urlscan.io logo urlscan.io
SecurityTrails logo

baubau.bg Open in urlscan Pro
164.138.217.72  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://baubau.bg/
Effective URL: https://baubau.bg/
Submission Tags: falconsandbox
Submission: On February 25 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 30 HTTP transactions. The main IP is 164.138.217.72, located in Bulgaria and belongs to SUPERHOSTING_AS, BG. The main domain is baubau.bg.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 24th 2023. Valid for: 3 months.
This is the only time baubau.bg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

20    164.138.217.72 (Bulgaria)

ASN201200 (SUPERHOSTING_AS, BG)
PTR: vpsxouaz.superdnsserver.net
baubau.bg
static.baubau.bg
2    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
20 baubau.bg
baubau.bg
static.baubau.bg
541 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 105
253 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
136 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 30
20 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 6149
408 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 77
345 B
30 7
Domain Requested by
17 static.baubau.bg baubau.bg
static.baubau.bg
3 baubau.bg static.baubau.bg
2 www.facebook.com
2 connect.facebook.net baubau.bg
connect.facebook.net
2 www.google-analytics.com baubau.bg
www.google-analytics.com
1 www.google.de
1 www.google.com
1 stats.g.doubleclick.net www.google-analytics.com
30 8

This site contains links to these domains. Also see Links.

Domain
ec.europa.eu
facebook.com
www.instagram.com
valivalcommerce.com
Subject Issuer Validity Valid
baubau.bg
cPanel, Inc. Certification Authority		 2023-01-24 -
2023-04-24		 3 months crt.sh
static.baubau.bg
cPanel, Inc. Certification Authority		 2023-02-10 -
2023-05-11		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-02-08 -
2023-05-03		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-02-08 -
2023-05-03		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-02-08 -
2023-05-03		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-02-08 -
2023-05-03		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-01-10 -
2023-03-04		 2 months crt.sh

This page contains 2 frames:

Primary Page: https://baubau.bg/
Frame ID: B79C26A509816417F07D406CD2B6A494
Requests: 29 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 4E1B1AC48DF62D07619F8824C52B1DE4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Зоо Портал - BauBau.bg

Page URL History Show full URLs

  1. http://baubau.bg/ HTTP 307
    https://baubau.bg/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

30
Requests

97 %
HTTPS

86 %
IPv6

7
Domains

8
Subdomains

8
IPs

3
Countries

698 kB
Transfer

1735 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://baubau.bg/ HTTP 307
    https://baubau.bg/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
baubau.bg/
Redirect Chain
  • http://baubau.bg/
  • https://baubau.bg/
90 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
390c07c479b567ca3b565f941588d798cb46bbeb9aff89f8e51e08458ec3e0f4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate max-age=600, private, must-revalidate, post-check=0, pre-check=0, no-store
content-encoding
gzip
content-length
23243
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
content-type
text/html; charset=UTF-8
date
Sat, 25 Feb 2023 04:15:53 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
permissions-policy
microphone=(), camera=()
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://baubau.bg/
Non-Authoritative-Reason
HSTS
montserrat_latin_regular.woff2
static.baubau.bg/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/fonts/montserrat_latin_regular.woff2
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://baubau.bg/
Origin
https://baubau.bg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
19172
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 08:41:14 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Sun, 26 Feb 2023 04:15:54 GMT
montserrat_latin_bold.woff2
static.baubau.bg/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/fonts/montserrat_latin_bold.woff2
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://baubau.bg/
Origin
https://baubau.bg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
19480
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 08:41:14 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Sun, 26 Feb 2023 04:15:54 GMT
montserrat_cyrillic_regular.woff2
static.baubau.bg/fonts/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/fonts/montserrat_cyrillic_regular.woff2
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
637fc05835856f967578386134fe8a10b4fc4afaae082c8052226d5bd5a23e4e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://baubau.bg/
Origin
https://baubau.bg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
12196
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 08:41:14 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Sun, 26 Feb 2023 04:15:54 GMT
montserrat_cyrillic_bold.woff2
static.baubau.bg/fonts/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/fonts/montserrat_cyrillic_bold.woff2
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
1ce6685465805e98dfd2b3633e74711102167bc0ae656c536ba35587c20aeba4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://baubau.bg/
Origin
https://baubau.bg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
12228
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 08:41:14 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Sun, 26 Feb 2023 04:15:54 GMT
vendor.699.css
static.baubau.bg/themes/baubau/ 		5 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/themes/baubau/vendor.699.css
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
fed9918655dad71154d8dabf519dad96841a2ab56fe684f2190ad6fe435e1f8f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
2326
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 16 Nov 2022 14:17:20 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Mon, 27 Mar 2023 04:15:54 GMT
main.699.css
static.baubau.bg/themes/baubau/ 		470 KB
59 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/themes/baubau/main.699.css
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
fde1a653d236f78c29309a161cbf06b8e546b391e98fd3d4fc2f32a31dc324a2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
59925
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 23 Feb 2023 10:59:14 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Mon, 27 Mar 2023 04:15:54 GMT
vendor.699.js
static.baubau.bg/themes/baubau/ 		127 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/themes/baubau/vendor.699.js
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
c926a2de854c064b4bdb086fd9022f8f620bf93f0eefc0a801f5c14daa4ea7cb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
46273
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 16 Nov 2022 14:17:20 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2160000, private
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Mon, 27 Mar 2023 04:15:54 GMT
main.699.js
static.baubau.bg/themes/baubau/ 		133 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/themes/baubau/main.699.js
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
d30b0fc00354278f07d9ae9d251b8717a85ea1cd15d4f1d70afda3dd153a6395
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
32773
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 23 Feb 2023 10:59:14 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2160000, private
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Mon, 27 Mar 2023 04:15:54 GMT
baubau.png
static.baubau.bg/resources/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/baubau.png
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
cd5468e0d667ba05e71458a0fccb6da374c6d7711fe9a5ae659e140e34cc7b2a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 14:50:16 GMT
server
Apache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
1619
x-xss-protection
1; mode=block
expires
Mon, 27 Mar 2023 04:15:54 GMT
transp.png
static.baubau.bg/themes/baubau/images/ 		68 B
129 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/themes/baubau/images/transp.png
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
8a8a6d6325c5391079a56dc9a9185ef79618a784232a529db8b9809d3260e4cb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Apr 2021 13:08:32 GMT
server
Apache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
68
x-xss-protection
1; mode=block
expires
Mon, 27 Mar 2023 04:15:54 GMT
loading.svg
static.baubau.bg/themes/baubau/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/themes/baubau/images/loading.svg
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
44701fd38705d2fd411beded55638d72c348fcba76b04773d571e9e4be72a7ad
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 05 Mar 2021 12:57:15 GMT
server
Apache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
4253
x-xss-protection
1; mode=block
expires
Sun, 26 Feb 2023 04:15:54 GMT
paws.svg
static.baubau.bg/themes/baubau/images/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/themes/baubau/images/paws.svg
Requested by
Host: static.baubau.bg
URL: https://static.baubau.bg/themes/baubau/main.699.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
e487b1f3b30e8a3a5a31043594b2bded1b2e2215decf9b76b21505d4456cddd9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://static.baubau.bg/themes/baubau/main.699.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 12 Nov 2020 14:57:35 GMT
server
Apache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
42886
x-xss-protection
1; mode=block
expires
Sun, 26 Feb 2023 04:15:54 GMT
bg-pattern.png
static.baubau.bg/themes/baubau/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/themes/baubau/images/bg-pattern.png
Requested by
Host: static.baubau.bg
URL: https://static.baubau.bg/themes/baubau/main.699.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
1568afa5785fee8320c126c145626b9b2a3e70dc565087c4957646d7b61319d8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://static.baubau.bg/themes/baubau/main.699.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 12 Nov 2020 14:57:35 GMT
server
Apache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
6797
x-xss-protection
1; mode=block
expires
Mon, 27 Mar 2023 04:15:54 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 25 Feb 2023 04:14:50 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
64
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Sat, 25 Feb 2023 06:14:50 GMT
cart
baubau.bg/ 		59 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://baubau.bg/cart
Requested by
Host: static.baubau.bg
URL: https://static.baubau.bg/themes/baubau/vendor.699.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
f612ad2be431b201dd19f3cde7312754e0a69ad811cc46f46064309e2926f6ae
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://baubau.bg/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
61
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate, max-age=600, private, must-revalidate, post-check=0, pre-check=0, no-store
permissions-policy
microphone=(), camera=()
expires
Thu, 19 Nov 1981 08:52:00 GMT
getDOM
baubau.bg/action/ 		1 KB
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://baubau.bg/action/getDOM
Requested by
Host: static.baubau.bg
URL: https://static.baubau.bg/themes/baubau/vendor.699.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
b541440807ccac75bbdbafbf2399dbaf608a978ae9f594ff3295d8a1b895a1a4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://baubau.bg/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 25 Feb 2023 04:15:54 GMT
content-length
465
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate, max-age=600, private, must-revalidate, post-check=0, pre-check=0, no-store
permissions-policy
microphone=(), camera=()
expires
Thu, 19 Nov 1981 08:52:00 GMT
collect
www.google-analytics.com/j/ 		4 B
205 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1378768413&t=pageview&_s=1&dl=https%3A%2F%2Fbaubau.bg%2F&ul=en-us&de=UTF-8&dt=%D0%97%D0%BE%D0%BE%20%D0%9F%D0%BE%D1%80%D1%82%D0%B0%D0%BB%20-%20BauBau.bg&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1077544494&gjid=1292345022&cid=1407627510.1677298554&tid=UA-3815385-54&_gid=259689064.1677298554&_r=1&_slc=1&z=1852529271
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://baubau.bg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
345 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-3815385-54&cid=1407627510.1677298554&jid=1077544494&gjid=1292345022&_gid=259689064.1677298554&_u=IEBAAEAAAAAAACAAI~&z=1899971319
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sat, 25 Feb 2023 04:15:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://baubau.bg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-3815385-54&cid=1407627510.1677298554&jid=1077544494&_u=IEBAAEAAAAAAACAAI~&z=1212195048
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-3815385-54&cid=1407627510.1677298554&jid=1077544494&_u=IEBAAEAAAAAAACAAI~&z=1212195048
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
transp.png
static.baubau.bg/themes/baubau/images/ 		0
0
230220145602saveti.jpg
static.baubau.bg/resources/ 		118 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/230220145602saveti.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
2e8b086fa9456de058e6b0c7c8ad9f8e3dc9d509daefa142052ea9df0ee2e692
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 21 Feb 2023 08:30:17 GMT
server
Apache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
120625
x-xss-protection
1; mode=block
expires
Mon, 27 Mar 2023 04:15:54 GMT
magazin-final-min.jpg
static.baubau.bg/resources/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/magazin-final-min.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
28addf87311f493801933b04922a53950d1cfcc5a5dd79b370946b52f16a0a33
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 09:13:26 GMT
server
Apache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
29353
x-xss-protection
1; mode=block
expires
Mon, 27 Mar 2023 04:15:54 GMT
media-final-min.jpg
static.baubau.bg/resources/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/media-final-min.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
8b0d1f3f939a03903c6c710f6ce1da66d39830e0a85c0b9712bcbbac434fbfb1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 09:13:32 GMT
server
Apache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
36307
x-xss-protection
1; mode=block
expires
Mon, 27 Mar 2023 04:15:54 GMT
spravochnik-final.jpg
static.baubau.bg/resources/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/spravochnik-final.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
3d43430e9eaa60c1b8d1b555c15cd4b338108569e08359067c5d74c88c412634
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 05 Mar 2021 13:06:56 GMT
server
Apache
date
Sat, 25 Feb 2023 04:15:54 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
80165
x-xss-protection
1; mode=block
expires
Mon, 27 Mar 2023 04:15:54 GMT
fbevents.js
connect.facebook.net/en_US/ 		106 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cab52dc3525d23d87fc3337ea17253060c6f723389a33e62699d510f1878972b
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 25 Feb 2023 04:15:57 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27843
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
r46qcqmKQ6Vd0Q4+qA1hxfUc9zC3Cid1JkInGZKVy18vPr7kIJ1nzJtLZN7mhCDBGM+OCmQpePpAE0mDKrOAbA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
136440011760922
connect.facebook.net/signals/config/ 		377 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/136440011760922?v=2.9.97&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e34a166a630c2f847c1d2a69ea45e9169db9483f796ea3ece109cb43fa390084
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 25 Feb 2023 04:15:57 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
P41Td72hJTyMQxltiMAlg7fOeyi5GjySttye5Vofa3tlXnWFyWlW6AaGTRfMOxPSX1v0sFcnRO/kRkQSmrwWNA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=136440011760922&ev=PageView&dl=https%3A%2F%2Fbaubau.bg%2F&rl=&if=false&ts=1677298557606&sw=1600&sh=1200&v=2.9.97&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1677298557605.1340430715&it=1677298557446&coo=false&exp=c0&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baubau.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 25 Feb 2023 04:15:57 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ Frame 4E1B 		0
68 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://baubau.bg
Referer
https://baubau.bg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://baubau.bg
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Sat, 25 Feb 2023 04:15:58 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.baubau.bg
URL
https://static.baubau.bg/themes/baubau/images/transp.png

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| curr object| lang function| tns object| bodyScrollLock function| $ function| jQuery function| lazyload function| LazyLoad string| GoogleAnalyticsObject function| ga object| ga_pixel string| dir string| uri number| ww string| theme string| layout object| sliders object| menu object| search object| busy object| checkoutAgreementToggler boolean| resized boolean| fullscreen object| lazy object| ajax object| modalConfig string| fb_app_id function| hideArrowOnInit function| lazyLoadSlides function| hideArrowOnChange function| load_search function| load_rate function| address_tolatlong function| oauth function| facebookLogin function| popupwindow function| compare function| compare_scroll function| getURLParameter function| notif function| ad_flags function| emoticon function| load_tipster function| countdown function| price_rate function| load_lazy function| loadMobileMainmenu function| lazyLoadVideo function| lazyLoadDOM function| intersectLazyDOM function| prepareMediaBlocks function| escapeRegExp function| load_selects function| load_sliders function| resizeSubCategoryHeader function| loadGalleryControlsAnimation function| loadGalleryZoom function| loadImage function| modifiersCombinationsSetter function| getOverrideShippingParams function| sendEcommerce function| respond number| width object| $accents object| initialX boolean| galleryLoaded object| galleryImagesLoaded object| cart_scrolled object| lazyContentObserver object| accents object| google_tag_data object| gaplugins object| gaGlobal object| gaData number| tnsId boolean| facebook_conversions_api function| fbq function| _fbq object| facebook_pixel

5 Cookies

Domain/Path Name / Value
baubau.bg/ Name: baubau
Value: c5900147531d6877637bb81cdeb854d4
.baubau.bg/ Name: _ga
Value: GA1.2.1407627510.1677298554
.baubau.bg/ Name: _gid
Value: GA1.2.259689064.1677298554
.baubau.bg/ Name: _gat
Value: 1
.baubau.bg/ Name: _fbp
Value: fb.1.1677298557605.1340430715

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; img-src * data:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

baubau.bg
connect.facebook.net
static.baubau.bg
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
static.baubau.bg
164.138.217.72
2a00:1450:4001:801::2003
2a00:1450:4001:812::200e
2a00:1450:4001:827::2004
2a00:1450:400c:c00::9d
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
1568afa5785fee8320c126c145626b9b2a3e70dc565087c4957646d7b61319d8
1ce6685465805e98dfd2b3633e74711102167bc0ae656c536ba35587c20aeba4
28addf87311f493801933b04922a53950d1cfcc5a5dd79b370946b52f16a0a33
2e8b086fa9456de058e6b0c7c8ad9f8e3dc9d509daefa142052ea9df0ee2e692
390c07c479b567ca3b565f941588d798cb46bbeb9aff89f8e51e08458ec3e0f4
3d43430e9eaa60c1b8d1b555c15cd4b338108569e08359067c5d74c88c412634
44701fd38705d2fd411beded55638d72c348fcba76b04773d571e9e4be72a7ad
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
637fc05835856f967578386134fe8a10b4fc4afaae082c8052226d5bd5a23e4e
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
8a8a6d6325c5391079a56dc9a9185ef79618a784232a529db8b9809d3260e4cb
8b0d1f3f939a03903c6c710f6ce1da66d39830e0a85c0b9712bcbbac434fbfb1
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b541440807ccac75bbdbafbf2399dbaf608a978ae9f594ff3295d8a1b895a1a4
c926a2de854c064b4bdb086fd9022f8f620bf93f0eefc0a801f5c14daa4ea7cb
cab52dc3525d23d87fc3337ea17253060c6f723389a33e62699d510f1878972b
cd5468e0d667ba05e71458a0fccb6da374c6d7711fe9a5ae659e140e34cc7b2a
d30b0fc00354278f07d9ae9d251b8717a85ea1cd15d4f1d70afda3dd153a6395
e34a166a630c2f847c1d2a69ea45e9169db9483f796ea3ece109cb43fa390084
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e487b1f3b30e8a3a5a31043594b2bded1b2e2215decf9b76b21505d4456cddd9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f612ad2be431b201dd19f3cde7312754e0a69ad811cc46f46064309e2926f6ae
fde1a653d236f78c29309a161cbf06b8e546b391e98fd3d4fc2f32a31dc324a2
fed9918655dad71154d8dabf519dad96841a2ab56fe684f2190ad6fe435e1f8f