 B

8ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=18e8e313-cb29-f8cf-81279325
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

date: Wed, 07 Dec 2022 17:42:11 GMT
via: 1.1 google
server: nginx/1.23.2
p3p: CP='This is not a P3P policy!'
access-control-allow-origin: *
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=18e8e313-cb29-f8cf-81279325
content-type: text/html; charset=utf-8
cache-control: max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146

GET
H2

200

rum
dsum.casalemedia.com/ Frame 5313
Redirect Chain

https://x.bidswitch.net/sync?ssp=index
https://ads.avads.net/sync/bsw?bidswitch_ssp_id=index&bidswitch_param=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=352&user_id=2ce4454c-7402-447f-ae4c-9aec278cb0bd&expires=2&ssp=index&bsw_param=dac85cfd-3846-4399-8517-b216496d2bad
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent=

43 B
871 B

100ms
54ms

Image
image/gif

104.18.33.19

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Server: 104.18.33.19 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6vVWoNdjxEFHbA9qL9FfXDQdpi1TVbZyjhx4gRXiTo8mDKzq%2BRC0TwTzfY%2FfhZp9PQd9mqdrfHMPcg0BJ0NZ8bXgo1ZVRYcZ23jdjDfp2VCGRhe3C4ezgdJuXqvSk4B2WzcWfC%2FD"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 775f0e72fdb39c10-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: //dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=dac85cfd-3846-4399-8517-b216496d2bad&gdpr=&gdpr_consent=
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 5313
Redirect Chain

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=&knw=0
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

date: Wed, 07 Dec 2022 17:42:11 GMT
server: nginx
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
access-control-allow-origin: *
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
content-type: text/html; charset=UTF-8
cache-control: no-cache
keep-alive: timeout=10
access-control-allow-headers: Origin

GET
H2 200 bridge
cm.adgrx.com/ Frame 5313 43 B
282 B 84ms
14ms Image
image/gif 173.231.180.197

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.231.180.197 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
server: Cowboy
content-type: image/gif
p3p: CP="NOI OTC OTP OUR NOR"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
x-realserver-nx: ams-delivery-1
content-length: 43
expires: Thu, 23 Sep 2004 17:42:04 GMT

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame 5313 43 B
102 B 33ms
16ms Image
image/gif 104.18.36.94

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?Y5DQceE0XKBdV2CiUqb5dAAA%261138
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fkroonika.delfi.ee%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.94 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
age: 68998
etag: "902a3d-2b-546dc3a097100"
vary: Accept-Encoding
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 775f0e723d309143-FRA
content-length: 43
expires: Thu, 08 Dec 2022 17:42:11 GMT

GET
H2 200 map Show response
ih.adscale.de/ Frame FC62 3 KB
3 KB 11ms
10ms Document
text/html 35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 30e3bac0b130c83a87f6996b335d689926af980626c144068e508cc4b366d24e

Request headers

Referer: https://js.adscale.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 2736
content-type: text/html;charset=ISO-8859-1
date: Wed, 07 Dec 2022 17:42:11 GMT

GET
H2 200 map Show response
ih.adscale.de/ Frame C651 3 KB
3 KB 11ms
10ms Document
text/html 35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e45d629986d85cae90259b1b6271bc3324d4b8ae73e0b6446b952e8350bd461f

Request headers

Referer: https://js.adscale.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 2736
content-type: text/html;charset=ISO-8859-1
date: Wed, 07 Dec 2022 17:42:11 GMT

GET
H2 200 map Show response
ih.adscale.de/ Frame EB70 3 KB
3 KB 9ms
9ms Document
text/html 35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c277a79dcdc7614fc9953389bb3cc48e9c825e960ea09434bc6d85abe64ab90

Request headers

Referer: https://js.adscale.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 2736
content-type: text/html;charset=ISO-8859-1
date: Wed, 07 Dec 2022 17:42:11 GMT

GET
H2 200 match.js Show response
js.adscale.de/ Frame FC62 4 KB
2 KB 7ms
7ms Script
application/javascript 2600:9000:223f:b600:f:4f64:8940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/match.js
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:b600:f:4f64:8940:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:19:25 GMT
content-encoding: br
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-version-id: hqkiOg3otmKTTeADOFBXC4MHFdFQ6tBg
last-modified: Wed, 07 Dec 2022 16:19:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 4967
etag: W/"ff7cce9128150bd82f1a709c03692e3d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=7200
x-amz-cf-id: vG1RH0nlzGFENY4crQ8oSQgLTf8Lt0caQAs297_KTyTWhG_VwMAXXg==

GET
H2 200 match.js Show response
js.adscale.de/ Frame EB70 4 KB
2 KB 8ms
7ms Script
application/javascript 2600:9000:223f:b600:f:4f64:8940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/match.js
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:b600:f:4f64:8940:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:19:25 GMT
content-encoding: br
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-version-id: hqkiOg3otmKTTeADOFBXC4MHFdFQ6tBg
last-modified: Wed, 07 Dec 2022 16:19:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 4967
etag: W/"ff7cce9128150bd82f1a709c03692e3d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=7200
x-amz-cf-id: -SacbS_xWSW8mJixay8ATHmhvt4vzwvzGQvew8CHpm_QKZdJvU1kaA==

GET
H2 200 match.js Show response
js.adscale.de/ Frame C651 4 KB
2 KB 16ms
6ms Script
application/javascript 2600:9000:223f:b600:f:4f64:8940:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/match.js
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:b600:f:4f64:8940:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 16:19:25 GMT
content-encoding: br
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-version-id: hqkiOg3otmKTTeADOFBXC4MHFdFQ6tBg
last-modified: Wed, 07 Dec 2022 16:19:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 4967
etag: W/"ff7cce9128150bd82f1a709c03692e3d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=7200
x-amz-cf-id: sCJIXi1XI-d3b1FWuS_hKLBhsUajMSRDoiV3VpEucc12caKlmN442A==

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame E4B2
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&dcc=t

43 B
568 B

107ms
106ms

Image
image/gif

52.46.130.91

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&dcc=t

Protocol

HTTP/1.1

Server

52.46.130.91 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 6128M931XVMTK7KRT3HR
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 3B4N2EETYM5QGRT32A0F
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E4B2
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MmQ2YTYyYTZmZWY1MmI0NmZiZmQwOGExNDkxZGU3ZTYyMWIyMDU0MA&gdpr=1

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MmQ2YTYyYTZmZWY1MmI0NmZiZmQwOGExNDkxZGU3ZTYyMWIyMDU0MA&gdpr=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MmQ2YTYyYTZmZWY1MmI0NmZiZmQwOGExNDkxZGU3ZTYyMWIyMDU0MA&gdpr=1
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame E4B2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEFyMrA-TicZlum9vDu1him8&google_cver=1

0
239 B

9ms
8ms

Image
image/gif

69.173.144.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEFyMrA-TicZlum9vDu1him8&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEFyMrA-TicZlum9vDu1him8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 337
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame E4B2
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&dcc=t

43 B
568 B

33ms
33ms

Image
image/gif

67.220.228.201

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&dcc=t

Protocol

HTTP/1.1

Server

67.220.228.201 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 77TZFPSSCPZ7WKWBY9TR
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Dec 2022 17:42:11 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: E94XYKPZ0KEPBY7FE919
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E4B2
Redirect Chain

https://token.rubiconproject.com/token?pid=25470&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJEWFRSTE8tMUEtQUJaOA==&gdpr=1

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJEWFRSTE8tMUEtQUJaOA==&gdpr=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJEWFRSTE8tMUEtQUJaOA==&gdpr=1
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame E4B2 70 B
264 B 35ms
30ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon?gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame E4B2
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/4QnCJ8o8wFiICT2BzlHTfMn5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=1
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-NpTbiilE2oIS6ghm7uf5QNpawnRPKsEvStcIFg--~A

0
239 B

8ms
8ms

Image
image/gif

69.173.144.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-NpTbiilE2oIS6ghm7uf5QNpawnRPKsEvStcIFg--~A
Protocol: HTTP/1.1
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-NpTbiilE2oIS6ghm7uf5QNpawnRPKsEvStcIFg--~A
content-length: 0

GET
H2

200

setuid
px.ads.linkedin.com/ Frame E4B2
Redirect Chain

https://token.rubiconproject.com/token?pid=36584&gdpr=1
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LBDXTRLO-1A-ABZ8&gdpr=1

0
922 B

223ms
184ms

Image
text/plain

2620:1ec:21::14

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LBDXTRLO-1A-ABZ8&gdpr=1
Protocol: H2
Server: 2620:1ec:21::14 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:42:11 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 78EF20AAE18D4F70B2EE5600251DBF52 Ref B: FRAEDGE1709 Ref C: 2022-12-07T17:42:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXvQHC5/QwmJXjR/l8pTA==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LBDXTRLO-1A-ABZ8&gdpr=1
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

img
ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/ Frame FC62
Redirect Chain

https://bbnaut.ibillboard.com/match/AdScale?partneruid=79de0293a7214c759e7d5acf33c1f5ff&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265bfa6700eeaf%2F1670434931543%2F0%2Fimg%3Ftpid%...
https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?tpid=101&tpuid=BBID-01-03451489316424477-16781436

49 B
464 B

16ms
16ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?tpid=101&tpuid=BBID-01-03451489316424477-16781436
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

location: https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?tpid=101&tpuid=BBID-01-03451489316424477-16781436
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: private, max-age=3600
access-control-allow-credentials: true
server: nginx

GET
H2

200

img
ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/ Frame EB70
Redirect Chain

https://bbnaut.ibillboard.com/match/AdScale?partneruid=79de0293a7214c759e7d5acf33c1f5ff&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f83161b7a9ea58%2F1670434931544%2F0%2Fimg%3Ftpid%...
https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?tpid=101&tpuid=BBID-01-03451489317058191-16781436

49 B
463 B

15ms
14ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?tpid=101&tpuid=BBID-01-03451489317058191-16781436
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

location: https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?tpid=101&tpuid=BBID-01-03451489317058191-16781436
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: private, max-age=3600
access-control-allow-credentials: true
server: nginx

GET
H2

200

img
ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/ Frame C651
Redirect Chain

https://bbnaut.ibillboard.com/match/AdScale?partneruid=79de0293a7214c759e7d5acf33c1f5ff&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cabcdfcc9d4d1%2F1670434931544%2F0%2Fimg%3Ftpid%...
https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?tpid=101&tpuid=BBID-01-03451489317670341-16781436

49 B
464 B

12ms
12ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?tpid=101&tpuid=BBID-01-03451489317670341-16781436
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

location: https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?tpid=101&tpuid=BBID-01-03451489317670341-16781436
date: Wed, 07 Dec 2022 17:42:11 GMT
cache-control: private, max-age=3600
access-control-allow-credentials: true
server: nginx

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame FC62
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=edc84e659aac3bd5ab4f7c0a6...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138

49 B
483 B

9ms
9ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5iVWPfzRRkcrWGvmbSpNmZ4a47oD93%2BUn6t0b2X7hQbaZPibsI4gjSF%2FeYwgUst5fk9ROD3JW6ZIwviBUgp6RromPtj0U5EDf7DAvKcnxFcbKCX%2B6UwkSvEL9YZvkC8YAanTpOJ"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138
cache-control: no-cache
cf-ray: 775f0e734b578fd0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame EB70
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=edc84e659aac3bd5ab4f7c0a6...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138

49 B
483 B

12ms
12ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMpTj%2B8gfx%2FYMSW4cnyle1dezhbM3eMitvKeB0ieEd%2FocJ86pzC4pFWHNwma2%2FZpovv%2BCaJbCNhsKCxptDE68j5MiGsMa4OJzdf1BS8qB7ge1VXKfijL19IcTRj%2FW8WphcFOR3im"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138
cache-control: no-cache
cf-ray: 775f0e735b8a8fd0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame C651
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=edc84e659aac3bd5ab4f7c0a6...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138

49 B
515 B

9ms
9ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xq%2F172twvIXMleCJsg354%2BupQnCJHM0GDDmHOKC6IsumUF99RMZOCIpoF29JIOLXp4krpxrT53lUWBe7%2B4cwQvY0DwFuXcFTuik2K1vP1hIzMfIiwlZ%2BdiLZF5p6b1bW4i2z%2BgTe"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=Y5DQceE0XKBdV2CiUqb5dAAA%261138
cache-control: no-cache
cf-ray: 775f0e73d826bb5b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame FC62
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=2c65de9d0abcc71fa5ca12c...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

49 B
506 B

14ms
13ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x9 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Dec 2022 17:42:10 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame EB70
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=2c65de9d0abcc71fa5ca12c...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

49 B
506 B

11ms
11ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x26 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Dec 2022 17:42:10 GMT

GET
H2

200

img
ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/ Frame FC62
Redirect Chain

https://track.adform.net/serving/cookie/match/?party=9&uid=e3c048e41bd6e6caf2773882fa98197e4e1baa95f5a1d46d0627aa35a98205bb&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549c9a2265b...
https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?tpid=42&tpuid=5084446025291268402

49 B
515 B

12ms
12ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?tpid=42&tpuid=5084446025291268402
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?tpid=42&tpuid=5084446025291268402
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

img
ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/ Frame EB70
Redirect Chain

https://track.adform.net/serving/cookie/match/?party=9&uid=e3c048e41bd6e6caf2773882fa98197e4e1baa95f5a1d46d0627aa35a98205bb&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747c6b9f831...
https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?tpid=42&tpuid=5084446025291268402

49 B
515 B

10ms
10ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?tpid=42&tpuid=5084446025291268402
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?tpid=42&tpuid=5084446025291268402
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame FC62
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211

49 B
537 B

12ms
12ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1539682
content-length: 0
expires: Wed, 07 Dec 2022 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame EB70
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211

49 B
537 B

10ms
10ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1199942
content-length: 0
expires: Wed, 07 Dec 2022 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame C651
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=2c65de9d0abcc71fa5ca12c...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

49 B
537 B

18ms
18ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:11 GMT
content-length: 49
content-type: image/gif

Redirect headers

Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x27 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Dec 2022 17:42:10 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame EB70
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=391159c8074520fd337330b1...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

49 B
560 B

15ms
14ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 49
content-type: image/gif

Redirect headers

Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x30 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Dec 2022 17:42:10 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame FC62
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=391159c8074520fd337330b1...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

49 B
560 B

16ms
15ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 49
content-type: image/gif

Redirect headers

Date: Wed, 07 Dec 2022 17:42:11 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x4 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Dec 2022 17:42:10 GMT

GET
H2

200

img
ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/ Frame C651
Redirect Chain

https://track.adform.net/serving/cookie/match/?party=9&uid=e3c048e41bd6e6caf2773882fa98197e4e1baa95f5a1d46d0627aa35a98205bb&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c47a19cab...
https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?tpid=42&tpuid=5084446025291268402

49 B
560 B

15ms
14ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?tpid=42&tpuid=5084446025291268402
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?tpid=42&tpuid=5084446025291268402
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

img
ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/ Frame EB70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63e...
https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google...

49 B
579 B

14ms
13ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google_cver=1
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:12 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 413
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/ Frame FC62
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134...
https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google...

49 B
579 B

14ms
14ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google_cver=1
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:12 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 413
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame C651
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211

49 B
560 B

11ms
11ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:11 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=938e0d54-e80f-432f-8be5-4e676e343211
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 826709
content-length: 0
expires: Wed, 07 Dec 2022 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame C651
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=391159c8074520fd337330b1...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763

49 B
582 B

14ms
13ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 49
content-type: image/gif

Redirect headers

Date: Wed, 07 Dec 2022 17:42:12 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x3 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=29536390-d06d-4600-9ba7-cbb2e58a7763
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Dec 2022 17:42:11 GMT

GET
H2

200

js Show response
ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/ Frame EB70
Redirect Chain

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bcded747...
https://tracking-a.dsp.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F63ec62bc...
https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/js?tpid=48&tpuid=cf2387a8abe2000bb4e00b2ca89a9542

44 B
595 B

13ms
12ms

Script
text/javascript

35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/js?tpid=48&tpuid=cf2387a8abe2000bb4e00b2ca89a9542
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f156e91d37895992e31eb51c5abde817b0844723f5ccc1e81ac4e00c3fdb78ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 44
content-type: text/javascript

Redirect headers

location: https://ih.adscale.de/sium/63ec62bcded747c6b9f83161b7a9ea58/1670434931544/0/js?tpid=48&tpuid=cf2387a8abe2000bb4e00b2ca89a9542
date: Wed, 07 Dec 2022 17:42:12 GMT
content-type: text/plain; charset=utf-8
content-length: 147
vary: Accept
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

js Show response
ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/ Frame FC62
Redirect Chain

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b092161d549...
https://tracking-a.dsp.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F134b0921...
https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/js?tpid=48&tpuid=30d7fdeea37790599131c56082559596

44 B
596 B

11ms
10ms

Script
text/javascript

35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/js?tpid=48&tpuid=30d7fdeea37790599131c56082559596
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c650d0fbb45ef392b52f93734a432c1aa49f504885ccd727aecac7619305abd4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 44
content-type: text/javascript

Redirect headers

location: https://ih.adscale.de/sium/134b092161d549c9a2265bfa6700eeaf/1670434931543/0/js?tpid=48&tpuid=30d7fdeea37790599131c56082559596
date: Wed, 07 Dec 2022 17:42:12 GMT
content-type: text/plain; charset=utf-8
content-length: 147
vary: Accept
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

img
ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/ Frame C651
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F956...
https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google...

49 B
579 B

15ms
15ms

Image
image/gif

35.157.85.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google_cver=1
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Dec 2022 17:42:12 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/img?uid=75cf3cd08b0a8d367391c5bca962ed974b01490d0b793db94492d1d2f3cebb5a&tpid=38&tpuid=CAESEB9uqQWnTtSTmPCIDeUqXK8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 413
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

js Show response
ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/ Frame C651
Redirect Chain

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a8c204c...
https://tracking-a.dsp.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=58e0f25b3c83bf9f6c06028180fc8dc3f353a034b48cb785f1a2dbcb7971ba71&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F95626f1a...
https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/js?tpid=48&tpuid=37b9b4039961fb0ff0c37be0a46464b6

44 B
597 B

10ms
10ms

Script
text/javascript

35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/js?tpid=48&tpuid=37b9b4039961fb0ff0c37be0a46464b6
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
Protocol: H2
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba48279698256407a807fcce977e810fe02726d7ac731b813061103597947b27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP=NOI PSA OUR
date: Wed, 07 Dec 2022 17:42:12 GMT
content-length: 44
content-type: text/javascript

Redirect headers

location: https://ih.adscale.de/sium/95626f1a8c204c47a19cabcdfcc9d4d1/1670434931544/0/js?tpid=48&tpuid=37b9b4039961fb0ff0c37be0a46464b6
date: Wed, 07 Dec 2022 17:42:12 GMT
content-type: text/plain; charset=utf-8
content-length: 147
vary: Accept
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

POST
H2 200 sium
ih.adscale.de/ Frame FC62 0
0 16ms
15ms Fetch
application/json 35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://ih.adscale.de
date: Wed, 07 Dec 2022 17:42:12 GMT
access-control-allow-credentials: true
access-control-allow-headers: x-openrtb-version
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json

POST
H2 200 sium
ih.adscale.de/ Frame EB70 0
0 13ms
13ms Fetch
application/json 35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://ih.adscale.de
date: Wed, 07 Dec 2022 17:42:12 GMT
access-control-allow-credentials: true
access-control-allow-headers: x-openrtb-version
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json

POST
H2 200 sium
ih.adscale.de/ Frame C651 0
0 10ms
10ms Fetch
application/json 35.157.85.119

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.85.119 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fkroonika.delfi.ee%2F
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://ih.adscale.de
date: Wed, 07 Dec 2022 17:42:12 GMT
access-control-allow-credentials: true
access-control-allow-headers: x-openrtb-version
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json

GET
H/1.1 200
OK in-screen Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 17ms
15ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/in-screen?adId=721904&bnId=56603052&pId=435611&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434933016&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&timeOnScreen=4&impRndId=biix5dkwepjnedl7&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:13 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK in-screen Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 16ms
14ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/in-screen?adId=716538&bnId=56372738&pId=651009&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434933034&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&timeOnScreen=4&impRndId=xjj2ut1isbjwvb9j&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:13 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK in-screen Show response
stats-collector.cxense.com/cr-stats/event/ 42 B
208 B 15ms
14ms XHR
image/gif 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://stats-collector.cxense.com/cr-stats/event/in-screen?adId=716846&bnId=56392328&pId=569270&location=https%3A%2F%2Fkroonika.delfi.ee%2Fartikkel%2F120110364%2Feesti-uks-tuntumaid-onlyfansitare-paljastas-kui-palju-ta-tanu-platvormile-raha-on-teeninud&t=Eesti%20%C3%BCks%20tuntumaid%20onlyfansitare%20paljastas%2C%20kui%20palju%20ta%20t%C3%A4nu%20platvormile%20raha%20on%20teeninud%20-%20Kroonika&cb=1670434933042&siteId=1145189970857384309&cxId=cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t&cxprnd=lbdxtod95moy078q&configId=22&timeOnScreen=4&impRndId=gxjxcpc2chpwbzko&evid=cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
Requested by: Host: ee-production-portal-root-3dc.s3.delfi.ee
URL: https://ee-production-portal-root-3dc.s3.delfi.ee/1.0.67/vendors/app.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kroonika.delfi.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:13 GMT
server: Jetty(9.4.28.v20200408)
content-length: 42
content-type: image/gif

POST
H2 200 all
csm.eu.criteo.net/ Frame 3752 0
127 B 15ms
14ms Ping
text/plain 2a02:2638:1::17

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 -, , ASN (),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:14 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 3752 0
127 B 16ms
15ms Ping
text/plain 2a02:2638:1::17

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 -, , ASN (),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 07 Dec 2022 17:42:15 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cs.chocolateplatform.com
URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESENw_woZqyGeMDKA-tEtKkzE&google_cver=1&google_push=ASkJ3FbQUnKcdvjOO5qmZlVL84UY7Nmti4WGNbicqmhXIA6tPV9gLKyGPQCnx4Fozi7ILRaa_3FE1Qc6wQSv4hOvUneA60F3YAPg

Verdicts & Comments Add Verdict or Comment

212 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

55 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.delfi.ee/	1970-01-20 16:46:10	Name: delfi-adid Value: 9dc66174-6f4a-4677-98bc-59fa92eca791%2C1670434922727%2C1670434922727
.delfi.ee/	1970-01-20 17:22:10	Name: __gpi Value: UID=00000b8ed6bef3a1:T=1670434923:RT=1670434923:S=ALNI_MaREskVYWy9MGOhtU8_VcC5-tmVvg
.delfi.ee/	1970-01-20 10:10:10	Name: cp_user_package_t Value: 1670434923456
.adform.net/	1970-01-20 09:26:58	Name: uid Value: 5084446025291268402
s.delfi.ee/	1969-12-31 23:59:59	Name: _edcCORS Value: d95677d37ed0eaebc797b9ee6cab1864
s.delfi.ee/	1969-12-31 23:59:59	Name: _edc Value: d95677d37ed0eaebc797b9ee6cab1864
.delfi.ee/	1970-01-20 08:00:35	Name: _edid Value: 0:lbdxtoar:8DGmNS6USmT9koWKyqojrtB3VoVVDlu9
.delfi.ee/	1970-01-20 17:36:34	Name: _edt Value: 0:lbdxtoar:8EPRH~ZaMPWMiJHtSMOdn6q1qCYq714D
.delfi.ee/	1970-01-20 16:46:10	Name: dcid Value: 2161083808,1,1701970923,1670434923,ae1cb4f5bb33e9f1f91bb5bd473da976
.delfi.ee/	1970-01-20 17:36:34	Name: _ga Value: GA1.2.879261953.1670434923
.delfi.ee/	1970-01-20 08:02:01	Name: _gid Value: GA1.2.1172621491.1670434924
www.clarity.ms/	1970-01-20 16:46:10	Name: CLID Value: e7dbd5b2823c41b2870b323fcfb5ef77.20221207.20231207
.delfi.ee/	1970-01-20 08:00:34	Name: _gat Value: 1
.delfi.ee/	1970-01-20 17:29:22	Name: _pctx Value: %7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAEzIEYOAWAVg4AcATiEB2AAwDeogMwDuM8UJABfIA
.delfi.ee/	1970-01-20 17:29:22	Name: _pcid Value: %7B%22browserId%22%3A%22lbdxtobwxu5y2838%22%7D
.delfi.ee/	1970-01-20 17:29:22	Name: cX_P Value: lbdxtobwxu5y2838
.delfi.ee/	1969-12-31 23:59:59	Name: cX_S Value: lbdxtodasaesws21
.delfi.ee/	1970-01-20 10:10:10	Name: _fbp Value: fb.1.1670434923951.2066633158
.delfi.ee/	1970-01-20 17:29:22	Name: __gfp_64b Value: fOnaLYnALRylOfOTZKZOpfvH58raiMc.UvNciTPFHrX.A7\|1670434923
.delfi.ee/	1970-01-20 16:46:10	Name: _clck Value: 68lqvi\|1\|f77\|0
.bidswitch.net/	1970-01-20 16:46:10	Name: c Value: 1670434924
.bidswitch.net/	1970-01-20 16:46:10	Name: tuuid_lu Value: 1670434924
.bidswitch.net/	1970-01-20 16:46:10	Name: tuuid Value: dac85cfd-3846-4399-8517-b216496d2bad
.adnxs.com/	1970-01-20 10:10:10	Name: uuid2 Value: 8500468887705390744
.adsby.bidtheatre.com/	1970-01-20 08:10:39	Name: __kuid Value: 68ea4763-cf3e-4b87-be5c-8ed35cf101fc.439648924
.hit.gemius.pl/	1970-01-20 08:10:39	Name: Gtest Value: KlQYxRXGQMGGMo01w5axxqaissGMXP8c25nSGmBR5jgtXBG.
.adform.net/	1970-01-20 08:10:39	Name: TPC Value: 1670434924216
.doubleclick.net/	1970-01-20 17:22:10	Name: IDE Value: AHWqTUlLwgFztqCEq6iVI7lYOsYvgoux_jUxvqwB-gOnwaZ5PEv0BiPzwqZa5sxOqfY
.hit.gemius.pl/	1970-01-20 17:29:22	Name: Gdyn Value: KlQ3mRMGQMGGMo01w5axxqaissGMXP8c25nSGmBR5jgtFRxSG7RrGS6Gu4GBFlM1YH8PlexaG0F6Sssa
.adform.net/	1970-01-20 08:45:13	Name: C Value: 1
.cxense.com/	1970-01-20 16:46:10	Name: gckp Value: cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
.mathtag.com/	1970-01-20 17:26:30	Name: uuid Value: 29536390-d06d-4600-9ba7-cbb2e58a7763
.yahoo.com/	1970-01-20 16:46:32	Name: A3 Value: d=AQABBGzQkGMCEHaGUqfCJTpyGpc50zyQgZsFEgEBAQEhkmOaYwAAAAAA_eMAAA&S=AQAAAk2_jQP5jUeQ-2O4He-r3bM
.delfi.ee/	1970-01-20 17:29:22	Name: cX_G Value: cx%3A1hp4d1gz1pjzn3oepuy6c44ld6%3A224oyy5lj2y4t
kroonika.delfi.ee/	1970-01-20 10:10:10	Name: evid_00XX Value: cx:1hp4d1gz1pjzn3oepuy6c44ld6:224oyy5lj2y4t
a.vidoomy.com/	1970-01-20 16:46:10	Name: SSCookie Value: 1
.delfi.ee/	1970-01-20 08:02:01	Name: _clsk Value: 17h6tot\|1670434924617\|1\|0\|j.clarity.ms/collect
kroonika.delfi.ee/	1970-01-20 08:43:46	Name: _pbjs_userid_consent_data Value: 3524755945110770
.admixer.net/	1970-01-20 10:10:10	Name: am-uid Value: 75f23369f4bd4e28a8e1b24bd94e6883
.delfi.ee/	1969-12-31 23:59:59	Name: cX_partner Value: adform%3D4
.aaxads.com/	1970-01-20 16:46:10	Name: aax-vsid Value: 3134365258397449000V10
.delfi.ee/	1970-01-20 17:22:10	Name: cto_bundle Value: mMXKz19xVEZPOWxybUwxQlBQa1AySUhQTnV4NDBnciUyQmZWSTFhJTJGJTJGUVYlMkZhY3l6NVd0Wk9jWHlXS1RzbVhiWWpTY3h1TVMzWWtIVHlNemtKZHY0VUs5Y2lNJTJCQnRDVGxuJTJCNXpkNVhHMENVd2RWelpkYnklMkZqJTJGMzZ2UmdqczhoJTJCd0tTV0lieg
.delfi.ee/	1970-01-20 17:22:10	Name: cto_bidid Value: Hy4ee183dU45TmNTQ3RlNDBDQnlvRGlmTE1rRFBEckR0VzRLNGphbHBQSiUyRk9SbGtCVXNmZWZhMHRuSTZVU1FYRkF1OEY4Tlg5RzZNVWhOR0Q1Z0lVS0VXWHd3JTNEJTNE
kroonika.delfi.ee/	1969-12-31 23:59:59	Name: aasd Value: 3%7C1670434925052
kroonika.delfi.ee/	1969-12-31 23:59:59	Name: __aaxsc Value: 2
.c.bing.com/	1970-01-20 17:22:10	Name: SRM_B Value: 3911E058642260700611F22B65496179
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 17:22:10	Name: MUID Value: 3911E058642260700611F22B65496179
.c.clarity.ms/	1970-01-20 08:00:35	Name: ANONCHK Value: 0
.adscale.de/	1970-01-20 16:42:50	Name: cct Value: 1670434928113
.adscale.de/	1970-01-20 16:42:50	Name: uu Value: 79de0293a7214c759e7d5acf33c1f5ff
.rubiconproject.com/	1970-01-20 16:46:10	Name: khaos Value: LBDXTRLO-1A-ABZ8
.rubiconproject.com/	1970-01-20 16:46:10	Name: audit Value: 1\|naVuGyos1qpcd6w2wEltxz5APvdogVCbaTd6KyMQnaub55ZO9yeic5by8WScc7KHniJaTDb3g4aQEkQHLCiORroCQT0/qtJWy9/BnHrB9LDQD5U7tEfUTQ==
.delfi.ee/	1970-01-20 17:22:10	Name: __gads Value: ID=d55806150c50b586-22caec7c59d80015:T=1670434923:S=ALNI_Mbe8iRd2L5Xwil1G0doKB4nLBf4og
.criteo.com/	1970-01-20 17:22:10	Name: uid Value: 938e0d54-e80f-432f-8be5-4e676e343211

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://prebid.adnxs.com/pbs/v1/cookie_sync Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://prebid.adnxs.com/pbs/v1/cookie_sync Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://prebid.adnxs.com/pbs/v1/cookie_sync Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
other	warning	URL: https://0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
network	error	URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESENw_woZqyGeMDKA-tEtKkzE&google_cver=1&google_push=ASkJ3FbQUnKcdvjOO5qmZlVL84UY7Nmti4WGNbicqmhXIA6tPV9gLKyGPQCnx4Fozi7ILRaa_3FE1Qc6wQSv4hOvUneA60F3YAPg Message: Failed to load resource: net::ERR_CONNECTION_CLOSED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://*.delfi.ee
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0d19a7ab929da3f514933701426cd561.safeframe.googlesyndication.com
6123bd9f0eb539c9803ad315449778eb.safeframe.googlesyndication.com
9498b2db402cd066ac7463ac0791b79b.safeframe.googlesyndication.com
a.c.appier.net
a.rfihub.com
a.teads.tv
a.vidoomy.com
aax-dtb-cf.amazon-adsystem.com
aax-eu.amazon-adsystem.com
ad.turn.com
adnet-d.openx.net
ads.avads.net
ads.eu.criteo.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
adx.adform.net
af1.nh.ee
ap.lijit.com
api.cxense.com
api.delfi.ee
api.zlickpay.com
apis.google.com
appleid.cdn-apple.com
b1sync.zemanta.com
banners.adnetmedia.lt
bbnaut.ibillboard.com
bid-collector.digitalmatter.ai
bidder.criteo.com
btlr.sharethrough.com
c.aaxads.com
c.amazon-adsystem.com
c.bing.com
c.cintnetworks.com
c.clarity.ms
c1.adform.net
c21lg-d.media.net
cat.fr.eu.criteo.com
cc-endpoint.digitalmatter.ai
cdn.cxense.com
cdn.id5-sync.com
cdn.indexww.com
cdn.onesignal.com
cdn.prod.uidapi.com
cdn.zlick.it
cdnjs.cloudflare.com
cm.adform.net
cm.adgrx.com
cm.g.doubleclick.net
comcluster.cxense.com
connect.facebook.net
cs.chocolateplatform.com
csm.eu.criteo.net
csyn-r.cxense.com
csync.loopme.me
d3div1mtym39ic.cloudfront.net
d5p.de17a.com
dis.criteo.com
dmp.adform.net
dmp.brand-display.com
dpm.demdex.net
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
ee-production-portal-root-3dc.s3.delfi.ee
ee-production-portal-root-3dc.s3.delfi.net
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
eus.rubiconproject.com
events.getsitectrl.com
fastlane.rubiconproject.com
fksnk.com
fonts.googleapis.com
fonts.gstatic.com
g.delfi.ee
g1.nh.ee
google-bidout-d.openx.net
googleads.g.doubleclick.net
gu.dyntrk.com
gum.criteo.com
h.delfi.ee
hb.adscale.de
htlb.casalemedia.com
ib.adnxs-simple.com
ib.adnxs.com
id.cxense.com
id.sharedid.org
id5-sync.com
ih.adscale.de
inv-nets.admixer.net
j.clarity.ms
js-sec.indexww.com
js.adscale.de
keytarget.adnet.lt
kroonika.delfi.ee
l.getsitecontrol.com
l3.aaxads.com
lb.eu-1-id5-sync.com
ls.hit.gemius.pl
macro.adnami.io
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
mp.4dex.io
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
odr.mookie1.com
onesignal.com
onetag-sys.com
p.rfihub.com
p1cluster.cxense.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prebid.adnxs.com
prg.smartadserver.com
px.ads.linkedin.com
r.turn.com
rtb.adxpremium.services
rtb.fr.eu.criteo.com
rtb.openx.net
rtb2-useast.e-volution.ai
s.ad.smaato.net
s.amazon-adsystem.com
s.delfi.ee
s1.adform.net
s2.getsitecontrol.com
scdn.cxense.com
script.4dex.io
secure.adnxs.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
sgaee.hit.gemius.pl
ssbsync.smartadserver.com
ssp.wp.pl
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.criteo.net
stats-collector.cxense.com
stats.g.doubleclick.net
std.wpcdn.pl
storage.googleapis.com
sync-tm.everesttech.net
sync.mathtag.com
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
track.adform.net
tracking-a.dsp.m6r.eu
tracking.m6r.eu
ts.delfi.ee
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
www.aaxdetect.com
www.clarity.ms
www.delfi.ee
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
cs.chocolateplatform.com
104.111.219.144
104.111.230.79
104.111.239.153
104.111.243.142
104.18.33.19
104.18.36.94
108.128.75.67
142.250.185.66
146.0.227.110
146.59.21.56
146.59.30.100
147.75.83.64
147.75.85.120
148.251.121.152
15.197.193.217
151.101.2.49
159.65.194.197
162.19.138.117
162.19.138.119
162.19.80.91
172.105.232.22
172.64.154.237
173.231.180.197
174.137.133.49
178.250.0.160
178.250.2.146
178.250.2.151
18.156.0.31
184.30.21.51
185.184.8.90
185.20.100.192
185.20.100.193
185.20.100.195
185.29.132.245
185.80.39.216
185.86.137.107
185.86.139.116
185.89.208.11
185.89.210.82
185.89.211.84
193.0.160.129
193.200.125.15
193.200.125.19
193.200.125.237
194.213.62.34
2.18.235.93
20.234.93.27
20.54.110.135
20.85.30.134
2001:678:cb4:bbbb::11
212.77.98.32
212.77.99.29
213.155.156.180
216.52.2.30
23.79.143.124
2400:52e0:1e00::1049:1
2400:52e0:1e00::713:1
2600:9000:2156:f600:6:c108:980:93a1
2600:9000:223f:b600:f:4f64:8940:93a1
2600:9000:223f:d800:1b:5138:8a40:93a1
2600:9000:2240:1c00:11:1ed0:3900:21
2600:9000:2250:4a00:a:e047:752:5701
2602:803:c003:200::21
2606:4700:10::ac43:266a
2606:4700:20::681a:9a9
2606:4700:4400::6812:271f
2606:4700::6811:180e
2606:4700::6812:372
2606:4700::6812:e234
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:801::2002
2a00:1450:4001:802::200a
2a00:1450:4001:802::200e
2a00:1450:4001:806::2003
2a00:1450:4001:806::200e
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2001
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::200e
2a00:1450:4001:829::2010
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:400c:c00::9b
2a02:2638:1::17
2a02:2638:1::1a
2a02:2638:1::3
2a02:2638::1c
2a02:2638::2
2a02:2638::b
2a02:26f0:6c00:2bf::268b
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d018:d29:3602:2799:7e74:3a60:9ac2
3.124.13.195
3.219.110.236
3.69.57.166
34.102.146.192
34.111.151.213
34.120.107.143
34.202.6.86
34.91.62.186
34.96.105.8
34.98.64.218
34.98.67.61
35.157.85.119
35.158.81.23
35.186.253.211
35.205.207.25
35.214.223.115
35.244.159.8
37.157.2.234
37.157.2.237
37.157.2.239
37.157.6.236
44.239.16.115
51.144.7.192
51.89.9.253
52.205.79.164
52.209.1.10
52.222.209.55
52.222.228.76
52.30.188.40
52.46.130.91
52.57.214.50
52.58.152.6
64.74.236.31
67.220.228.201
69.173.144.165
76.223.111.18
85.206.141.183
029b92c84a03a7b9b6ba911e452170f394d1efaafcb814edbc828a384beac6e1
034759a545e372f8668347d5b9c8c6f1b32f6fed8249ff6df729ffb019e0aaf0
061fb6f2a3fc5bbee2d0f8f7ba2c3e8842519cea2d35fde999769c8d775fe4cc
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06db07f26b8d09bc8fd2686db6ff8764d20caa0761d5aab96bdedd3913dc0514
0767c070293f17944c5246f47d8c610131ee16556a032dc3b5820bdac5ec725f
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0846bbba2be93e676a32eeca7d7e199b0fc5575dbe53a5c91c6a8ed646fd453c
08824b9150b8988f070d59236611e2acd04ae14d38e1cec9ce3c02cdba78f0bf
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0be61f51d52b972e22066696cd22061bb83129a4a38e3556d86f6780b6721758
0c42d7b9ecd0248ccb942dadaebf0b75ead780f05f7c3753804f9e5af233876e
0ccf0538f52b60bcff6950afc612c3aa164efaaa929d554b7a9b191872875d89
10500246a382cea643d5be30b598992a1abea3fd497f33cbe0527fdac47bf4ee
115ecff66df8db77ce1140b16422dcf334245b2c5e411f411e46154a8536e5a8
128fe826f7377e487b7bf20d8a42b8f6c5acdb47def31508215d4e2a92a4e3a7
12dcd567b94e5ff847b6cb2f1761eae55c371d5df44749bc9db2b1f1a854085b
130633f2cc0473c6549e4cf14316420acefb9336c00338b257dc8343ed7fb906
13555dce7f25cc3884e6269ceb322506f4b9a06932e67789041de2e0702daf6b
140f99ea0402927d860576ce1454a0f61d03d4ec81924cb532530f7344cb943c
1559afe99a3b418b574da30c159bd0216b3bfec5d234a57918aa92585d6db63a
175d99eb1e12c6fa1714a20351234f13542366b9b0649250add751908eccb968
1781ead518eda813051f0c08ee1276948608f3ecd6cb35558f4fbcd2701b71e1
17ae394bd965ee82cef7b085f5b7232cc26060988938b5d690a24339d1df3d18
17b6bc87b8862b471de648ccc64b84140e8594f924477540387ac3fceb0e4c20
17b941dd8371c2353c9ffec4d972b122a506f2ff94bcdccafbd591fd0af424ca
1b998f92e95d61d41ca185d6581bae80b77874b968aedd739d80d4c0f6b7c8b2
1cadf9428fd6648f25700bdb133825c4b391089352055628c0d44bb052ce8108
1d3308d3664defa392100a7f7591e688732248bf6b1de5354c7e18bb1c7efc3a
1d71f433c4caeb01bbb8cb660c5999757170973a48ac124600b6d9530006b606
1e965485436a460b6ffc44695b148993598bd4e6cdb8447a547fb5609e3ca152
1fd1dc8f5ee5cd680f4e3ce50e2fb9bdcd66fc1014b0337fbc2cd3444a9987c3
20fd98b18d523471ae687971086817766649ce25f32e438d14711561a95bc9e9
2232074622f80e6d59a626bad0e197407d33f65930e6dc5093187e9a161b6b93
22f080b023be7a0cbc680fc6557813565dee0240af572361699b781ed7bc3cec
257ee1e2ce38b9c99ba80cc4e2608f0597ff4fb6e7831aa6a5822270826466df
25beacf40e60bd82db3bf5bdedf1c02926b2d90cedb3e4de012c3be7c4e14560
288fb3e67b906e3e1b248af651918a4df57cf701a2b0ad2b4585cf596209a914
28a323003d6208cb9394e2296be58446ff63ede64c61d64decdf8571814529fa
2d0746ce1aec88d9be2d5458e94d180bff3235d6078d3a70ccc61c0a4e039423
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e5a07d925d576139b36bbe27291fd617722ae997a12c0bbc69be191dfc0ac03
2f3f6589e4f416de5c6c38d9b3b2acae2ebfed796634fc627eb0dc58148fc2b3
30e3bac0b130c83a87f6996b335d689926af980626c144068e508cc4b366d24e
312bba8b53066879826d9a1aa2802be89534450cfc11a2cee98fb9090b02953a
3130878c82cd28f84aa889e281716e60208833e0d1884cef336605dad5d23801
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
348b8db8642779d34e746afaa5d6e87d4a91311fe21bcb3404396b124618bd94
3490d74ff613b464b5abb1b04eda0b108395464fef0c475dfe3dac6d0e70abc9
34f366db74b3f0394bfef7413c8416176c7a06946ef5352bc97a7f8d4f19da71
3910d836521c087be3c3581884fe5744b9c447a9c02cd75ede647ab12161d589
39235861d9bc9a21651d032048c05298d7018a1a70de913b10fd48902e0cd339
39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e
3ad7ec445c350e3df6db55480ecea6e0307a0c6848efabfa53034f3c46f774bf
3ae6818cf5f08794fb0546d5acff9cb7d95745611dac7e34d44682d07289e5cc
3d0ee23a4134fb0629e358ad4a62bd027f25ece26b6b024ab10e0774f9be76c6
3d67c9582414f61f43a63b5da977376c2f07d8315af2d6c700cc0374d5539bc1
3dcbffcd64739fb5596bebca4e4761d7c37bc1bfbf005b1094cd133261b6fb6a
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4164521f0481a8a6309eed9979efd9eb5e2a2fee4dd60f3721d6635122be5ab4
43d770b69af69d2605e20517ba52e4bf913159fb0f3c20167513b0d9feb5cf6a
45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46ab61748e150272aab5c0224e72d0c8a3c6df9f40277db62a52f9f7b02ee637
46bfcc499b55652cd794cfe8e7cedf8c301f90784055eda4cc5ff77e1b2c8c98
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c5da8c49790abf28b9659668be4bc5326c318805a7d1c64689fe091f9a6bb7
48db58cd04b65773df8abaa5d2621d22ccb9bd68624ad2801e5b3812a6c695ed
497bc81fe6f908465004735b2f812cb1b4d6f50d39ddb5d7efadc859d2ee9c28
4b369b8004a7314dddf53a1ef5006d42f971ae7838e7f5f6369f8f1202f2ea2b
4bc1c46e69283dd4c574e242a27e81b22bc35abeeb548424cb451456fbcac20b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a
4f90e6c4fcfdb035349045252a3a8db6ce3bbb987881a31696e2bbae6cac681b
5096e1f9406ce465812de1d084f51d82dc84dc12d4ff85f50e4406c61d7cb99d
50b3f42e43e983485154e27f225912c6f14b7058702cef879e7b5b37a59e9b8b
51888b7a624cdd15f47dc2d3394afec8d984518206187c5a18e832149c0b2b33
52036e323fca4d2cb6f0fee2d99bc0cff78cda2dfdded17e8280d92fc833e73c
528aa7f04513aa2d4ebac4dd0ef1e6d516673e863d62978ce1d4ac3403c57e0a
535be4b8bedf82433d210152dfb19dd4eaf5796c4e61c2be1c2ed356827b5580
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54b81f9de5a85c8755771be7b864d44851b36c46faccf7d7edf8d2a4df0a4c54
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56e180ac5250ad14d2f7aa82adf6f4f5308416820f6777dc6f5b09b975a38a4a
578df5aea91ff2cc8fb30ed380cc68137bf9f92ad755cfeb73d1e1c0929953bd
5797691548eb8ee126ca300c213860aac9a5c967f1066e301cffc03aa13e060e
582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
5b51cae9b4e7465391df8ca6e3030ae6820fe4ed09db0f5a324f920062085b92
5b7072d214cc3eaf3c94e9e714d13ebcd52964305eb2d0910db4daf47bedc7ce
5bbfe1c20fcae5fe45703a6de26cbf59d1feba312d4545b9dd36c4c8e8f6ba6e
5cd230bf83d57586f16713d39089731184ea39e5810f039a7e5ec7abae4c61ab
5fbbb9528b089a72249f693cad6b7ed373b4a265f57ea55539fd14b4375dc3af
5fd8663b96c0916efbc46a80a2608bbf1a12cb81726c2655b49434b40041ed09
60031fc7e21875f8d8e7e5275c013427dd04707dc262732711ac2c5e5f87b1e2
60e60bf2583cf7444b00a4b0b8d46de5fd5816f768fc72fd71c643357132df69
616735bb340d135faa5069eb3cc74f3da1816574c985b95422cd6443dc385544
61835352dfbbfbfae4345655fc7451e580272b28a4aa3377fe008701ac7ebf34
61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62735486991538728d8c30f29d00bb8e5a0502099c94bfcc0f9041dd5cd7d1ab
631ba992573cede3fac2abff6596ec08e5c13b3610b0c24007ccf955b2ff99f3
636bddb174851e2833093b65e1a8623b7e1b1f4510c32a3689f0f7419e86fac7
636c486cc865655e882b671daac5c2edad7fa375be58a343d57364e385f6ebf6
63b98a678c021f497e7183661d70bcd9479c8db92b9bc47f90aefb16e6bfd39e
658c24a761f1cd67cd477a948235f1cf41ae27701c644672a362e807a5f52e90
659a8dee04b272c247129ff6513d23c16f4f9c183b5d64e7347815af8861a2a4
67502858bb2ea92e12d56fe4a8105d418e5d67307b70d7f611b55d13c3e9c91a
6812a2572b917d923a3911976851569cdf0bbaa7a945475bc721ee132180c34b
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17
68e8b50cae11cb5a69456286cb45cff2e2a26c729b234edc821ee447c140eb36
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6b0f65ee878e30a26b3ebc7fc2400a91d20d17831f0c57d0cdc3b94210e2c62c
6b1a904496300b3e8367894aab2c9769af60c1bf58f349bd68938afb124db13c
6b29a24ecbfdf39d98324d3bc72a89a354841a9525b7ae43dff67fd23fbe6860
6b80602adff90338777660352c19a01224ee11ee235dd49ebcd908bf7f3e1a09
6eb941bb31208b3eebc8182d024522793e98e421df67a8aacd5c58b2fb34e9fa
6f60b024b9991c6c8235adc277353ad6624bfa4f2c3384e1ee1e107131dcb5de
6ff5cc2145c401af0972678f3699b00ce80ff12fb693e536f2d02fb26a50ad8f
70f963c170ffa95c3c80d356973c4cf1fbc09c77e3a2d6de736e8dab00d6e49e
7123c5289b2a4b95dac0f29587266e64a33c1a106234d2563ed9314980d6d3c5
71ce95794a54014cee22df5b47dfec91372a275d24d04554bb69872427b62d68
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7276acf61173c532dce357fd73ece5d5575a0b26b3a192bab57cbbb81ead8195
734aaa0d44ca42191ab9c5a40691cbbb5bacfbf7a0531b609846bc0a3bd436f3
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
761666601d90e2e64917999f7ee900cb3c3947ca931640f717087b0ef44b7908
77677cd3d62f53fce403b743c6ab0dfacf6109cfa5f2c511a57b0779222c76de
7797a72d98e5347b064e83d9394ceef4080c873c4b9c5f6398fc5d094338dfbc
7808cefe03b8d274a4a62d9b0eea281a30c7ec6b4528d3759bea36bb4cab076a
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7a7fd5de75ac14b088a668c435fdd1e330a17a6f83aa19c7ba8f4f0243ab641e
7bfd768532dbe4c3022a14d6bc710e546cfb4488d6b1ba995f6ac14e58118ef3
7e78a8b632cbbc743af9a2c010c3109e8e882bbf6f2b46827a280390545dff37
7ea1ec0aefaa90f6a24d14704bfec78915269414c3b56eaa9783cbb02a0f08e3
7eee12a57a1a8043c6e5dc3876bc05a9f4ae3dbac8c615b3b93109a4f5465bc6
8102bbc40c56e9c1d59491b9b7c02a1547c0f98558c57cc275447173ad2d836a
82988b54675d4bb4ed6430ba566bc19eb7e777f83535bdce2410468f1eed3d71
82b91c403bb4593185c877340c69d6b279f57903e9ebeffac57536b748058d5e
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83cb7f810bda6b1257e48d07c0e1c2b20c871b3b87a60375c82008c09e8f9f33
83dab66281ba3abd852360ae1859803e4343111d695a69beb27e27c5d99c9f60
843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84f67b2966de0f841622921ca23f6c07016c100670bfe1e3bc2194f04124b0a5
859ca09d35e47fed4262ed3230d408da83dc76731555d4a22663f8f54ab61b60
88942ce68164cfbbe371888de3267d0f25dcca9eb0c305b9edbf73e3f0d2dc99
899a6741bef37726e85db4ebfc9e191314ec13061f4f7e261ab9b038c039449b
89ad4b1178eb01dd32c8e129e0163d6d6f8013c593d038dd211b57795a360813
89af0bb6af72eb533322e596deb7238dcbafbbcbb566953222d339cec663ac7c
89f1fe4576f06f0a45750e6b565640813f99097b91b2c0134676e6cdb0285407
8a895f7bc70edb8c022c6a3e8eadf4899f074c2ad922756e7c9542986097e80e
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
8acafe6f4b12d740951707477252d2faf4d40ee944b015b31b3bbed8030d7720
8b0fb17b69c707614669f65102063f3535305f605e39f62a83da8ccea3acd072
8b9b81833890ca4d17a848f43d9e0a2f9901c114841bfda055c7b0855c8ba861
8caf34bb3d754280d433d860fa573a145ceb3f600da646c2d4f8594d3c04de94
8d3b4694f2e7d6dcf5af611841acb794ed26ec7efc51ad0fe332a89ab3953074
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e3e8f4dd61d9d371d0903f3e3dfbd49e8a3e28a2204efa9c539cb6ae97dfc03
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
93017475e5db031ecb307e0d1f1dd29e86424a736f090fffc567022e781162b0
9797056ed209e3249b405f3e32b5ab79c5520779bed626e1955c2ba59c244ab8
97a4a8476d4d4e21d113d55fbaaadb00f21faa1894de781ec57ce936858044e7
982af4005e04d45dfea9ad1798326202180f5272eaf287fddd693d888ee64b94
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a0be1678fb27836fba9453a29914702070cc954f5f04e6983b7dce6cd78d7aa
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b58b63644421acc64b96b5faad50fafb186ee7e68d74cf809ca33a296c0d0af
9c277a79dcdc7614fc9953389bb3cc48e9c825e960ea09434bc6d85abe64ab90
9cb93fc023cca355260310e41056be397ecad26f94a578c5b147762b40fc6d3b
9cc6ab73ac2eaa21257d8ba0164a60a54bff592eafc719ca9c593deb7be1314e
9d9c68df27c7b51af7b8fc378df8184ecbda9bdfb7a3e814cbd33307c524b779
9d9f853f94d3929dc801d1c0826d6d038d0df0f1188e36e7fd3c2450facde25d
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9e66ef31e40868d5251f0832216c3a89a3a648e86115f10c208eed979ce28816
9e9a0fee08f54a7955afc0f906fdbfca87e2d33860d26a713bf052bc185588f0
9f4f1d7abcc0736bf3c2a2acd22407f5cd35c93717c5c4084994e835bad77f34
9f946e1b3343b9faad43eaa52d71c45d4c72dcdeb64dab680ef894696099005f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0af71ce534a68018a11dd6dd8ffe0719dbedc760342e805fc2746d662e21beb
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a117b034192abecf44de07685723cbe687528fd32a62a1b3ca6710dba9c81be5
a2530d20bd1e722015d1032c2cd6ecf9fe1eb919114ae481ea8bd0e1064bdd7e
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3878d7a4119b2c2112f6cf5bb937b5ba10644b615e0ffe8bd202d68f04b5bab
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a5620ee6ac728746de133d1efffe0c832aafe5ec0d0c4471784cddfc309f6bdc
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a8e569c6b142749ede87864a02062dde19cfe144468d5736991b01b8bdbce3e2
a97afd769b3d774563606be9e943789398af5a1bf3583c2bc9a81f99832aa2b2
a9ac6046f8cce32bde5238fada9a022744bb9ade5f0a66a80d26174a11cf92e2
ac3c56b2ac3ad7dce46b8a74bf0a84a8797a6075c304e39afb8c2538478aee45
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af5d92a651ff61aa013f25f3233ecf41a48c1874d06a4a746c1e439ec15f3dff
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b35254e22213eab05ffc2b800d06c393f207d4bd337dfce8249fd3d4e611a5e4
b358e54edce44a1bc7be10f28169b25970f83a6975aab03e7fd8843c35c46e90
b36ca1976b0e00e95a8548ec6642e81363f0b532b13c65e6f1e0cb2e9fe30190
b40ed885c6eabc68309c7e3377008ec3aaba2add66e43fcf6fc2851cdc6a2f98
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b711fcb1b4e8723829821f9e8cc508ddb8b0a55623bc3b47a450941a72c81d9d
b8fd48d8c0ed5817c939e37f573fe2d0638cc09f78623b2c551b9558505bf724
b95e80d32878064e552e0065b9dcb0976935ff1de538a06ce1efab1ad8476dca
b99a8be0c36ac7fb2303d06b4cd2c851c7e6a97a1c7788747f1112091f57e7a1
ba48279698256407a807fcce977e810fe02726d7ac731b813061103597947b27
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb3684ef7266f022db69060a75fa243a86e86dcf539820c520854d3ae5f8b737
bb9b4b3419b5b5e15972fe87a101473561bfbf5424a6ddf9d41baf458407e2ff
bc088667e6fd51be04d5f244ecf781d63c479bcbb73aa672e12d3150b1fb7192
bd8b521307332fcb0a59ff2cbfe324322d6f4108b24363b6c8d26a0ec8be50da
be54ac8b9843afcd92dea7b3e72306efec71ba3b6365f679f179c7ca4a0aea9f
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bfe0eaff17ffdaa22d618142d46972e211a8cf20f2c1aa2736c4309b51e47798
c0b59c362ae740c391e742fa4517d90b9461b416b9bec855d14c04603dbaf71c
c13284274710542c09b0d6c39e6fb7162bb7944a5317cd547925634c5f073a69
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c492e2b9a7304797348acca606dc8d7dd0d6c72fa2c1e143b14a44d3bac054c5
c6242998611a072ddba615e6801def896faeb85cf731c71d70bae8856a942098
c63d9de578c3fb4ae746a6e56699eb4f22ad2926f76449974fc4728a0706c495
c650d0fbb45ef392b52f93734a432c1aa49f504885ccd727aecac7619305abd4
c76841bef31311258c7740a1812f084f6d99705bbcd11031f8ab7b8552481955
c81d6e29bc1c490de18044bccd3b8ed241c4205065c10eb995fc4da77b80525c
c81dcbfcda9318d5f8a090d0de11268066194a28159e3c058582022c60ef5b1e
c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040
c85fc7754f20007829760c6881ca59ff087a718b79eb2d313ebae8c7157b2f2e
c92250f6278d3c4b22d509d860abe40ab033b5283a3e8113756758fff06661d1
c9b3da069bfd7028baf8c2f4798509fa35dc7019ea9ef303816a81065442ae05
c9ebb96845fcdc72ea695b71a3416e53c34781cc91621accc04f1a8325427e80
ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3
ca5ca6f70f766681b145025fbddc0c8c6c37837c0fcc1750d8e8673ea844034d
cb7d4b6defac029139f3ead2887c67528d65814ec12d46d6933590be69b39999
cc6875534131c837c1f154950dd07dba354bc8f001e278135351e1324819a9c0
cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11
cdd9258e1dff12b31b6033b9062f211ca59beba17e118ad46d2363b376b213d5
ce048ff4460e839cd6adbce76d20e978fc2a7b0c24c3db950bf8e9743b37dd27
ceef230b59267f1a70ffbb6e8085c8cce69a932eb17bdbfbb5c5a40f52cedd6a
cf1d5d86ca5d28adc1ef6e0c8e2b6e00fc6ad5967c02c5d9249032294e22dfc1
cfed7b1fe796f54a11093db02cfa40651b4e66253019fd26bf3b2e5181e84655
d053185630eea870e007fda9b79eca89d525028a5e440545c2f2bc8e51a1d88c
d0620cf403bf1a2b1f9851996d3575f654558ef9a3214b5cc4326c67cb3fdaef
d11cac4e3b5682896f1d2cacb1bb8dbb51ff5c0576ca093cd32ff2c226cedba3
d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4
d13c75713381c668ec955f74116b433d677f22b38b7d7d948a34d533b485b11a
d227948a0d939b0aed992f473f8fc2f52c8abbce9cd4c96994e69035a0085dfe
d448536317882d8033f13215d287f666ce2a3ef2d5d1d8bb14580298563ed62e
d47ddc632997f08acf02e8adc338712025bf65f440143edf9911aeb5933d8670
d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b
d8c9f4c47d3f08140b298e893618cf3262a736cf6bf1533f486bd24ba160d968
dade59558d38e1a576d00ea4b40cb0c2aed6240e4be39ae981f515b06a82665a
daed3ed668202e766593e7ae1fd864a85ab1182b69569e33b15359853ef4e69e
deeba3675aa919d5a842ee3c9776291d7d441daa96bfa3c6dae97dd9a6b1a805
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e0f21b5ae57fc9ddbfcdfa6a811e087f24c53ae5103b59d53856c5fc0d472e20
e102a02b0c2a53736ea93c41b9afc3857d6ebd465feefc5f075851fbf8fa8f8b
e2528413d4b10519aae546fb2e84506b0a698aaad34dcc5aafafbdf08aa6703c
e2954e20a0a06a61c69c8333a126041986bbf67ec08a2a7a23011492fb193a5b
e2ae67d364e8217c4c10a9cc3b732d1c0655a5feb0b215784a90a860c51df86c
e2eef2c9aae1d3a6abebccee1ea5359e27c2509458379b6a3ec152aa4524e073
e3185bd85c020c5ebd8c701a91f13e6c410e59d566aca5112fb889f76fb2eb60
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3eac4d0f6d99ee509b341a9c3954b6c179d52bf0851fed3c55d6931f8cf1598
e418a82810699953d2e90518dec847500c89fa15c55dd393966aed920b3ff62a
e45d629986d85cae90259b1b6271bc3324d4b8ae73e0b6446b952e8350bd461f
e5ac72556ce8b66d98fd8bba8465b9e236a65046592f90b42f5b3f0bc8c07938
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e9bb1331830a18e2504d966f1fa931e711cad726e454722f324d63534cec97d9
e9be87a74ed06a19fbc76e30339df8d46b95c55d82645ac78fd5d86f6af2f679
eafd4b85fd576c0fc4669625485be59a2723c3e34ca1f572087b0e62537c137a
ebc6160fd0ab89a9e05ed3fd44dd0c68f67948de72c8464142fd7fa8a2f83ebc
ece0d1f961d92256b5e219e6805394655bf0fb5d86aa22745a9a0bd4bf661f8d
ed0a8519fdeb8659b31c662082424bd6058475171610cc5694ca051d63987a0a
ed343bd6fc027c96a1b983d60e2fd05c862e4d7c2fdd9a96c98815803b77f9c0
ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf
ee2e4d042c914282079391c2e16ce62c29b6a6053571ab98341468567b271eb0
ee72d5b4f5b501955ab0ed550f5f3a57474e1bf8aae144d6bf5e6cc99d5947a9
ee7e4a24daafdb8c937da249dc9bf3786eb966f53cbcb436a950e49298e8da75
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f066a6392f3732829e95d97ac2a3dfb7dc7d35fc88d71a4ef62ff8f70399326c
f066f881ead135cd4ee88cf0c80ddb796f8841fc536a7950d4f7102e0502be2f
f08c94a636dea8c08b6a50658ba1200281007d4fba996ac05cd2eeb0b873d32d
f156e91d37895992e31eb51c5abde817b0844723f5ccc1e81ac4e00c3fdb78ff
f15b4b0fa23d6baa61aca3295d3c0af639ad37035b7fae67606edc012bf163c9
f1bb4f4e526c417896deb5521d188bd77fc982b0ed258cfbfa91dccc681548e0
f2b03f4b55d9742943b14e9f2155c3e2b4c555e13f2998b5043d0bd9eb873895
f42c0f8f346250ff215abbf141f82ce17d469f20bb5f38f7a0bc234060ae7b6f
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f577446f56c55ba9e79422cfae2f5bbc11aa041763a5e139a2366d8df928102b
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f654317493fce1d2f546f3011b67f1007603835f6e534d967cedd45a8258d7d4
f8a77a5dec9bcd7feb2c70c991e4eeba05532a2930586fd7b3455226d46e87c4
f97f3654e57ff30bfdf8e16a8ebb79a96268e60bbef8a6f9896098905d4eefc1
f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a
fa2806486af42bad6837239bcdfed870cac6e82311b320091568082c4e0d2fa5
fb24b714b6d049bb1649e0037fe7a13db3d491e83a843d0512bb8ae7e7282cce
fb856ae545a76edae74c29c335663cf347bb52dcbb01fd6c2b73fc69e4d43add
fcea1bf8b53192d0e9f786bc6b7900a1a65e59caecc6aaffaeb25e7ed0bac2d9
fe0d9b0c47e56700062e1e6cfcaa084f5bfd85a7901721f9c8ce651b60c59a6a
ffbb64073b4dcdf325e6e40a546b7507fbb21f62619904138858263cb23c36d0
ffbbe56bf8e357b215eafea3a0c591db1bfb363bb956399f0d5a9c0398faca29

kroonika.delfi.ee Open in urlscan Pro 185.20.100.193 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

669 Requests

82 %HTTPS

34 %IPv6

93 Domains

169 Subdomains

113 IPs

13 Countries

10719 kBTransfer

19791 kBSize

55 Cookies

37 Outgoing links

Redirected requests

669 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

kroonika.delfi.ee Open in urlscan Pro
185.20.100.193 Public Scan

Screenshot
Live screenshot

Full Image

669
Requests

82 %
HTTPS

34 %
IPv6

93
Domains

169
Subdomains

113
IPs

13
Countries

10719 kB
Transfer

19791 kB
Size

55
Cookies

669 HTTP transactions
3 data transactions