blog.framar.bg Open in urlscan Pro
79.124.75.51 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Submission Tags: falconsandbox
Submission: On September 27 via api (September 27th 2021, 3:55:28 pm UTC) from US — Scanned from DE

Summary HTTP 131 Redirects Links 49 Behaviour Indicators

Summary

This website contacted 26 IPs in 7 countries across 16 domains to perform 131 HTTP transactions. The main IP is 79.124.75.51, located in Bulgaria and belongs to TELEPOINT, BG. The main domain is blog.framar.bg.
TLS certificate: Issued by R3 on August 15th 2021. Valid for: 3 months.

This is the only time blog.framar.bg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	79.124.75.51 79.124.75.51	31083 (TELEPOINT) (TELEPOINT)
4	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
6	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c01::9c	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
9	2606:4700:303... 2606:4700:3031::ac43:990b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	78.128.6.34 78.128.6.34	31083 (TELEPOINT) (TELEPOINT)
1	145.239.237.56 145.239.237.56	16276 (OVH) (OVH)
5	185.29.134.249 185.29.134.249	30419 (MEDIAMATH...) (MEDIAMATH-INC)
8	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
2	138.201.63.164 138.201.63.164	24940 (HETZNER-AS) (HETZNER-AS)
2	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
4	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4	136.243.149.243 136.243.149.243	24940 (HETZNER-AS) (HETZNER-AS)
3	176.9.26.250 176.9.26.250	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
7	37.157.6.252 37.157.6.252	198622 (ADFORM) (ADFORM)
32	37.157.6.234 37.157.6.234	198622 (ADFORM) (ADFORM)
9	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
131	26

13 79.124.75.51 (Bulgaria)

ASN31083 (TELEPOINT, BG)
PTR: ip-75-51.telehouse.bg

blog.framar.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.framar.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scontent.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c01::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3031::ac43:990b (United States)

ASN13335 (CLOUDFLARENET, US)

rating-widget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.rating-widget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.rating-widget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.128.6.34 (Bulgaria) 1 redirects

ASN31083 (TELEPOINT, BG)
PTR: ip-6-34.telehouse.bg

gabg.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.237.56 (France)

ASN16276 (OVH, FR)
PTR: ip56.ip-145-239-237.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.29.134.249 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.201.63.164 (Hockenheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.29.134.248 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 136.243.149.243 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.243.149.243.136.clients.your-server.de

hal900030.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 176.9.26.250 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.250.26.9.176.clients.your-server.de

hal900014.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.157.6.252 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 37.157.6.234 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	adform.net track.adform.net s1.adform.net	347 KB
16	googlesyndication.com 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	74 KB
13	framar.bg blog.framar.bg static.framar.bg	124 KB
11	mathtag.com tags.mathtag.com pixel.mathtag.com sync.mathtag.com	8 KB
9	facebook.com www.facebook.com	164 KB
9	redintelligence.net hal9000.redintelligence.net hal900030.redintelligence.net hal900014.redintelligence.net	14 KB
9	rating-widget.com rating-widget.com secure.rating-widget.com img.rating-widget.com	60 KB
7	doubleclick.net 1 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net	139 KB
5	gemius.pl 1 redirects gabg.hit.gemius.pl ls.hit.gemius.pl	15 KB
4	googletagservices.com www.googletagservices.com	131 KB
3	google.com 1 redirects www.google.com adservice.google.com	2 KB
2	fbcdn.net scontent.xx.fbcdn.net	12 KB
2	googleapis.com ajax.googleapis.com	64 KB
2	google.se www.google.se adservice.google.se	1 KB
2	google-analytics.com 1 redirects ssl.google-analytics.com	17 KB
2	facebook.net connect.facebook.net	78 KB
131	16

	Domain	Requested by
32	s1.adform.net	track.adform.net s1.adform.net blog.framar.bg
9	www.facebook.com	connect.facebook.net www.facebook.com
8	tpc.googlesyndication.com	blog.framar.bg 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com
7	track.adform.net	hal900030.redintelligence.net hal900014.redintelligence.net s1.adform.net
7	static.framar.bg	blog.framar.bg static.framar.bg
6	rating-widget.com	blog.framar.bg rating-widget.com
6	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net blog.framar.bg
6	blog.framar.bg	blog.framar.bg static.framar.bg
5	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
5	tags.mathtag.com	blog.framar.bg tags.mathtag.com 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
4	hal900030.redintelligence.net	hal9000.redintelligence.net hal900030.redintelligence.net
4	sync.mathtag.com	tags.mathtag.com sync.mathtag.com 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
4	gabg.hit.gemius.pl	1 redirects blog.framar.bg gabg.hit.gemius.pl
4	www.googletagservices.com	blog.framar.bg securepubads.g.doubleclick.net 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
3	hal900014.redintelligence.net	hal9000.redintelligence.net hal900014.redintelligence.net
3	5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	scontent.xx.fbcdn.net	www.facebook.com
2	secure.rating-widget.com	rating-widget.com
2	ajax.googleapis.com	hal900030.redintelligence.net hal900014.redintelligence.net
2	pixel.mathtag.com	tags.mathtag.com
2	hal9000.redintelligence.net	blog.framar.bg
2	www.google.com	1 redirects tpc.googlesyndication.com
2	ssl.google-analytics.com	1 redirects blog.framar.bg
2	connect.facebook.net	blog.framar.bg connect.facebook.net
1	img.rating-widget.com	rating-widget.com
1	ls.hit.gemius.pl	gabg.hit.gemius.pl
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.se	securepubads.g.doubleclick.net
1	www.google.se	blog.framar.bg
1	stats.g.doubleclick.net	1 redirects
131	30

This site contains links to these domains. Also see Links.

Domain
www.framar.bg
apteka.framar.bg
media.framar.bg
medpedia.framar.bg
diagnostic.framar.bg
problem.framar.bg
history.framar.bg
hranene.framar.bg
saveti.framar.bg
lifestyle.framar.bg
sport.framar.bg
psychology.framar.bg
rating-widget.com
spravochnik.framar.bg
cmsvoteup.com
www.bda.bg
bg.wordpress.org

Subject Issuer	Validity	Valid
blog.framar.bg R3	`2021-08-15` - `2021-11-13`	3 months	crt.sh
framar.bg R3	`2021-09-21` - `2021-12-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-09` - `2021-12-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google.se GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-23` - `2022-06-22`	a year	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2021-09-08` - `2022-09-25`	a year	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
redintelligence.net R3	`2021-08-20` - `2021-11-18`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Frame ID: 71C44161FDF3E84540D8E3CA8032011F
Requests: 40 HTTP requests in this frame

Frame: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4DE4E235A9C8A9C984F0B88340D725F4
Requests: 1 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: 6C229D1DFD837F432AFB1804A7E10E91
Requests: 1 HTTP requests in this frame

Frame: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6053960AA328E331AA29091413FE435B
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLcTwaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBO4BT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QJnbdUrYTUvYbRC_3mZjjYTVVOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTM1NTU1NjA5MDk3NzYzMjUYi4Vw&sigh=ZtOzMXvJ870&tpd=AGWhJmv4KACLCmm1kSD6mCBhnnQWXtY54Qd0x0yHWiHgkfnXQAnBH2xTnrXlYBxUwjF3Q-rg6svyZ1Nj7WDvQSZlPypCQJAp71B_y0Iz_MJ7GAyANXlEPIf_bAIibhJgIGkxEcKAJ52buT_UM9YqOyZdweBJYn7U9LPu6hCSRS5D0qfd_Lsgp1TjqKG-7bvQdyVucLb0gTwdA0uWCrsybQfBpAzVgl9ockzP07QPR-WLVpaqReAogrOpo4OMOIZZCasMddfH8sJRt-qdausMs9OA32_Ufg0w2uDFGmEMXbPNXsPAFVu03Sg-19vFEgsTCD-1U1X7mwU768N637bby6R7lqO4RJaiBiK-DmJCqMr00H3y-JYtMz45UZjFo7ZHMYDJJOyTKSqOn0J_3Em0cA5qxSY1yxPsXIZwLCgP-hx2BCFijTIo4C9SQx2p6d2MuRtuqr3trG_NCI6762Ewvf-jBS3RBBhWKr18o2xiQfBF1LJv8RhigS9yx4aoJfEWj-8D2OfRr4dSO0QgsBrwrL_1AGM2YlSSVPg1A2R0U0ob6E4lts2x82dOn67921Sh784xDGpr2vJh6LzPrwIStYTyGf8U7yyruMV2xYXcb39G6445OxXF8MVnuqRFjWuvcUTVcGUdIIrHMXE5poxoWczdzlupD5oY1_uhJjF7xKYRD7jBcFzp5vYu9Hwj59ok3hHad_imC4d890S042dffwRRrYk3ZhMVAHvy46p9F_YO_cwExmhDJ1dvFwIkq5VO9DI9OlG2Mrq1jB1aTkMImKexunt1_mSu2hFEXaPWZdBMNRscCdVy5zUtmX8dP-ysNvm1jYpDzEsT2QWBKtNDd9CQpJpnVNXBKBCPOr6YLLA0lylysewen3KtvMBFj66JUT3vFzl6Kqbnyov16Lh5iO7xfNdpQ-v8tG6UEqD0hSSezpSRSIpR-rd_-M4xomDhsarQFvJw4LpLmtAfqvuwkNCOikZYCFbseDx3fikJcsfhWSvO_bhncmoejoGEDWrUP0aIG-Re_Atmzep5CyhN9ZenJ9IVoZu0lWIoa_5pDK56jleoFLtao_I14dlcDIOv9ExlOSG-Un99jaUCRJVkKA
Frame ID: 633D975E2EDC90AD7F0343B8BF202473
Requests: 13 HTTP requests in this frame

Frame: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D81033B1CE464929BA57508DE2D5E556
Requests: 14 HTTP requests in this frame

Frame: https://hal900030.redintelligence.net/request_content.php?s=90304900188436503168686011730030&a=7f093c78
Frame ID: E99082D4833A9912F8C2F5164011E7ED
Requests: 11 HTTP requests in this frame

Frame: https://hal900014.redintelligence.net/request_content.php?s=15855100179878603168684011730014&a=6664d659
Frame ID: 552F2A89F5DF128190CD3D0A11AC89DA
Requests: 9 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/iframe?mt_uuid=c1576151-e96b-4101-a444-97783f93e57e&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder
Frame ID: C9C19EA83D2B27A0376182ABBB7822DA
Requests: 2 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/169192/10266099/10266099.js?ADFassetID=10266099&bv=514
Frame ID: 1BB01EB8442531A9D3BC5E84A9018016
Requests: 14 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/169192/10266097/10266097.js?ADFassetID=10266097&bv=514
Frame ID: 05EB48581DCDCC96F3F1A2B05B853F4E
Requests: 14 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Frame ID: 2E5C11950975852A145CF7C092EC87AD
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: E35317832230E390D06B79D80B77416C
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C46CED36D102162B18295C68066DFC81
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

онанизъм | Здравен блог

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

All in One SEO Pack (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- All in One SEO Pack ([\d.]+)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js

Page Statistics

131
Requests

100 %
HTTPS

54 %
IPv6

16
Domains

30
Subdomains

26
IPs

7
Countries

1247 kB
Transfer

3139 kB
Size

16
Cookies

49 Outgoing links

These are links going to different origins than the main page.

URL: https://www.framar.bg/
Title: КЪМ FRAMAR.BG

Search URL Search Domain Scan URL

URL: https://www.framar.bg/contact.php
Title: КОНТАКТИ

Search URL Search Domain Scan URL

URL: https://www.framar.bg/%D0%B7%D0%B0-%D0%BD%D0%B0%D1%81
Title: ЗА FRAMAR.BG

Search URL Search Domain Scan URL

URL: https://www.framar.bg/%D0%BF%D0%BE%D1%80%D1%8A%D1%87%D0%BA%D0%B0

Search URL Search Domain Scan URL

URL: https://apteka.framar.bg/
Title: Е АПТЕКА

Search URL Search Domain Scan URL

URL: https://apteka.framar.bg/%D0%BF%D1%80%D0%BE%D0%BC%D0%BE%D1%86%D0%B8%D0%B8
Title: ПРОМОЦИИ

Search URL Search Domain Scan URL

URL: https://media.framar.bg/
Title: МЕДИА

Search URL Search Domain Scan URL

URL: https://medpedia.framar.bg/
Title: ЕНЦИКЛОПЕДИЯ

Search URL Search Domain Scan URL

URL: https://diagnostic.framar.bg/
Title: ДИАГНОСТИК

Search URL Search Domain Scan URL

URL: https://problem.framar.bg/
Title: ЗДРАВНИ ПРОБЛЕМИ

Search URL Search Domain Scan URL

URL: https://history.framar.bg/
Title: ИСТОРИЯ

Search URL Search Domain Scan URL

URL: https://hranene.framar.bg/
Title: ХРАНЕНЕ

Search URL Search Domain Scan URL

URL: https://saveti.framar.bg/
Title: СЪВЕТИ

Search URL Search Domain Scan URL

URL: https://lifestyle.framar.bg/
Title: LIFESTYLE

Search URL Search Domain Scan URL

URL: https://sport.framar.bg/
Title: СПОРТ

Search URL Search Domain Scan URL

URL: https://psychology.framar.bg/
Title: ПСИХОЛОГИЯ

Search URL Search Domain Scan URL

URL: https://media.framar.bg/%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%B2%D1%8E%D1%82%D0%B0/%D0%B4-%D1%80-%D1%82%D0%B8%D1%85%D0%BE%D0%BC%D0%B8%D1%80-%D0%BC%D1%83%D1%81%D1%82%D0%B0%D0%BA%D0%BE%D0%B2-%D0%B4%D0%B5%D1%82%D1%81%D0%BA%D0%B0%D1%82%D0%B0-%D0%B0%D1%81%D1%82%D0%BC%D0%B0-%D1%80%D0%BE%D0%BB%D1%8F%D1%82%D0%B0-%D0%BD%D0%B0-%D0%B0%D0%BB%D0%B5%D1%80%D0%B3%D0%B5%D0%BD%D0%B8%D1%82%D0%B5-%D0%B4%D0%BE%D0%BC%D0%B0%D1%88%D0%BD%D0%B8%D1%82%D0%B5-%D0%BC%D0%B8%D0%BA%D1%80%D0%BE%D0%BA%D1%8A%D1%80%D0%BB%D0%B5%D0%B6%D0%B8-%D0%B8-%D0%BA%D0%B0%D0%BA-%D0%B4%D0%B0-%D0%BF%D0%BE%D0%BC%D0%BE%D0%B3%D0%BD%D0%B5%D0%BC
Title: >> Д-р Мустаков - Детската астма, ролята на алергените и домашните микрокърлежи

Search URL Search Domain Scan URL

URL: https://rating-widget.com/my-rating-report/nero/thumbs/rating-4278415/

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B0%D0%BD%D0%B0%D1%82%D0%BE%D0%BC%D0%B8%D1%8F/%D1%85%D0%B8%D0%BF%D0%BE%D1%82%D0%B0%D0%BB%D0%B0%D0%BC%D1%83%D1%81#.TnR0WFkv9_4
Title: хипоталамусът

Search URL Search Domain Scan URL

URL: http://media.framar.bg/%D0%BB%D1%8E%D0%B1%D0%BE%D0%BF%D0%B8%D1%82%D0%BD%D0%BE/%D1%85%D0%B5%D1%82%D0%B5%D1%80%D0%BE-%D0%B8%D0%BB%D0%B8-%D1%85%D0%BE%D0%BC%D0%BE-%D0%B7%D0%B0%D0%B2%D0%B8%D1%81%D0%B8-%D0%BE%D1%82-%D1%81%D0%B5%D1%80%D0%BE%D1%82%D0%BE%D0%BD%D0%B8%D0%BD%D0%B0
Title: хомосексуалните мъже

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D1%81%D0%B8%D0%BC%D0%BF%D1%82%D0%BE%D0%BC%D0%B8/%D1%80%D0%B0%D0%BD%D0%B5%D0%BD-%D0%BF%D1%83%D0%B1%D0%B5%D1%80%D1%82%D0%B5%D1%82
Title: ранния пубертет

Search URL Search Domain Scan URL

URL: https://medpedia.framar.bg/%D1%81%D0%B8%D0%BC%D0%BF%D1%82%D0%BE%D0%BC%D0%B8
Title: симптом

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-f200-4/%D0%BF%D0%B0%D1%80%D0%B0%D0%BD%D0%BE%D0%B8%D0%B4%D0%BD%D0%B0-%D1%88%D0%B8%D0%B7%D0%BE%D1%84%D1%80%D0%B5%D0%BD%D0%B8%D1%8F#.TnR05Vkv9_4
Title: шизофреници

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-f30-3/%D0%BC%D0%B0%D0%BD%D0%B8%D0%B5%D0%BD-%D0%B5%D0%BF%D0%B8%D0%B7%D0%BE%D0%B4#.TnR1Dlkv9_4
Title: маниакално болни

Search URL Search Domain Scan URL

URL: http://spravochnik.framar.bg/%D0%BC%D0%B5%D0%B4%D0%B8%D1%86%D0%B8%D0%BD%D1%81%D0%BA%D0%B8-%D1%81%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D0%B8%D1%81%D1%82%D0%B8/%D1%85%D1%83%D0%BC%D0%B0%D0%BD%D0%BD%D0%B8-%D0%BB%D0%B5%D0%BA%D0%B0%D1%80%D0%B8/%D0%BF%D1%81%D0%B8%D1%85%D0%B8%D0%B0%D1%82%D1%80%D0%B8%D1%8F
Title: Психиатрите

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-f654-4/%D0%BF%D0%B5%D0%B4%D0%BE%D1%84%D0%B8%D0%BB%D0%B8%D1%8F
Title: педофилията

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-b23-3/%D0%B1%D0%BE%D0%BB%D0%B5%D1%81%D1%82-%D0%BF%D1%80%D0%B5%D0%B4%D0%B8%D0%B7%D0%B2%D0%B8%D0%BA%D0%B0%D0%BD%D0%B0-%D0%BE%D1%82-%D0%B2%D0%B8%D1%80%D1%83%D1%81%D0%B0-%D0%BD%D0%B0-%D1%87%D0%BE%D0%B2%D0%B5%D1%88%D0%BA%D0%B8%D1%8F-%D0%B8%D0%BC%D1%83%D0%BD%D0%BE%D0%B4%D0%B5%D1%84%D0%B8%D1%86%D0%B8%D1%82-hiv-%D0%BF%D1%80%D0%BE%D1%8F%D0%B2%D1%8F%D0%B2%D0%B0%D1%89%D0%B0-%D1%81%D0%B5-%D0%BA%D0%B0%D1%82%D0%BE-%D0%B4%D1%80%D1%83%D0%B3%D0%B8-%D1%81%D1%8A%D1%81%D1%82%D0%BE%D1%8F%D0%BD%D0%B8%D1%8F-%D0%B2%D1%80%D0%BE%D0%B4%D0%B5%D0%BD-%D1%81%D0%BF%D0%B8%D0%BD#.TnR3G1kv9_4
Title: СПИН

Search URL Search Domain Scan URL

URL: http://apteka.framar.bg/30018325/%D1%82%D0%BE%D1%80%D0%BF%D0%B8%D0%B4%D0%BE-%D0%BE%D0%B2%D0%BB%D0%B0%D0%B6%D0%BD%D1%8F%D0%B2%D0%B0%D1%89-%D0%B3%D0%B5%D0%BB-easy-50-%D0%BC%D0%BB
Title: секс в ануса

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-d290-4/%D0%BF%D0%B5%D0%BD%D0%B8%D1%81#.TnR33lkv9_4
Title: пениса

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B0%D0%BD%D0%B0%D1%82%D0%BE%D0%BC%D0%B8%D1%8F/%D0%B2%D0%BB%D0%B0%D0%B3%D0%B0%D0%BB%D0%B8%D1%89%D0%B5#.TnR4D1kv9_4
Title: влагалището

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B0%D0%BD%D0%B0%D1%82%D0%BE%D0%BC%D0%B8%D1%8F/%D0%B6%D0%B5%D0%BD%D1%81%D0%BA%D0%B0-%D0%BF%D0%BE%D0%BB%D0%BE%D0%B2%D0%B0-%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0
Title: за да се оплоди яйцеклетката

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-d129-4/%D0%B0%D0%BD%D1%83%D1%81-%D0%B8-%D0%B0%D0%BD%D0%B0%D0%BB%D0%B5%D0%BD-%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB#.TnR3gFkv9_4
Title: ануса

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B0%D0%BD%D0%B0%D1%82%D0%BE%D0%BC%D0%B8%D1%8F/%D1%85%D0%B8%D1%81%D1%82%D0%BE%D0%BB%D0%BE%D0%B3%D0%B8%D1%87%D0%BD%D0%BE-%D1%83%D1%81%D1%82%D1%80%D0%BE%D0%B9%D1%81%D1%82%D0%B2%D0%BE-%D0%BD%D0%B0-%D1%87%D0%B5%D1%80%D0%B2%D0%B0%D1%82%D0%B0
Title: черво

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-n34-3/%D1%83%D1%80%D0%B5%D1%82%D1%80%D0%B8%D1%82-%D0%B8-%D1%83%D1%80%D0%B5%D1%82%D1%80%D0%B0%D0%BB%D0%B5%D0%BD-%D1%81%D0%B8%D0%BD%D0%B4%D1%80%D0%BE%D0%BC#.TnR5Blkv9_4
Title: уретрити

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D1%81%D0%B8%D0%BC%D0%BF%D1%82%D0%BE%D0%BC%D0%B8/%D0%B1%D0%B5%D0%B7%D0%BF%D0%BB%D0%BE%D0%B4%D0%B8%D0%B5
Title: безплодие

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D1%81%D0%B8%D0%BC%D0%BF%D1%82%D0%BE%D0%BC%D0%B8/%D0%B8%D0%BC%D0%BF%D0%BE%D1%82%D0%B5%D0%BD%D1%82%D0%BD%D0%BE%D1%81%D1%82
Title: импотентност

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D1%81%D0%B8%D0%BC%D0%BF%D1%82%D0%BE%D0%BC%D0%B8/%D1%81%D0%BB%D0%B0%D0%B1%D0%BE%D1%81%D1%82-%D0%BD%D0%B0-%D0%B0%D0%BD%D0%B0%D0%BB%D0%BD%D0%B8%D1%8F-%D1%81%D1%84%D0%B8%D0%BD%D0%BA%D1%82%D0%B5%D1%80-%D0%BF%D1%80%D0%B8-%D0%B2%D1%8A%D0%B7%D1%80%D0%B0%D1%81%D1%82%D0%BD%D0%B8
Title: Аналният сфинктер

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-o921-4/%D0%BD%D0%B0%D0%BF%D1%83%D0%BA%D0%B0%D0%BD%D0%B0-%D0%BC%D0%B0%D0%BC%D0%B8%D0%BB%D0%B0-%D1%80%D0%B0%D0%B3%D0%B0%D0%B4%D0%B8#.TnR52lkv9_4
Title: рагадите

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-k60-3/%D1%84%D0%B8%D1%81%D1%83%D1%80%D0%B0-%D0%B8-%D1%84%D0%B8%D1%81%D1%82%D1%83%D0%BB%D0%B0-%D0%BD%D0%B0-%D0%B0%D0%BD%D1%83%D1%81%D0%B0-%D0%B8-%D1%80%D0%B5%D0%BA%D1%82%D1%83%D0%BC%D0%B0#.TnR58lkv9_4
Title: фисурите

Search URL Search Domain Scan URL

URL: http://media.framar.bg/%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%BD%D0%B8-%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8/%D0%B8%D0%BD%D0%B4%D0%B8%D1%8F-%D1%80%D0%B0%D0%B7%D0%B3%D0%BD%D0%B5%D0%B2%D0%B8-%D0%B1%D0%BE%D1%80%D1%86%D0%B8%D1%82%D0%B5-%D0%B7%D0%B0-%D0%BF%D1%80%D0%B0%D0%B2%D0%B0%D1%82%D0%B0-%D0%BD%D0%B0-%D1%81%D0%B5%D0%BA%D1%81%D1%83%D0%B0%D0%BB%D0%BD%D0%B8%D1%82%D0%B5-%D0%BC%D0%B0%D0%BB%D1%86%D0%B8%D0%BD%D1%81%D1%82%D0%B2%D0%B0
Title: Отношението

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-f652-4/%D0%B5%D0%BA%D1%81%D1%85%D0%B8%D0%B1%D0%B8%D1%86%D0%B8%D0%BE%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC#.TnR6Z1kv9_4
Title: ексхибиционизмът

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-f66-3/%D0%BF%D1%81%D0%B8%D1%85%D0%BE%D0%BB%D0%BE%D0%B3%D0%B8%D1%87%D0%BD%D0%B8-%D0%B8-%D0%BF%D0%BE%D0%B2%D0%B5%D0%B4%D0%B5%D0%BD%D1%87%D0%B5%D1%81%D0%BA%D0%B8-%D1%80%D0%B0%D0%B7%D1%81%D1%82%D1%80%D0%BE%D0%B9%D1%81%D1%82%D0%B2%D0%B0-%D1%81%D0%B2%D1%8A%D1%80%D0%B7%D0%B0%D0%BD%D0%B8-%D1%81%D1%8A%D1%81-%D1%81%D0%B5%D0%BA%D1%81%D1%83%D0%B0%D0%BB%D0%BD%D0%BE%D1%82%D0%BE-%D1%80%D0%B0%D0%B7%D0%B2%D0%B8%D1%82%D0%B8%D0%B5-%D0%B8-%D0%BD%D0%B0%D1%81%D0%BE%D1%87%D0%B5%D0%BD%D0%BE%D1%81%D1%82
Title: вибратори

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%BB%D0%B5%D1%87%D0%B5%D0%BD%D0%B8%D1%8F/%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%B5%D0%BD-%D1%81%D0%B5%D0%BA%D1%81
Title: Мастурбацията (онанизмът)

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-f650-4/%D1%84%D0%B5%D1%82%D0%B8%D1%88%D0%B8%D0%B7%D1%8A%D0%BC
Title: фетишизмът

Search URL Search Domain Scan URL

URL: http://medpedia.framar.bg/%D0%B7%D0%B0%D0%B1%D0%BE%D0%BB%D1%8F%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F/%D0%BC%D0%BA%D0%B1-f653-4/%D0%B2%D0%BE%D0%B0%D0%B9%D0%BE%D1%80%D1%81%D1%82%D0%B2%D0%BE
Title: воайорството

Search URL Search Domain Scan URL

URL: http://media.framar.bg/%D0%BB%D1%8E%D0%B1%D0%BE%D0%BF%D0%B8%D1%82%D0%BD%D0%BE/%D0%B2%D0%BA%D1%83%D1%81%D1%8A%D1%82-%D0%BD%D0%B8-%D0%BE%D1%82%D1%81%D0%BB%D0%B0%D0%B1%D0%B2%D0%B0-%D1%81%D0%BB%D0%B5%D0%B4-45-%D0%B3-#.TnR7Nlkv9_4
Title: копрофагията

Search URL Search Domain Scan URL

URL: http://cmsvoteup.com/joomla-extensions/facebook-like-box-like-recommendation-for-joomla-wordpress/
Title: *

Search URL Search Domain Scan URL

URL: https://www.bda.bg/images/stories/documents/registers/Spisak_LP_Internet%20apteki-%D0%B0%D0%BA%D1%82%D1%83%D0%B0%D0%BB%D0%B5%D0%BD.xls

Search URL Search Domain Scan URL

URL: http://bg.wordpress.org/
Title: Задвижвано с гордост от WordPress

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1816330893&utmhn=blog.framar.bg&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC%20%7C%20%D0%97%D0%B4%D1%80%D0%B0%D0%B2%D0%B5%D0%BD%20%D0%B1%D0%BB%D0%BE%D0%B3&utmhid=278587607&utmr=-&utmp=%2Ftag%2F%2525D0%2525BE%2525D0%2525BD%2525D0%2525B0%2525D0%2525BD%2525D0%2525B8%2525D0%2525B7%2525D1%25258A%2525D0%2525BC%2F&utmht=1632758122684&utmac=UA-3815385-4&utmcc=__utma%3D24869737.1014289140.1632758123.1632758123.1632758123.1%3B%2B__utmz%3D24869737.1632758123.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=976465975&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3815385-4&cid=1014289140.1632758123&jid=976465975&_v=5.7.2&z=1816330893 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3815385-4&cid=1014289140.1632758123&jid=976465975&_v=5.7.2&z=1816330893 HTTP 302
https://www.google.se/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3815385-4&cid=1014289140.1632758123&jid=976465975&_v=5.7.2&z=1816330893&slf_rd=1&random=1889059231

Request Chain 35

https://gabg.hit.gemius.pl/_1632758123090/rexdot.js?l=100&id=zaBA3WMQRyA8wbYnZ5bSn8Q8LSqK1oNiyNunQsdLadb.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fblog.framar.bg%2Ftag%2F%25D0%25BE%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B7%25D1%258A%25D0%25BC%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=148&lsdata=79AVXGkNHevdzzVfjY7Rr0Cjr0xjRM7Uvqz3uEL6UUr.b7ynZG1ZKyJgxieq3w95c.387UW25ic74UY2sdJ4y38nEupZ/bFNkfJ_EV5Scy/&fpdata=qofaMb9vKIMg70fSwq92KT1HVupB6Gb26SIE1AbzNxL.M7&vis=1&fpcap= HTTP 301
https://gabg.hit.gemius.pl/__/_1632758123090/rexdot.js?l=100&id=zaBA3WMQRyA8wbYnZ5bSn8Q8LSqK1oNiyNunQsdLadb.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fblog.framar.bg%2Ftag%2F%25D0%25BE%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B7%25D1%258A%25D0%25BC%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=148&lsdata=79AVXGkNHevdzzVfjY7Rr0Cjr0xjRM7Uvqz3uEL6UUr.b7ynZG1ZKyJgxieq3w95c.387UW25ic74UY2sdJ4y38nEupZ/bFNkfJ_EV5Scy/&fpdata=qofaMb9vKIMg70fSwq92KT1HVupB6Gb26SIE1AbzNxL.M7&vis=1&fpcap=

131 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/ 78 KB
22 KB 350ms
220ms Document
text/html 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-75-51.telehouse.bg
Software: Apache /
Resource Hash: 645a8c715ae7c537a08f043476f70d9810adcbd201b54b28274b1a8986c13a91

Request headers

Host: blog.framar.bg
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
Server: Apache
X-Pingback: https://blog.framar.bg/xmlrpc.php
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=0
Expires: Mon, 27 Sep 2021 15:55:22 GMT
Keep-Alive: timeout=2, max=800
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK style.css
blog.framar.bg/wp-content/themes/twentyeleven/ 35 KB
7 KB 50ms
38ms Stylesheet
text/css 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.framar.bg/wp-content/themes/twentyeleven/style.css
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-75-51.telehouse.bg
Software: Apache /
Resource Hash: 5ab5b66b7a9e4464ef09ef2aaa5d25b55b01dc879e93459bdd31c05d7591b0de

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.framar.bg
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 Jul 2015 07:54:13 GMT
Server: Apache
ETag: "8c43-51c272031f340-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=799
Content-Length: 7167
Expires: Mon, 04 Oct 2021 15:55:22 GMT

GET
H/1.1 200
OK menu.css
static.framar.bg/external/ 7 KB
3 KB 229ms
38ms Stylesheet
text/css 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://static.framar.bg/external/menu.css

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),

Reverse DNS

ip-75-51.telehouse.bg

Software

Apache /

Resource Hash

0d4a998b05253d057fe846922c70a77ae0e3253f657397355ae7d2d9c7d76200

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.framar.bg/ 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 2065
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 12 Jun 2017 10:35:04 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/css
Cache-Control: max-age=315360000, public
Permissions-Policy: microphone=(), camera=()
Content-Security-Policy: frame-ancestors https://*.framar.bg/ 'self';
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=800
Expires: Tue, 27 Sep 2022 15:55:22 GMT

GET
H/1.1 200
OK polls-css.css
blog.framar.bg/wp-content/plugins/wp-polls/ 3 KB
1 KB 88ms
37ms Stylesheet
text/css 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.framar.bg/wp-content/plugins/wp-polls/polls-css.css?ver=2.50
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-75-51.telehouse.bg
Software: Apache /
Resource Hash: e19d213c057942a2e0ae03e3dc048e9810632519ca0ccddd102b8c5b7fc7fca1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.framar.bg
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2011 11:47:04 GMT
Server: Apache
ETag: "b13-4b22921019e00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=798
Content-Length: 738
Expires: Mon, 04 Oct 2021 15:55:22 GMT

GET
H/1.1 200
OK jquery.js Show response
blog.framar.bg/wp-includes/js/jquery/ 92 KB
33 KB 115ms
42ms Script
text/javascript 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.framar.bg/wp-includes/js/jquery/jquery.js?ver=1.7.1
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-75-51.telehouse.bg
Software: Apache /
Resource Hash: dd19215106d1bee1b9d13937997f17e1938a743f1a8cf7d7f793ab9534ddcc47

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.framar.bg
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Dec 2013 14:09:44 GMT
Server: Apache
ETag: "16ec1-4ede3b69dda00-gzip"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=800
Content-Length: 33146
Expires: Mon, 04 Oct 2021 15:55:22 GMT

GET
H/1.1 200
OK jquery-1.10.2.min.js Show response
static.framar.bg/js/ 91 KB
33 KB 233ms
43ms Script
text/javascript 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://static.framar.bg/js/jquery-1.10.2.min.js

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),

Reverse DNS

ip-75-51.telehouse.bg

Software

Apache /

Resource Hash

29c9e8752f25b17961e3c6ff72de34b1f1a157dfc5fabb68bd148b8ec9002b17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.framar.bg/ 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 32812
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 04 Nov 2014 15:56:59 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/javascript
Cache-Control: max-age=315360000, private
Permissions-Policy: microphone=(), camera=()
Content-Security-Policy: frame-ancestors https://*.framar.bg/ 'self';
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=800
Expires: Mon, 04 Oct 2021 15:55:22 GMT

GET
H/1.1 200
OK menu.js Show response
static.framar.bg/external/ 4 KB
2 KB 229ms
39ms Script
text/javascript 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://static.framar.bg/external/menu.js

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),

Reverse DNS

ip-75-51.telehouse.bg

Software

Apache /

Resource Hash

4877edd3f00cede4caf41008365a69f6b8d33a8d4719c3c610d741fa7fc9b1a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.framar.bg/ 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 1349
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 20 May 2019 09:56:02 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/javascript
Cache-Control: max-age=315360000, private
Permissions-Policy: microphone=(), camera=()
Content-Security-Policy: frame-ancestors https://*.framar.bg/ 'self';
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=800
Expires: Mon, 04 Oct 2021 15:55:22 GMT

GET
H/1.1 200
OK framar_logo.png
static.framar.bg/images/ 1 KB
2 KB 39ms
38ms Image
image/png 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.framar.bg/images/framar_logo.png

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),

Reverse DNS

ip-75-51.telehouse.bg

Software

Apache /

Resource Hash

5c95b7ae9972bc9c9da2fa44ba13d8c2198a2e588e2138cf2688d594c8921eab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.framar.bg/ 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 1159
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 10 Jun 2019 07:00:48 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=315360000, public
Permissions-Policy: microphone=(), camera=()
Content-Security-Policy: frame-ancestors https://*.framar.bg/ 'self';
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=799
Expires: Tue, 27 Sep 2022 15:55:22 GMT

GET
H/1.1 200
OK transp.png
static.framar.bg/images/ 70 B
728 B 40ms
38ms Image
image/png 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.framar.bg/images/transp.png

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),

Reverse DNS

ip-75-51.telehouse.bg

Software

Apache /

Resource Hash

67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.framar.bg/ 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 70
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 10 Jun 2019 06:28:20 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=315360000, public
Permissions-Policy: microphone=(), camera=()
Content-Security-Policy: frame-ancestors https://*.framar.bg/ 'self';
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=799
Expires: Tue, 27 Sep 2022 15:55:22 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 73 KB
26 KB 40ms
16ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d835122a58bf56f6fd417806aa9126438c1ea14b73f18f8c38cf3f7a637bc99e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "999 / 692 of 1000 / last-modified: 1632741118"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25704
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 23ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a221432bdb6cee7662efcdcc6db94a1304406478b7993d35f2e23ee192ceb074

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 9LQX/ExKXuH7HE6wUFpPSQ==
cross-origin-resource-policy: cross-origin
expires: Mon, 27 Sep 2021 15:58:44 GMT
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: aZO/mGYa9/Ibnc7sUqiVQFEFU5E7KyVOWXHujzutHi5d/AYsynMloqaxqn2MBWmAuA6xkcW+XxePB4EXWcbQ5w==
x-fb-trip-id: 2050670934
x-fb-content-md5: 34d1c89ba017aaf71671f7cb17a47f18
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 27 Sep 2021 15:55:22 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "fcc808fd9c93fcf2dac514c64f7d33ae"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK bda.png
static.framar.bg/images/ 2 KB
3 KB 40ms
39ms Image
image/png 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.framar.bg/images/bda.png

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),

Reverse DNS

ip-75-51.telehouse.bg

Software

Apache /

Resource Hash

8263864e18c9b475b1d046c835fcb0f3cd2d2e2109621879724404d8f17ed47e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.framar.bg/ 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 2449
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 10 Jun 2019 07:00:48 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=315360000, public
Permissions-Policy: microphone=(), camera=()
Content-Security-Policy: frame-ancestors https://*.framar.bg/ 'self';
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=799
Expires: Tue, 27 Sep 2022 15:55:22 GMT

GET
H/1.1 200
OK polls-js.js Show response
blog.framar.bg/wp-content/plugins/wp-polls/ 3 KB
1 KB 38ms
37ms Script
text/javascript 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.framar.bg/wp-content/plugins/wp-polls/polls-js.js?ver=2.50
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-75-51.telehouse.bg
Software: Apache /
Resource Hash: 247f1fe604ab9c3fc20d0a19e277e2206c6f4bdbbd7cf144d463476a13400de2

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.framar.bg
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Dec 2013 14:09:42 GMT
Server: Apache
ETag: "c8e-4ede3b67f5580-gzip"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=799
Content-Length: 644
Expires: Mon, 04 Oct 2021 15:55:22 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 56ms
7ms Script
text/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 3475
date: Mon, 27 Sep 2021 14:57:27 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 27 Sep 2021 16:57:27 GMT

GET
H/1.1 200
OK framar_sprite.png
static.framar.bg/images/ 15 KB
16 KB 77ms
39ms Image
image/png 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.framar.bg/images/framar_sprite.png

Requested by

Host: static.framar.bg
URL: https://static.framar.bg/external/menu.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),

Reverse DNS

ip-75-51.telehouse.bg

Software

Apache /

Resource Hash

e48ea662d2d2521888344e663b744ba91b204a2111ea21a5132cd005fdd37a6f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.framar.bg/ 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://static.framar.bg/external/menu.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:22 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 15284
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 10 Jun 2019 07:00:48 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=315360000, public
Permissions-Policy: microphone=(), camera=()
Content-Security-Policy: frame-ancestors https://*.framar.bg/ 'self';
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=798
Expires: Tue, 27 Sep 2022 15:55:22 GMT

GET
H2 200 pubads_impl_2021092101.js Show response
securepubads.g.doubleclick.net/gpt/ 336 KB
118 KB 36ms
14ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

9cddc4e1c7049c1e45ebb678a8a47bb3b67dfa86009c877de6a9e6da0cfae474

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.framar.bg/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 27 Sep 2021 15:55:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120556
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 08:37:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H2

200

ga-audiences
www.google.se/ads/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1816330893&utmhn=blog.framar.bg&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%B...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3815385-4&cid=1014289140.1632758123&jid=976465975&_v=5.7.2&z=1816330893
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3815385-4&cid=1014289140.1632758123&jid=976465975&_v=5.7.2&z=1816330893
https://www.google.se/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3815385-4&cid=1014289140.1632758123&jid=976465975&_v=5.7.2&z=1816330893&slf_rd=1&random=1889059231

42 B
522 B

54ms
32ms

Image
image/gif

2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.se/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3815385-4&cid=1014289140.1632758123&jid=976465975&_v=5.7.2&z=1816330893&slf_rd=1&random=1889059231

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:22 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://www.google.se/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3815385-4&cid=1014289140.1632758123&jid=976465975&_v=5.7.2&z=1816330893&slf_rd=1&random=1889059231
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.se/adsid/ 107 B
853 B 41ms
18ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.se/adsid/integrator.js?domain=blog.framar.bg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Sep 2021 15:55:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 38ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=blog.framar.bg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Sep 2021 15:55:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 450 B
745 B 135ms
135ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4009601423321733&correlator=1741613483364101&output=ldjh&impl=fif&eid=31062917&vrg=2021092101&ptt=17&sc=1&sfv=1-0-38&ecs=20210927&iu_parts=21812339056%2C300-250-upperright&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=2&cookie_enabled=1&bc=31&abxe=1&lmt=1632758122&dt=1632758122749&dlt=1632758122315&idt=414&frm=20&biw=1600&bih=1200&oid=3&adxs=1000&adys=210&adks=2862029501&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fblog.framar.bg%2Ftag%2F%25D0%25BE%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B7%25D1%258A%25D0%25BC%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x19&msz=300x0&ga_vid=1014289140.1632758123&ga_sid=1632758123&ga_hid=278587607&ga_fc=true&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a8f93563142940bae03d6f127114aae69df43edffab854a5b0db4fedb0460f35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 236
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://blog.framar.bg
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4DE4 6 KB
4 KB 78ms
21ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.framar.bg/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 27 Sep 2021 15:55:22 GMT
expires: Tue, 27 Sep 2022 15:55:22 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
10 KB 229ms
229ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4009601423321733&correlator=1741613483364101&output=ldjh&impl=fif&eid=31062917&vrg=2021092101&ptt=17&sc=1&sfv=1-0-38&ecs=20210927&iu_parts=21812339056%2CBaner300600&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&eri=2&cookie_enabled=1&bc=31&abxe=1&lmt=1632758122&dt=1632758122757&dlt=1632758122315&idt=414&frm=20&biw=1600&bih=1200&oid=3&adxs=1000&adys=256&adks=782357956&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fblog.framar.bg%2Ftag%2F%25D0%25BE%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B7%25D1%258A%25D0%25BC%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x19&msz=300x0&ga_vid=1014289140.1632758123&ga_sid=1632758123&ga_hid=278587607&ga_fc=true&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

07f313d7a1f3b5c7ae406837c76c1a2ba16b4737a3e35c6117b4ec29c91cb9d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9959
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://blog.framar.bg
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 263 KB
75 KB 22ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=3f9dba2d0bdff43bfbf86e051b4b9c4f

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

06a9ef06d7f43dd23bf5213842b18e005e0a69753c3f41d2bfad9dd345ec6a10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.framar.bg/
Origin: https://blog.framar.bg
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: E9jr3I3IRc5hfNaUgZL1TQ==
content-security-policy-report-only: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy: cross-origin
expires: Tue, 27 Sep 2022 14:51:18 GMT
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 76149
x-fb-rlafr: 0
x-fb-debug: shsrbe7ufal0/RbtPi5rN3uOwv7/3Mk8WY9rUffkCVX1dUuB6xStG+6Jv68ndQYDk/GDJI/+X8MYGnUAeBIAAA==
x-fb-trip-id: 917726464
x-fb-content-md5: b509cc840afee57233680f930c372d7e
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 27 Sep 2021 15:55:22 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "450bb9e425154ceef8fdf41b617b6db7"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 310ms
309ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4009601423321733&correlator=1741613483364101&output=ldjh&impl=fif&eid=31062917&vrg=2021092101&ptt=17&sc=1&sfv=1-0-38&ecs=20210927&iu_parts=21812339056%2Cbaner_pod_statiqta_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=2&cookie_enabled=1&bc=31&abxe=1&lmt=1632758122&dt=1632758122794&dlt=1632758122315&idt=414&frm=20&biw=1600&bih=1200&oid=3&adxs=1000&adys=1385&adks=2099235756&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fblog.framar.bg%2Ftag%2F%25D0%25BE%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B7%25D1%258A%25D0%25BC%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x19&msz=300x0&ga_vid=1014289140.1632758123&ga_sid=1632758123&ga_hid=278587607&ga_fc=true&fws=0&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

51fcde2bf09b7bf5856092c90d73c7b8e064fc92213a34ca0f7d22362e6df249

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9281
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://blog.framar.bg
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 external.min.php Show response
rating-widget.com/js/ 115 KB
34 KB 252ms
204ms Script
text/javascript 2606:4700:3031::ac43:990b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rating-widget.com/js/external.min.php

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:990b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

319cfe60bbe92497d3ad526fb4b252ed14f9f3e64e7493712382fba2ac21d97f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 28 May 2018 10:01:00 UTC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yIzx69hZK%2B9bqcV4XbwbiX3OBQ3YcqYjjaeHhWUEwhEh1ghnzK0qgg8Hz5tmoE70rtAf70YOxu6XwT3FuBfZKjoEKd1M4k6J7ECCfpOgZthlQRGCad0%2BC2VDV8ayBrdDbxnzvPwDgsozpUy35yQHVA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6955ea7bccce1772-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Tue, 28 May 2019 10:01:00 UTC

GET
H2 200 xgemius.js Show response
gabg.hit.gemius.pl/ 40 KB
11 KB 139ms
38ms Script
application/x-javascript 78.128.6.34
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://gabg.hit.gemius.pl/xgemius.js
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 78.128.6.34 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-6-34.telehouse.bg
Software: GHC /
Resource Hash: 99a336d42e4e130971fac5e498ac76a43d12fd0acb56a846543dfaa37eccb67c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:22 GMT
content-encoding: gzip
last-modified: Wed, 15 Sep 2021 10:02:32 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 10838
expires: Tue, 28 Sep 2021 03:55:22 GMT

GET
H2 200 fpdata.js Show response
gabg.hit.gemius.pl/ 278 B
392 B 37ms
37ms Script
application/x-javascript 78.128.6.34
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://gabg.hit.gemius.pl/fpdata.js?href=blog.framar.bg
Requested by: Host: gabg.hit.gemius.pl
URL: https://gabg.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 78.128.6.34 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-6-34.telehouse.bg
Software: GHC /
Resource Hash: 4991611448fbb90eb2e5ba4b56979809b6d1e96931e79d731267d3881033a808

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:22 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 278
expires: Wed, 27 Oct 2021 15:55:22 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 6C22 5 KB
3 KB 108ms
26ms Document
text/html 145.239.237.56
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gabg.hit.gemius.pl
URL: https://gabg.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 145.239.237.56 , France, ASN16276 (OVH, FR),
Reverse DNS: ip56.ip-145-239-237.eu
Software: GHC /
Resource Hash: e2104cca4a08657614070caf72abb0e42c3e34f106463eceb3177584eb607057

Request headers

:method: GET
:authority: ls.hit.gemius.pl
:scheme: https
:path: /lsget.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.framar.bg/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
expires: Wed, 27 Oct 2021 15:55:23 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2727
content-encoding: gzip

GET
H2 200 container.html Show response
5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6053 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.framar.bg/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 27 Sep 2021 15:55:22 GMT
expires: Tue, 27 Sep 2022 15:55:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a7ad5974f3d165d1a83149795afe792e241b0e6a41078c6e14bcecc5449934e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27652
x-xss-protection: 0
server: sffe
etag: "1632310961004595"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Mon, 27 Sep 2021 15:55:23 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 633D 0
0 33ms
32ms Fetch
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLcTwaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBO4BT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QJnbdUrYTUvYbRC_3mZjjYTVVOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTM1NTU1NjA5MDk3NzYzMjUYi4Vw&sigh=ZtOzMXvJ870&tpd=AGWhJmv4KACLCmm1kSD6mCBhnnQWXtY54Qd0x0yHWiHgkfnXQAnBH2xTnrXlYBxUwjF3Q-rg6svyZ1Nj7WDvQSZlPypCQJAp71B_y0Iz_MJ7GAyANXlEPIf_bAIibhJgIGkxEcKAJ52buT_UM9YqOyZdweBJYn7U9LPu6hCSRS5D0qfd_Lsgp1TjqKG-7bvQdyVucLb0gTwdA0uWCrsybQfBpAzVgl9ockzP07QPR-WLVpaqReAogrOpo4OMOIZZCasMddfH8sJRt-qdausMs9OA32_Ufg0w2uDFGmEMXbPNXsPAFVu03Sg-19vFEgsTCD-1U1X7mwU768N637bby6R7lqO4RJaiBiK-DmJCqMr00H3y-JYtMz45UZjFo7ZHMYDJJOyTKSqOn0J_3Em0cA5qxSY1yxPsXIZwLCgP-hx2BCFijTIo4C9SQx2p6d2MuRtuqr3trG_NCI6762Ewvf-jBS3RBBhWKr18o2xiQfBF1LJv8RhigS9yx4aoJfEWj-8D2OfRr4dSO0QgsBrwrL_1AGM2YlSSVPg1A2R0U0ob6E4lts2x82dOn67921Sh784xDGpr2vJh6LzPrwIStYTyGf8U7yyruMV2xYXcb39G6445OxXF8MVnuqRFjWuvcUTVcGUdIIrHMXE5poxoWczdzlupD5oY1_uhJjF7xKYRD7jBcFzp5vYu9Hwj59ok3hHad_imC4d890S042dffwRRrYk3ZhMVAHvy46p9F_YO_cwExmhDJ1dvFwIkq5VO9DI9OlG2Mrq1jB1aTkMImKexunt1_mSu2hFEXaPWZdBMNRscCdVy5zUtmX8dP-ysNvm1jYpDzEsT2QWBKtNDd9CQpJpnVNXBKBCPOr6YLLA0lylysewen3KtvMBFj66JUT3vFzl6Kqbnyov16Lh5iO7xfNdpQ-v8tG6UEqD0hSSezpSRSIpR-rd_-M4xomDhsarQFvJw4LpLmtAfqvuwkNCOikZYCFbseDx3fikJcsfhWSvO_bhncmoejoGEDWrUP0aIG-Re_Atmzep5CyhN9ZenJ9IVoZu0lWIoa_5pDK56jleoFLtao_I14dlcDIOv9ExlOSG-Un99jaUCRJVkKA
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 633D 3 KB
2 KB 73ms
21ms Script
application/x-javascript 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVdVek5XWXhaall0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyMDI3NzQzNTk3NzQ0NTUzNzcvOTM5OTQ5MC85MTMzMzc5LzQvamtFZ1F3dktkNDhsRUU2OVRmbVBrMzAzMXgwUk1ZaGxvT05sbE5RX3ZhZy8xLzQvMC8wLzE2NDYyOTMvMTUzOTc5ODUyOC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNjIwMjc3NDM1OTc3NDQ1NTM3Ny9hbXMvMC8xMDUzNC85Mi85OTkvMi85MS4xOTkuMTE4LjAvMC4wMDAvMTYzMjc1ODEyMi8xNjMyNzcwNzIyLzQvcHViLTM1NTU1NjA5MDk3NzYzMjUv/eoO75ZDt1vicN2v5XrmXouP-Dmg&nodeid=527&group=cdg&auctionid=6202774359774455377&shardkey=6202774359774455377&sid=9133379&cid=9399490&bp=a_cfcddj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.62&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCegmuaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBPEBT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QNvZeNh03e_f4LT3db4jInTIQNkkSOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qo2iDyx2MXC6w-wcpal7OMKaqaA%26client%3Dca-pub-3555560909776325%26adurl%3D
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.0 /
Resource Hash: bace408808ff965f81de29eeef9f592fcf11782c98569cad61a36a3b754f37ac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1632758122
Last-Modified: Mon, 27 Sep 2021 15:55:22 GMT
Server: MMBD/3.206.0
x-mm-latency: 6 (0)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x47, cdg-bidder-x67
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210922/r20110914/client/ Frame 633D 3 KB
1 KB 39ms
13ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210922/r20110914/client/window_focus_fy2019.js

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:45:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 569
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Oct 2021 15:45:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 633D 128 KB
39 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39662
x-xss-protection: 0
server: sffe
etag: "1632310973010379"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Mon, 27 Sep 2021 15:55:23 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210922/r20110914/client/ Frame 633D 14 KB
7 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210922/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8144ce2cd5918de3beabc8fd113ab560103033fae3956e093b688cda5732a50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:54:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6232
x-xss-protection: 0
server: cafe
etag: 15606800361334891596
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Oct 2021 15:54:25 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 633D 22 KB
7 KB 34ms
9ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 26 Sep 2021 10:01:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107637
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 26 Sep 2022 10:01:26 GMT

GET
H2

200

rexdot.js Show response
gabg.hit.gemius.pl/__/_1632758123090/
Redirect Chain

https://gabg.hit.gemius.pl/_1632758123090/rexdot.js?l=100&id=zaBA3WMQRyA8wbYnZ5bSn8Q8LSqK1oNiyNunQsdLadb.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fblog.framar...
https://gabg.hit.gemius.pl/__/_1632758123090/rexdot.js?l=100&id=zaBA3WMQRyA8wbYnZ5bSn8Q8LSqK1oNiyNunQsdLadb.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fblog.fra...

169 B
434 B

106ms
106ms

Script
application/x-javascript

78.128.6.34
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://gabg.hit.gemius.pl/__/_1632758123090/rexdot.js?l=100&id=zaBA3WMQRyA8wbYnZ5bSn8Q8LSqK1oNiyNunQsdLadb.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fblog.framar.bg%2Ftag%2F%25D0%25BE%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B7%25D1%258A%25D0%25BC%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=148&lsdata=79AVXGkNHevdzzVfjY7Rr0Cjr0xjRM7Uvqz3uEL6UUr.b7ynZG1ZKyJgxieq3w95c.387UW25ic74UY2sdJ4y38nEupZ/bFNkfJ_EV5Scy/&fpdata=qofaMb9vKIMg70fSwq92KT1HVupB6Gb26SIE1AbzNxL.M7&vis=1&fpcap=
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 78.128.6.34 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-6-34.telehouse.bg
Software: GHC /
Resource Hash: 21e1e8072969583ab092d04d48702416f59bc9a29eee8e8eb6827fefcfe52064

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:23 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 169
expires: Sun, 26 Sep 2021 15:55:23 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:23 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1632758123090/rexdot.js?l=100&id=zaBA3WMQRyA8wbYnZ5bSn8Q8LSqK1oNiyNunQsdLadb.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fblog.framar.bg%2Ftag%2F%25D0%25BE%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B7%25D1%258A%25D0%25BC%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=148&lsdata=79AVXGkNHevdzzVfjY7Rr0Cjr0xjRM7Uvqz3uEL6UUr.b7ynZG1ZKyJgxieq3w95c.387UW25ic74UY2sdJ4y38nEupZ/bFNkfJ_EV5Scy/&fpdata=qofaMb9vKIMg70fSwq92KT1HVupB6Gb26SIE1AbzNxL.M7&vis=1&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Sun, 26 Sep 2021 15:55:23 GMT

GET
H2 200 style.secure.css
rating-widget.com/css/widget/ 41 KB
7 KB 330ms
29ms Stylesheet
text/css 2606:4700:3031::ac43:990b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rating-widget.com/css/widget/style.secure.css?v=2.1.7

Requested by

Host: rating-widget.com
URL: https://rating-widget.com/js/external.min.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:990b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00d0e87df1767e087a6c8ffc53cfc38b0917b9d6ea7e341e897fd03e914a485e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 397
cf-polished: origSize=42407
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 28 Jul 2018 08:12:05 GMT
server: cloudflare
etag: W/"5b5c2555-a5a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZ7ezcXwxvvz0auT%2FiFY8ry9mqv82dNRsB1CGUbw7NZt5c21BnqbvzktjRSuHQT%2FRfbCPDJH9LmCGhQkuEUinpmB6PWhV84jxQYiNkMY3uOcd37qu8D9r2%2FvkApkBCs%2Be34RCHJS%2Bdr4JOMyloinWg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6955ea7f39781772-FRA
cf-bgj: minify

GET
H2 200 get.php Show response
rating-widget.com/js/api/rating/ 395 B
627 B 507ms
208ms Script
text/javascript 2606:4700:3031::ac43:990b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rating-widget.com/js/api/rating/get.php?ids=[%223740%22]&v=2.1.7&sw=1600&sh=1200&sd=24&uid=1c053633b7352f05bc837b6d282cb6fc&by=laccount&et=0&source=website&url=https%3A%2F%2Fblog.framar.bg%2Ftag%2F%25D0%25BE%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B7%25D1%258A%25D0%25BC%2F&cguid=1632758123100

Requested by

Host: rating-widget.com
URL: https://rating-widget.com/js/external.min.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:990b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1d64e0044ed2dc808e57c89afb4979f87cdd831eeac3d8fca865d96dec3e1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 20 Mar 2013 09:00:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3D%2FU%2Bm2BD3c4VMQZj92AOrBTaY81JAVYT8zG5IWFOYLyMH6B93HN9pGS2RQvfzp7ClUa7V66hX%2BbeapvJVmvz%2FslHXavmBoM5wN4tGnVaU1tbJvSP57mlAQrjTBjh65NGL5q8%2FegcHyT%2BrW4CAb8VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6955ea7f397c1772-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 1 Jan 2012 09:00:00 GMT

GET
H2 200 loader-14x14.gif
rating-widget.com/img/widget/ 7 KB
7 KB 313ms
14ms Image
image/gif 2606:4700:3031::ac43:990b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rating-widget.com/img/widget/loader-14x14.gif

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:990b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

683c015beb1c6fb1bb2716ec50905b5aa6a5aaa7592a738b5c57835795b30f9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1258273
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6984
last-modified: Tue, 09 Jun 2015 21:37:27 GMT
server: cloudflare
etag: "55775c97-1b48"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erTsSKC4KQn5ZzV4RihW9FNRAz3sa%2B2YdTyL3fvWs03wlQHJ0qUtMd6qWZZYsXDqpQwPtLdbbNExeLwVbaATmf1cGp3yKZ3o2S81DL8dKtCgcydb2YcItnpH%2FpcEfCQASvTiFNBulw7yfxk1TSE31Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6955ea7f397a1772-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 container.html Show response
5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D810 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.framar.bg/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 27 Sep 2021 15:55:22 GMT
expires: Tue, 27 Sep 2022 15:55:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK rhjtaz8j6b44 Show response
hal9000.redintelligence.net/zone/ Frame 633D 10 KB
3 KB 57ms
13ms Script
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/rhjtaz8j6b44?subid=&gdpr=1&gdpr_consent=li&rnd=6202774359774455377&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D6202774359774455377%26mt_id%3D9399490%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_cid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCegmuaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBPEBT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QNvZeNh03e_f4LT3db4jInTIQNkkSOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qo2iDyx2MXC6w-wcpal7OMKaqaA%2526client%253Dca-pub-3555560909776325%2526adurl%253D%26redirect%3D
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 272ae700ded1eb5d845c9bd9e69c13dbd02df86bbd48a57a6bbd082d410c9dd4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3341
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 633D 49 B
329 B 45ms
16ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=6202774359774455377&node_id=527&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVdVek5XWXhaall0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyMDI3NzQzNTk3NzQ0NTUzNzcvOTM5OTQ5MC85MTMzMzc5LzQvamtFZ1F3dktkNDhsRUU2OVRmbVBrMzAzMXgwUk1ZaGxvT05sbE5RX3ZhZy8xLzQvMC8wLzE2NDYyOTMvMTUzOTc5ODUyOC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNjIwMjc3NDM1OTc3NDQ1NTM3Ny9hbXMvMC8xMDUzNC85Mi85OTkvMi85MS4xOTkuMTE4LjAvMC4wMDAvMTYzMjc1ODEyMi8xNjMyNzcwNzIyLzQvcHViLTM1NTU1NjA5MDk3NzYzMjUv/eoO75ZDt1vicN2v5XrmXouP-Dmg&nodeid=527&group=cdg&auctionid=6202774359774455377&shardkey=6202774359774455377&sid=9133379&cid=9399490&bp=a_cfcddj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.62&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCegmuaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBPEBT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QNvZeNh03e_f4LT3db4jInTIQNkkSOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qo2iDyx2MXC6w-wcpal7OMKaqaA%26client%3Dca-pub-3555560909776325%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: MMBD/3.206.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x83, cdg-bidder-x67
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 633D 43 B
372 B 93ms
31ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=6202774359774455377&v3=985278&v4=9133379&v5=9399490&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVdVek5XWXhaall0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyMDI3NzQzNTk3NzQ0NTUzNzcvOTM5OTQ5MC85MTMzMzc5LzQvamtFZ1F3dktkNDhsRUU2OVRmbVBrMzAzMXgwUk1ZaGxvT05sbE5RX3ZhZy8xLzQvMC8wLzE2NDYyOTMvMTUzOTc5ODUyOC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNjIwMjc3NDM1OTc3NDQ1NTM3Ny9hbXMvMC8xMDUzNC85Mi85OTkvMi85MS4xOTkuMTE4LjAvMC4wMDAvMTYzMjc1ODEyMi8xNjMyNzcwNzIyLzQvcHViLTM1NTU1NjA5MDk3NzYzMjUv/eoO75ZDt1vicN2v5XrmXouP-Dmg&nodeid=527&group=cdg&auctionid=6202774359774455377&shardkey=6202774359774455377&sid=9133379&cid=9399490&bp=a_cfcddj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.62&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCegmuaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBPEBT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QNvZeNh03e_f4LT3db4jInTIQNkkSOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qo2iDyx2MXC6w-wcpal7OMKaqaA%26client%3Dca-pub-3555560909776325%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x8 config:1.0.1 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x8 config:1.0.1
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 633D 49 B
329 B 60ms
14ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=6202774359774455377&st=9133379&time=1632758123&nodeid=527
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVdVek5XWXhaall0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyMDI3NzQzNTk3NzQ0NTUzNzcvOTM5OTQ5MC85MTMzMzc5LzQvamtFZ1F3dktkNDhsRUU2OVRmbVBrMzAzMXgwUk1ZaGxvT05sbE5RX3ZhZy8xLzQvMC8wLzE2NDYyOTMvMTUzOTc5ODUyOC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNjIwMjc3NDM1OTc3NDQ1NTM3Ny9hbXMvMC8xMDUzNC85Mi85OTkvMi85MS4xOTkuMTE4LjAvMC4wMDAvMTYzMjc1ODEyMi8xNjMyNzcwNzIyLzQvcHViLTM1NTU1NjA5MDk3NzYzMjUv/eoO75ZDt1vicN2v5XrmXouP-Dmg&nodeid=527&group=cdg&auctionid=6202774359774455377&shardkey=6202774359774455377&sid=9133379&cid=9399490&bp=a_cfcddj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.62&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCegmuaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBPEBT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QNvZeNh03e_f4LT3db4jInTIQNkkSOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qo2iDyx2MXC6w-wcpal7OMKaqaA%26client%3Dca-pub-3555560909776325%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: MMBD/3.206.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x94, cdg-bidder-x67
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D810 0
0 32ms
32ms Fetch
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C2lCqaulRYbvHO4an3gPs8ZPwBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBIYCT9BO7kqjZwMWU3qDAWM3lBB38KVAjeovorY5kTh9VwN0MwJBEAXk0hUJVgVDe_I4OYMVy0b_hYNBdubgms9UmDZhnfXCeywqpcjODGwfUeAHwpez66iLQ11fRCfIxeCqL3n82GzJ6x_U-i3TR-DCktXBnvyOWDd3a3RIr7_nCJTg1NXY9n46MRtJc4WZesHg3QGSoU3UsOmaVsxlw08OwX8jxIZFwo3IsSDKSOwddPWV10jXTsZ9de3gItcKfr8OVChDGiF3n76OaJEJfA4QPrgbbrI7rUGxorvJ9lkeEzfWclQXtdkCTp4gX7kALZT2KdJYLpdZhN_HXdZemQKIRV9KxXqNWuAEAYAGz5_enrDl_a4uoAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTM1NTU1NjA5MDk3NzYzMjUYi4Vw&sigh=DK6009PhkTs&tpd=AGWhJmvl0IcP5HQj7kLKOAl8x5VDgLRayOYoD0bZhEQRxGErZzDWhFauzZakajLEFGFzZ7To_c07S7dzG9kMvEMLMCv2Bt1I1qxtmhawBYgmcaGUEo5OBticgwTrXLI6DpsL64kXmdGc_LyxBTsFGI-ucT-kpq6szToslrZjKjZEmHSmx_bVRtAy9zbQpiWMSowuPgtmOpJ4aNGdoa-KNi6ZdIf97DT6BiUs9Ph8aeZhSrdifzHTU2qdNCK8_DMvXsG-m676JiutzYcr7yJKTfSaZmaFF-oAJf02mZ8Rlng4pVMjOKfbaxcAl0sAK027V2Iyg_ot2gzzRPXN8rsjY-lG4p2aDBCX7PJu1bgNtZeNx254DUq3b_q3uk_cAjZLDdYWVFDNsuV5So5f9gY0Eu-BM8vHhNLW4ODDQPMW7sS6O-dQahYWvxB4y1dHXOMIxMDUL-8GqVeV_hRJ7T17nKqpi7tx_-dwURYZfZmp1k3i1Mj9uoQrGSXsqHPH0Mu9ghPf6vZCAzOpsuAJr458nbOSjJcaf0ck7DHOyy-rHLG6vR1igdMzEO8lUhD_GBQmx1MuDnojAmyPxqyFdlQ1cCTQ3uiFzn4tZM8z5CZvqNo0sMZ667j_8vfBaj-LmHMLqNNCH64qQwGry9jiWeweqUfKvdiCGQ8kLEEIHqybjzCPV-iGV9-D6KdT08TJ7rj0eH---R01Qo4-4BvoXcsWmD982n29Muts3AuXFbc7BWo4HIksdBCYHV76XbPtR3Qip3MAIe4ngviK8BfwDtaIb1EnZ99asikc2nvway6CrkXY6RNhmv5-OHF42ba2UVBrsLkiYUwamvqTSmUi5XnQSaH5kp9WYR4GGI8X2vhz3HGoq5m1hLFMxCyju4hz7kITGUxOgTHmcrqCH1NsaL5W-S0vMX8fPuMmWvzGBzw1mGpePNGRSqGgOPZAlGOJeY1ECXEtStJ75GJ1OQvL0Euvepss8JzD-wrCk1EyrVubF6xc7_xMND84LB9TeHECqpEObcHQw2nh0mahgHPQIr81z-_HaZUwM3XTCjFunl50e0eYJvFzHx_5jco01VrBrgSfxdO1_rpLCHbBMZzg6D0SfLE
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame D810 3 KB
2 KB 33ms
20ms Script
application/x-javascript 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVdVek5XWXhaall0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI3NDQwMDk4NTAyNDg4ODIyNzkvOTM5OTQ5MS85MTMzMzc5LzQvamtFZ1F3dktkNDhsRUU2OVRmbVBrMkt2alJ6ZGVMN182bTR5RDRTNnEtQS8xLzQvMC8wLzE2NDYyOTMvMTUzOTc5ODUyOC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMjc0NDAwOTg1MDI0ODg4MjI3OS9hbXMvMC8xMDUzNC85Mi85OTkvMi85MS4xOTkuMTE4LjAvMC4wMDAvMTYzMjc1ODEyMy8xNjMyNzcwNzIzLzQvcHViLTM1NTU1NjA5MDk3NzYzMjUv/ggq6DgxVTxZf4oMI1giRWSpgB2o&nodeid=527&group=cdg&auctionid=2744009850248882279&shardkey=2744009850248882279&sid=9133379&cid=9399491&bp=a_cfcddj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.135&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb2tqaulRYbvHO4an3gPs8ZPwBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBIkCT9BO7kqjZwMWU3qDAWM3lBB38KVAjeovorY5kTh9VwN0MwJBEAXk0hUJVgVDe_I4OYMVy0b_hYNBdubgms9UmDZhnfXCeywqpcjODGwfUeAHwpez66iLQ11fRCfIxeCqL3n82GzJ6x_U-i3TR-DCktXBnvyOWDd3a3RIr7_nCJTg1NXY9n46MRtJc4WZesHg3QGSoU3UsOmaVsxlw08OwX8jxIZFwo3IsSDKSOwddPWV10jXTsZ9de3gItcKfr8OVChDGiF3n76OaJEJfA4QPrgbbrI7rUGxorvJ9lkeEzfWclQXtdkCTp4gX7kALZT2KdJYLtVbiU1rzXJZFKbA7ocKaoqQTgbZI-AEAYAGz5_enrDl_a4uoAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2hzGaGswwfr8s5HdMazl7ann3ZZA%26client%3Dca-pub-3555560909776325%26adurl%3D
Requested by: Host: 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
URL: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.0 /
Resource Hash: de78f750f3c041a42bcd84036332a98521ae8021f6278af8fb02d1a8a1516770

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1632758123
Last-Modified: Mon, 27 Sep 2021 15:55:23 GMT
Server: MMBD/3.206.0
x-mm-latency: 6 (3)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x99, cdg-bidder-x67
Connection: close
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210922/r20110914/client/ Frame D810 3 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210922/r20110914/client/window_focus_fy2019.js

Requested by

Host: 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
URL: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:45:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 569
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Oct 2021 15:45:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D810 128 KB
39 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
URL: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39662
x-xss-protection: 0
server: sffe
etag: "1632310973010379"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Mon, 27 Sep 2021 15:55:23 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210922/r20110914/client/ Frame D810 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210922/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
URL: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8144ce2cd5918de3beabc8fd113ab560103033fae3956e093b688cda5732a50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:54:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6232
x-xss-protection: 0
server: cafe
etag: 15606800361334891596
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Oct 2021 15:54:25 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame D810 22 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
URL: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 26 Sep 2021 10:01:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107637
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 26 Sep 2022 10:01:26 GMT

GET
H/1.1 200
OK b2chijg1xki1 Show response
hal9000.redintelligence.net/zone/ Frame D810 10 KB
3 KB 34ms
12ms Script
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/b2chijg1xki1?subid=&gdpr=1&gdpr_consent=li&rnd=2744009850248882279&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2744009850248882279%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_cid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCb2tqaulRYbvHO4an3gPs8ZPwBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBIkCT9BO7kqjZwMWU3qDAWM3lBB38KVAjeovorY5kTh9VwN0MwJBEAXk0hUJVgVDe_I4OYMVy0b_hYNBdubgms9UmDZhnfXCeywqpcjODGwfUeAHwpez66iLQ11fRCfIxeCqL3n82GzJ6x_U-i3TR-DCktXBnvyOWDd3a3RIr7_nCJTg1NXY9n46MRtJc4WZesHg3QGSoU3UsOmaVsxlw08OwX8jxIZFwo3IsSDKSOwddPWV10jXTsZ9de3gItcKfr8OVChDGiF3n76OaJEJfA4QPrgbbrI7rUGxorvJ9lkeEzfWclQXtdkCTp4gX7kALZT2KdJYLtVbiU1rzXJZFKbA7ocKaoqQTgbZI-AEAYAGz5_enrDl_a4uoAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2hzGaGswwfr8s5HdMazl7ann3ZZA%2526client%253Dca-pub-3555560909776325%2526adurl%253D%26redirect%3D
Requested by: Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cdf6b7278a300475be00981f6dbad9934239c87bba1500970d4269079889109f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3370
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame D810 43 B
373 B 36ms
21ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=2744009850248882279&v3=985278&v4=9133379&v5=9399491&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVdVek5XWXhaall0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI3NDQwMDk4NTAyNDg4ODIyNzkvOTM5OTQ5MS85MTMzMzc5LzQvamtFZ1F3dktkNDhsRUU2OVRmbVBrMkt2alJ6ZGVMN182bTR5RDRTNnEtQS8xLzQvMC8wLzE2NDYyOTMvMTUzOTc5ODUyOC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMjc0NDAwOTg1MDI0ODg4MjI3OS9hbXMvMC8xMDUzNC85Mi85OTkvMi85MS4xOTkuMTE4LjAvMC4wMDAvMTYzMjc1ODEyMy8xNjMyNzcwNzIzLzQvcHViLTM1NTU1NjA5MDk3NzYzMjUv/ggq6DgxVTxZf4oMI1giRWSpgB2o&nodeid=527&group=cdg&auctionid=2744009850248882279&shardkey=2744009850248882279&sid=9133379&cid=9399491&bp=a_cfcddj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.135&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb2tqaulRYbvHO4an3gPs8ZPwBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBIkCT9BO7kqjZwMWU3qDAWM3lBB38KVAjeovorY5kTh9VwN0MwJBEAXk0hUJVgVDe_I4OYMVy0b_hYNBdubgms9UmDZhnfXCeywqpcjODGwfUeAHwpez66iLQ11fRCfIxeCqL3n82GzJ6x_U-i3TR-DCktXBnvyOWDd3a3RIr7_nCJTg1NXY9n46MRtJc4WZesHg3QGSoU3UsOmaVsxlw08OwX8jxIZFwo3IsSDKSOwddPWV10jXTsZ9de3gItcKfr8OVChDGiF3n76OaJEJfA4QPrgbbrI7rUGxorvJ9lkeEzfWclQXtdkCTp4gX7kALZT2KdJYLtVbiU1rzXJZFKbA7ocKaoqQTgbZI-AEAYAGz5_enrDl_a4uoAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2hzGaGswwfr8s5HdMazl7ann3ZZA%26client%3Dca-pub-3555560909776325%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x24 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x24 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame D810 49 B
329 B 17ms
17ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=2744009850248882279&st=9133379&time=1632758123&nodeid=527
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVdVek5XWXhaall0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI3NDQwMDk4NTAyNDg4ODIyNzkvOTM5OTQ5MS85MTMzMzc5LzQvamtFZ1F3dktkNDhsRUU2OVRmbVBrMkt2alJ6ZGVMN182bTR5RDRTNnEtQS8xLzQvMC8wLzE2NDYyOTMvMTUzOTc5ODUyOC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMjc0NDAwOTg1MDI0ODg4MjI3OS9hbXMvMC8xMDUzNC85Mi85OTkvMi85MS4xOTkuMTE4LjAvMC4wMDAvMTYzMjc1ODEyMy8xNjMyNzcwNzIzLzQvcHViLTM1NTU1NjA5MDk3NzYzMjUv/ggq6DgxVTxZf4oMI1giRWSpgB2o&nodeid=527&group=cdg&auctionid=2744009850248882279&shardkey=2744009850248882279&sid=9133379&cid=9399491&bp=a_cfcddj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.135&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb2tqaulRYbvHO4an3gPs8ZPwBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBIkCT9BO7kqjZwMWU3qDAWM3lBB38KVAjeovorY5kTh9VwN0MwJBEAXk0hUJVgVDe_I4OYMVy0b_hYNBdubgms9UmDZhnfXCeywqpcjODGwfUeAHwpez66iLQ11fRCfIxeCqL3n82GzJ6x_U-i3TR-DCktXBnvyOWDd3a3RIr7_nCJTg1NXY9n46MRtJc4WZesHg3QGSoU3UsOmaVsxlw08OwX8jxIZFwo3IsSDKSOwddPWV10jXTsZ9de3gItcKfr8OVChDGiF3n76OaJEJfA4QPrgbbrI7rUGxorvJ9lkeEzfWclQXtdkCTp4gX7kALZT2KdJYLtVbiU1rzXJZFKbA7ocKaoqQTgbZI-AEAYAGz5_enrDl_a4uoAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2hzGaGswwfr8s5HdMazl7ann3ZZA%26client%3Dca-pub-3555560909776325%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: MMBD/3.206.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x80, cdg-bidder-x67
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H/1.1 200
OK js Show response
sync.mathtag.com/sync/ Frame D810 1 KB
1011 B 46ms
16ms Script
text/javascript 185.29.134.248
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=1&type=1&synclist=4&gdpr=1&gdpr_consent=li
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVdVek5XWXhaall0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI3NDQwMDk4NTAyNDg4ODIyNzkvOTM5OTQ5MS85MTMzMzc5LzQvamtFZ1F3dktkNDhsRUU2OVRmbVBrMkt2alJ6ZGVMN182bTR5RDRTNnEtQS8xLzQvMC8wLzE2NDYyOTMvMTUzOTc5ODUyOC8yMjY1ODkvOTg1Mjc4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMjc0NDAwOTg1MDI0ODg4MjI3OS9hbXMvMC8xMDUzNC85Mi85OTkvMi85MS4xOTkuMTE4LjAvMC4wMDAvMTYzMjc1ODEyMy8xNjMyNzcwNzIzLzQvcHViLTM1NTU1NjA5MDk3NzYzMjUv/ggq6DgxVTxZf4oMI1giRWSpgB2o&nodeid=527&group=cdg&auctionid=2744009850248882279&shardkey=2744009850248882279&sid=9133379&cid=9399491&bp=a_cfcddj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.135&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb2tqaulRYbvHO4an3gPs8ZPwBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBIkCT9BO7kqjZwMWU3qDAWM3lBB38KVAjeovorY5kTh9VwN0MwJBEAXk0hUJVgVDe_I4OYMVy0b_hYNBdubgms9UmDZhnfXCeywqpcjODGwfUeAHwpez66iLQ11fRCfIxeCqL3n82GzJ6x_U-i3TR-DCktXBnvyOWDd3a3RIr7_nCJTg1NXY9n46MRtJc4WZesHg3QGSoU3UsOmaVsxlw08OwX8jxIZFwo3IsSDKSOwddPWV10jXTsZ9de3gItcKfr8OVChDGiF3n76OaJEJfA4QPrgbbrI7rUGxorvJ9lkeEzfWclQXtdkCTp4gX7kALZT2KdJYLtVbiU1rzXJZFKbA7ocKaoqQTgbZI-AEAYAGz5_enrDl_a4uoAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2hzGaGswwfr8s5HdMazl7ann3ZZA%26client%3Dca-pub-3555560909776325%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master cdg-pixel-x24 config:1.0.0 /
Resource Hash: beb017f0576502c8b43a899338e628ac628c0c43250204c5dba9e9fc0c32aa9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Content-Encoding: gzip
Server: MT3 3984 0e3af3b master cdg-pixel-x24 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: close
Content-Type: text/javascript
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H/1.1 200
OK request.php Show response
hal900030.redintelligence.net/ Frame 633D 613 B
772 B 91ms
48ms Script
application/x-javascript 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request.php?zone=rhjtaz8j6b44&nw=20&renderingType=javascript&namespace=25c9ede83f&subid=&uid=884dd82e4506c0c3&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D6202774359774455377%26mt_id%3D9399490%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_cid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCegmuaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBPEBT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QNvZeNh03e_f4LT3db4jInTIQNkkSOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qo2iDyx2MXC6w-wcpal7OMKaqaA%2526client%253Dca-pub-3555560909776325%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2F5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=4269117844250&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/rhjtaz8j6b44?subid=&gdpr=1&gdpr_consent=li&rnd=6202774359774455377&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D6202774359774455377%26mt_id%3D9399490%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_cid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCegmuaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBPEBT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QNvZeNh03e_f4LT3db4jInTIQNkkSOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qo2iDyx2MXC6w-wcpal7OMKaqaA%2526client%253Dca-pub-3555560909776325%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 99b8ec433ee676f10c7d0daa94f90a619c5a71c1974b2126c148bdc17c22ffe3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Sep 2021 15:55:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 90304900188436503168686011730030
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 329
Expires: Mon, 27 Sep 2021 16:55:23 +0200

GET
H/1.1 200
OK request.php Show response
hal900014.redintelligence.net/ Frame D810 613 B
774 B 92ms
50ms Script
application/x-javascript 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/request.php?zone=b2chijg1xki1&nw=20&renderingType=javascript&namespace=922dd5760d&subid=&uid=96ed17a855e766a8&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2744009850248882279%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_cid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCb2tqaulRYbvHO4an3gPs8ZPwBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBIkCT9BO7kqjZwMWU3qDAWM3lBB38KVAjeovorY5kTh9VwN0MwJBEAXk0hUJVgVDe_I4OYMVy0b_hYNBdubgms9UmDZhnfXCeywqpcjODGwfUeAHwpez66iLQ11fRCfIxeCqL3n82GzJ6x_U-i3TR-DCktXBnvyOWDd3a3RIr7_nCJTg1NXY9n46MRtJc4WZesHg3QGSoU3UsOmaVsxlw08OwX8jxIZFwo3IsSDKSOwddPWV10jXTsZ9de3gItcKfr8OVChDGiF3n76OaJEJfA4QPrgbbrI7rUGxorvJ9lkeEzfWclQXtdkCTp4gX7kALZT2KdJYLtVbiU1rzXJZFKbA7ocKaoqQTgbZI-AEAYAGz5_enrDl_a4uoAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2hzGaGswwfr8s5HdMazl7ann3ZZA%2526client%253Dca-pub-3555560909776325%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2F5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=3037894252977&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/b2chijg1xki1?subid=&gdpr=1&gdpr_consent=li&rnd=2744009850248882279&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2744009850248882279%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_cid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCb2tqaulRYbvHO4an3gPs8ZPwBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBIkCT9BO7kqjZwMWU3qDAWM3lBB38KVAjeovorY5kTh9VwN0MwJBEAXk0hUJVgVDe_I4OYMVy0b_hYNBdubgms9UmDZhnfXCeywqpcjODGwfUeAHwpez66iLQ11fRCfIxeCqL3n82GzJ6x_U-i3TR-DCktXBnvyOWDd3a3RIr7_nCJTg1NXY9n46MRtJc4WZesHg3QGSoU3UsOmaVsxlw08OwX8jxIZFwo3IsSDKSOwddPWV10jXTsZ9de3gItcKfr8OVChDGiF3n76OaJEJfA4QPrgbbrI7rUGxorvJ9lkeEzfWclQXtdkCTp4gX7kALZT2KdJYLtVbiU1rzXJZFKbA7ocKaoqQTgbZI-AEAYAGz5_enrDl_a4uoAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2hzGaGswwfr8s5HdMazl7ann3ZZA%2526client%253Dca-pub-3555560909776325%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: e59e11a99ff5a121a7721118576c3585bb56dea52dea2ca5b0d6e7501b585937

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Sep 2021 15:55:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 15855100179878603168684011730014
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 331
Expires: Mon, 27 Sep 2021 16:55:23 +0200

GET
H/1.1 200
OK ajax.php Show response
blog.framar.bg/ 1 KB
800 B 93ms
93ms XHR
text/html 79.124.75.51
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.framar.bg/ajax.php?get_dashboard=1
Requested by: Host: static.framar.bg
URL: https://static.framar.bg/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 79.124.75.51 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-75-51.telehouse.bg
Software: Apache /
Resource Hash: f7f707142165d60ade0950a81377cc4aaaa6dad34797917182c7101a720793fc

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.framar.bg
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: __utma=24869737.1014289140.1632758123.1632758123.1632758123.1; __utmc=24869737; __utmz=24869737.1632758123.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=24869737.1.10.1632758123; __gfp_64b=qofaMb9vKIMg70fSwq92KT1HVupB6Gb26SIE1AbzNxL.M7|1632758122; __gads=ID=d254180d5ebc30e6-226ec77661c900d1:T=1632758122:S=ALNI_MbOALZM6SX1vchYCWyFvQu7NnmIqw
Connection: keep-alive
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
Accept: */*
Referer: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=798
Content-Length: 491
Expires: Mon, 27 Sep 2021 15:55:23 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900030.redintelligence.net/ Frame E990 7 KB
3 KB 37ms
12ms Document
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request_content.php?s=90304900188436503168686011730030&a=7f093c78
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=rhjtaz8j6b44&nw=20&renderingType=javascript&namespace=25c9ede83f&subid=&uid=884dd82e4506c0c3&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D6202774359774455377%26mt_id%3D9399490%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_cid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCegmuaulRYb3wNYbe3wOEuarYBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBPEBT9B0xwY1BpQYyGiHdCnb9vavKAncFOzAsYu-03kF_AbNxMgvhRuAg5hno4K7QYawkvloS5mh0yOzPWiq6MmULnk1bmII66mHSHqEKzOHcM5JABXU_6KmpHsQKLr8ZuBVe7041uhXZXl1t8GDQsI5YmCAgL81n3JokgHKTy92DlRojT4WMgDQSbStLo7gwppljMUIIk8dARAAofVSggWR5d4NEVoaiy_vhZIkt1c56mDrRdT4oNO7PBCedQJXhfCdnSQaJ9XeGQs5TncK6k2E_q3i4DqwoZyOaZ09QNvZeNh03e_f4LT3db4jInTIQNkkSOAEAYAG9OqB9-TF_o0doAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qo2iDyx2MXC6w-wcpal7OMKaqaA%2526client%253Dca-pub-3555560909776325%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2F5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=4269117844250&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 6200ed57e15fd22b62a16ac8874f593badd2dfd43d1d09a9282861ee1919f6ed

Request headers

Host: hal900030.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 27 Sep 2021 16:55:23 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2296
Connection: close
Content-Type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ Frame 633D 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81b1c2a11b7001d672682602e68d6e80036d5382584e11e09e837117f1395375

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK request_content.php Show response
hal900014.redintelligence.net/ Frame 552F 7 KB
3 KB 36ms
13ms Document
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/request_content.php?s=15855100179878603168684011730014&a=6664d659
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request.php?zone=b2chijg1xki1&nw=20&renderingType=javascript&namespace=922dd5760d&subid=&uid=96ed17a855e766a8&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2744009850248882279%26mt_id%3D9399491%26mt_adid%3D226589%26mt_sid%3D9133379%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_cid%3Dc1576151-e96b-4101-a444-97783f93e57e%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCb2tqaulRYbvHO4an3gPs8ZPwBM-HjptcwIbZgsYCwI23ARABIABglYKAgJgHggEXY2EtcHViLTM1NTU1NjA5MDk3NzYzMjXIAQngAgCoAwGqBIkCT9BO7kqjZwMWU3qDAWM3lBB38KVAjeovorY5kTh9VwN0MwJBEAXk0hUJVgVDe_I4OYMVy0b_hYNBdubgms9UmDZhnfXCeywqpcjODGwfUeAHwpez66iLQ11fRCfIxeCqL3n82GzJ6x_U-i3TR-DCktXBnvyOWDd3a3RIr7_nCJTg1NXY9n46MRtJc4WZesHg3QGSoU3UsOmaVsxlw08OwX8jxIZFwo3IsSDKSOwddPWV10jXTsZ9de3gItcKfr8OVChDGiF3n76OaJEJfA4QPrgbbrI7rUGxorvJ9lkeEzfWclQXtdkCTp4gX7kALZT2KdJYLtVbiU1rzXJZFKbA7ocKaoqQTgbZI-AEAYAGz5_enrDl_a4uoAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2hzGaGswwfr8s5HdMazl7ann3ZZA%2526client%253Dca-pub-3555560909776325%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2F5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=3037894252977&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: 15dbb0147ef3005cea245418e3e67701403476742d8b8c2876140a39f0b15cce

Request headers

Host: hal900014.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 27 Sep 2021 16:55:23 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2307
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK iframe Show response
sync.mathtag.com/sync/ Frame C9C1 652 B
732 B 46ms
19ms Document
text/html 185.29.134.248
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/iframe?mt_uuid=c1576151-e96b-4101-a444-97783f93e57e&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=1&type=1&synclist=4&gdpr=1&gdpr_consent=li
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 4033 f73cd20 master cdg-pixel-x1 config:1.0.1 /
Resource Hash: 4c5325edabfb7a618fea7fb98d21d0940c941d4533c4e337923515685808a056

Request headers

Host: sync.mathtag.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Cookie: uuid=c1576151-e96b-4101-a444-97783f93e57e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Content-Type: text/html
Connection: close
Server: MT3 4033 f73cd20 master cdg-pixel-x1 config:1.0.1
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Mon, 27 Sep 2021 15:55:22 GMT
Content-Encoding: gzip

GET
DATA 200
OK truncated
/ Frame D810 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e6a180704c9c12821c51830e8f0937dde9f97b2186af85f08914aa5ae43d3f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame E990 89 KB
32 KB 36ms
9ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=90304900188436503168686011730030&a=7f093c78

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 13:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10395
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Tue, 27 Sep 2022 13:02:08 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame E990 747 B
943 B 109ms
17ms Script
text/javascript 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=49615354;click=https%3A%2F%2Fhal900030.redintelligence.net%2Fc%2Fpagmw2qo9nqpqcc%3Ftprde%3D

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=90304900188436503168686011730030&a=7f093c78

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

718e19e18e377c005e2ec5cea173901d271621afd6c37db862f682e961b2f185

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 550
expires: -1

GET
H/1.1 200
OK img
sync.mathtag.com/misc/ Frame D810 43 B
518 B 68ms
26ms Image
image/gif 185.29.134.248
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/misc/img?mm_bnc&gdpr=1&gdpr_consent=li&bcdv=0
Requested by: Host: 5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
URL: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master cdg-pixel-x24 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x24 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 43
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 552F 89 KB
32 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=15855100179878603168684011730014&a=6664d659

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 13:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10395
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Tue, 27 Sep 2022 13:02:08 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 552F 747 B
940 B 113ms
46ms Script
text/javascript 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=49615353;click=https%3A%2F%2Fhal900014.redintelligence.net%2Fc%2Fp70sl9p3s8ble5f%3Ftprde%3D

Requested by

Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=15855100179878603168684011730014&a=6664d659

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

98a699731c610862652626d10baf9444f26aa5c462649daca0e5afc682a9fb7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 548
expires: -1

GET
H/1.1 200
OK img
sync.mathtag.com/misc/ Frame C9C1 43 B
518 B 57ms
26ms Image
image/gif 185.29.134.248
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/misc/img?mm_bnc&gdpr=1&gdpr_consent=li&bcdv=0
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/iframe?mt_uuid=c1576151-e96b-4101-a444-97783f93e57e&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 3984 0e3af3b master cdg-pixel-x13 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.mathtag.com/sync/iframe?mt_uuid=c1576151-e96b-4101-a444-97783f93e57e&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x13 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 43
Expires: Mon, 27 Sep 2021 15:55:22 GMT

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame E990 0
150 B 35ms
13ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=90304900188436503168686011730030&a=a11b6dcd&vb=m
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=90304900188436503168686011730030&a=7f093c78
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/request_content.php?s=90304900188436503168686011730030&a=7f093c78
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900014.redintelligence.net/ Frame 552F 0
150 B 38ms
13ms Script
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/viewability?s=15855100179878603168684011730014&a=f43ab5eb&vb=m
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=15855100179878603168684011730014&a=6664d659
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/request_content.php?s=15855100179878603168684011730014&a=6664d659
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 tooltip-loader.gif
secure.rating-widget.com/img/widget/ 473 B
792 B 53ms
34ms Image
image/gif 2606:4700:3031::ac43:990b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.rating-widget.com/img/widget/tooltip-loader.gif
Requested by: Host: rating-widget.com
URL: https://rating-widget.com/css/widget/style.secure.css?v=2.1.7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:990b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25dac4c91e515d1d192eba006b78cfd1950f24d1839837c02fc7034146480f2b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rating-widget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16310925
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 473
last-modified: Tue, 09 Jun 2015 21:37:27 GMT
server: cloudflare
etag: "55775c97-1d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmjql3jlz3VMO7fyu2nGR6x%2F9AwfeJV9s%2B0w3qnVti6X%2FQ7mVYPeQNLW1PQp059yoTLmsGMhiOm535QAE1x7AumD5TqTp594uZJOQUwf5p6Pciz9sJuUSKZC65zreRty8OeB0ZhND%2BF477Ai2G9uCCAbo4fVKt8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6955ea7f99e91772-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame E990 33 KB
16 KB 93ms
21ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=49615354;click=https%3A%2F%2Fhal900030.redintelligence.net%2Fc%2Fpagmw2qo9nqpqcc%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 28 Sep 2021 18:54:19 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 552F 33 KB
16 KB 79ms
36ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=49615353;click=https%3A%2F%2Fhal900014.redintelligence.net%2Fc%2Fp70sl9p3s8ble5f%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 28 Sep 2021 18:54:19 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame E990 4 KB
3 KB 18ms
18ms Script
text/javascript 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=49615354;click=https%3A%2F%2Fhal900030.redintelligence.net%2Fc%2Fpagmw2qo9nqpqcc%3Ftprde%3D;js=1;adfxid=1x;3564;set=en-US|en-US|1600X1200|0|150|600|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fblog.framar.bg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

e13a3ed7d22b0ef85e03407887656f25feee70cc56a4a8c79587e38c17890a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2063
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 552F 4 KB
3 KB 18ms
17ms Script
text/javascript 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=49615353;click=https%3A%2F%2Fhal900014.redintelligence.net%2Fc%2Fp70sl9p3s8ble5f%3Ftprde%3D;js=1;adfxid=1x;9511;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fblog.framar.bg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

c615eff1eb627d828c98cde652398c51402e58944265ea95aec8ec1a42a9b532

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2074
expires: -1

GET
DATA 200
OK truncated
/ Frame E990 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 552F 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 resources.js Show response
rating-widget.com/js/api/ 1 KB
937 B 196ms
196ms Script
text/javascript 2606:4700:3031::ac43:990b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rating-widget.com/js/api/resources.js?lngs=bg&themes=thumbs_1&v=2.1.7&sw=1600&sh=1200&sd=24&uid=1c053633b7352f05bc837b6d282cb6fc&huid=19324&fp=LMNGGM6

Requested by

Host: rating-widget.com
URL: https://rating-widget.com/js/external.min.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:990b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96b7bba855322a2941aa6bf7c1aeeaef9cb5664d7eecd0cd7aab409f508efc76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2014 13:34:05 UTC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KKRo5GIT3T97C%2Bzmy96PegyqNmbk1xtm6oGwLuZZVzxmROy8q%2B4Hy3O4NjTECe0yVxcYvqukZ%2BeMyBjjKQabRD38OGYKNbOfs8taEQ0YF6Mx%2B7w%2FW9TnlBnPn1FojOGKY5ISx8YR8fIjBuqwt5UEkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
cf-ray: 6955ea809bd01772-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Wed, 28 Jan 2015 13:34:05 UTC

GET
H2 200 theme.css
rating-widget.com/css/widget/ 896 B
811 B 216ms
216ms Stylesheet
text/css 2606:4700:3031::ac43:990b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rating-widget.com/css/widget/theme.css?data=%7B%22star%22%3A%7B%22theme%22%3A%7B%7D%2C%22style%22%3A%7B%7D%7D%2C%22nero%22%3A%7B%22theme%22%3A%7B%22medium%22%3A%7B%22thumbs_1%22%3Atrue%7D%7D%2C%22style%22%3A%7B%22medium%22%3A%7B%22thumbs%22%3Atrue%7D%7D%7D%7D&huid=19324&v=2.1.7

Requested by

Host: rating-widget.com
URL: https://rating-widget.com/js/external.min.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:990b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a7cfa865bfec3e906f379a7a228c02316d9d859fe6e53abe9696103b0cb618a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=1044
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 25 Jan 2014 14:58:27 UTC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XrDt3Q%2FWpC3bCZ%2B4mOVeo3TBGQzYxRYpP2f0Ci0kP11hFoqNvLoRyLfAR46EInuBAafQlzRY1cek5HH3nzmML8gGQQRAZ9STXapaO40vh6D4qcKfcHcv6%2BNq30u51Sg0VnNL5hWbTt2JdURxLalqTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6955ea809bd11772-FRA
expires: Sun, 25 Jan 2015 13:58:27 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame E990 90 KB
39 KB 21ms
21ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5d3fbe3c8d35db71a45f86f973e32aebf28c72dfdaa6a5ca75b1638048f6a85e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 28 Sep 2021 18:54:25 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 552F 90 KB
39 KB 25ms
24ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5d3fbe3c8d35db71a45f86f973e32aebf28c72dfdaa6a5ca75b1638048f6a85e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 28 Sep 2021 18:54:25 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame E990 35 B
478 B 18ms
17ms Ping
image/gif 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=49615354&csi=uchmwbLIkpEqRoaTwabjQ951Agx-7dvhUTzpHHeQDcHrygPkIxxfk63qpbzcuhC7JWYx8UDkqOiB480nq3Bqwd6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900030.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:23 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900030.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 10266099.js Show response
s1.adform.net/Banners/Elements/Files/169192/10266099/ Frame 1BB0 6 KB
2 KB 17ms
17ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/10266099.js?ADFassetID=10266099&bv=514

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

032acc2a9dcbf16a63dd2f305e89891bf60e22b6c29674a9462c74a810aefe8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 14:59:32 GMT
server: nginx
etag: W/"6148a1d4-1736"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

POST
H2 200 /
track.adform.net/csimpr/ Frame 552F 35 B
478 B 18ms
17ms Ping
image/gif 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=49615353&csi=KxAbKYpi-w8fRBZivMG81_JCf06tVDQWUTzpHHeQDcHrygPkIxxfk6FxBQIE1NOMUWYkZFGDTUsCXQ8kYHKswd6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900014.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:23 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900014.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 10266097.js Show response
s1.adform.net/Banners/Elements/Files/169192/10266097/ Frame 05EB 6 KB
2 KB 17ms
17ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/10266097.js?ADFassetID=10266097&bv=514

Requested by

Host: blog.framar.bg
URL: https://blog.framar.bg/tag/%D0%BE%D0%BD%D0%B0%D0%BD%D0%B8%D0%B7%D1%8A%D0%BC/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f11bdfabaec3862d1e1a679b6c9257c93502abc17d50e84918fc46cd7b3bebad

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 14:59:31 GMT
server: nginx
etag: W/"6148a1d3-1734"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 1BB0 30 KB
13 KB 19ms
19ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:21 GMT
server: nginx
etag: W/"609e6e89-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 logo1_linie.png
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 1 KB
1 KB 20ms
19ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/logo1_linie.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f32df4b3645f2baeebff032ae43d264559635157cccc4b6b9c97f1080ab3fbed

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-42d"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1069

GET
H2 200 logo1.png
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 10 KB
10 KB 20ms
19ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/logo1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5014b653d557b34e182c9d5352057029ff75ea8005ee7c37d65bd2bd3ae76bee

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-27dc"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 10204

GET
H2 200 logo2.png
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 12 KB
12 KB 21ms
20ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/logo2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ca6220fe53c27fcec42dc41b8d428d5f7c8e4d9da4d7872218ea5fcffea8011a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:32 GMT
server: nginx
etag: "6148a1d4-2fac"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 12204

GET
H2 200 motiv1.jpg
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 11 KB
12 KB 22ms
20ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/motiv1.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

060b8754b51c5e156fb80a242948ee95397441a7ac619a750c1b77cc10f00daa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-2dbf"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 11711

GET
H2 200 txt1.png
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 6 KB
7 KB 22ms
20ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/txt1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e939e3688103948801e186b915eead597887fc415b87a01eca5fc6f8d546706c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-18ec"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 6380

GET
H2 200 txt12.png
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 2 KB
2 KB 22ms
20ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/txt12.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

89d4713d88d3c69ce516d9c8e5c2c98b7ffaa9e9e7b2aa2fd5998030b750f303

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:32 GMT
server: nginx
etag: "6148a1d4-85a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2138

GET
H2 200 txt2.png
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 5 KB
5 KB 23ms
21ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/txt2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

0567f4050b249f1d1ba225ac6675a3bd439a4c20acfc8ba122f951ad9d0b6ca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-12d6"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4822

GET
H2 200 motiv2.jpg
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 19 KB
19 KB 24ms
22ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/motiv2.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f3e7d36c9762ace05eeb674b0cbb72e5a6b5a35c9d58b44e257c781135f01a2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:32 GMT
server: nginx
etag: "6148a1d4-4ad2"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 19154

GET
H2 200 unten.png
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 1 KB
2 KB 25ms
23ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/unten.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

b1a6c943b6e570d1e8d703314b879cd72a35a36dc23918e95d6203c1d47c3f5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-538"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1336

GET
H2 200 txt4.png
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 2 KB
2 KB 25ms
24ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/txt4.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

16266fea0140a733164bdf07577dd9c8602d7dbef9180b9601dd8c7b2e608ad2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-86b"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2155

GET
H2 200 motiv3.jpg
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 16 KB
16 KB 25ms
25ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/motiv3.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3afb261f4ceb689b949234e10d221e5200979ea78938ee0017be4988c455fc03

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-405e"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 16478

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/ Frame 1BB0 4 KB
4 KB 26ms
25ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266099/bvpath_514/images/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

46b87af3a3c61bb3ef62693dd94d3737314383be8825e3ce0f7ad4c3a7bdb442

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:34 GMT
server: nginx
etag: "6148a1d6-f36"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3894

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 05EB 30 KB
13 KB 19ms
18ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:21 GMT
server: nginx
etag: W/"609e6e89-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 logo1_linie.png
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 128 B
424 B 19ms
18ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/logo1_linie.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e03cf26b650a6c1052cded32b05ea62a881ca97176f9768610d6851d580cb305

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:33 GMT
server: nginx
etag: "6148a1d5-80"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 128

GET
H2 200 logo1.png
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 7 KB
7 KB 20ms
19ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/logo1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

764eeb60237503651e47fe9c91b2eb64f6c295e91be8f1ab43661b0d5bfb9153

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:33 GMT
server: nginx
etag: "6148a1d5-1bf2"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 7154

GET
H2 200 logo2.png
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 3 KB
4 KB 20ms
19ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/logo2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

04d1a12d4f74027df393c50083fe441453361a2bb2c2446f89f439e641b11ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:31 GMT
server: nginx
etag: "6148a1d3-da3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3491

GET
H2 200 motiv1.jpg
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 15 KB
15 KB 20ms
19ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/motiv1.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3b8cf03e285c4769ecd4846317d0747abead6a0e779608f9d90e5065a1150388

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:31 GMT
server: nginx
etag: "6148a1d3-3a69"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 14953

GET
H2 200 txt1.png
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 5 KB
5 KB 20ms
19ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/txt1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

27b770039999c2b072b572c8d424bba92178fa6b15675da293118f47cf3e8862

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:33 GMT
server: nginx
etag: "6148a1d5-1229"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4649

GET
H2 200 txt12.png
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 965 B
1 KB 20ms
19ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/txt12.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3702083fb2f5e20e0b04aca6996045660832d19135ad7d102e7178d7018da604

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:33 GMT
server: nginx
etag: "6148a1d5-3c5"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 965

GET
H2 200 txt2.png
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 4 KB
4 KB 20ms
19ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/txt2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f5392240b17a6fd3e3b2a8cfdd5460bf031ddd3bf708a239b737649366ec3d30

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:31 GMT
server: nginx
etag: "6148a1d3-efd"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3837

GET
H2 200 motiv2.jpg
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 33 KB
33 KB 22ms
21ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/motiv2.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

72e9dedad5ae1d6fc10bc3d710107804132b2f5848a034c7daf968d1dc53ac1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:31 GMT
server: nginx
etag: "6148a1d3-825a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 33370

GET
H2 200 unten.png
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 388 B
684 B 23ms
22ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/unten.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

de179e4170de586abf6c3934f291f1a7aa904b38920fb8fde6c38cb33f128fce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:33 GMT
server: nginx
etag: "6148a1d5-184"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 388

GET
H2 200 txt4.png
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 814 B
1 KB 23ms
22ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/txt4.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

049e856551a42d1fbd2474d86aa75381d97296faf40c139b116545551539ae14

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:33 GMT
server: nginx
etag: "6148a1d5-32e"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 814

GET
H2 200 motiv3.jpg
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 32 KB
33 KB 24ms
24ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/motiv3.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

0c599132d05d8cca269a3f76478c23cc879cc7cd7aa2c24403c3674ea3e181ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:33 GMT
server: nginx
etag: "6148a1d5-813c"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 33084

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/ Frame 05EB 3 KB
3 KB 26ms
25ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10266097/bvpath_514/images/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

74d3670d23e0bfd7571d066cb1f2a803c955b1933ad3ef55e6cf984229616599

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
last-modified: Mon, 20 Sep 2021 14:59:31 GMT
server: nginx
etag: "6148a1d3-b07"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2823

GET
H2 200 like_box.php Show response
www.facebook.com/plugins/ Frame 2E5C 47 KB
16 KB 91ms
72ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=3f9dba2d0bdff43bfbf86e051b4b9c4f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6f47d72a572a58a73f14b4255bde5f747994fb2e29b2c0cda1b594568661f04b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.framar.bg/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ wss://*.whatsapp.com:* v.whatsapp.net *.fbsbx.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com;worker-src blob: *.facebook.com;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: LLGT2046niMoHro/rFj9MBAh9UL9vXtbusw0hbekhh3QjwAgUVHQVBbKmdFfCjIUIG679dFjdo0YYQZ6Zh3IJg==
date: Mon, 27 Sep 2021 15:55:23 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 44ms
20ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021092101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abc28c593dc0febddc150d704ca89470805e579a275371dfd3836f6193031e9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8550
x-xss-protection: 0

GET
H2 200 thumbs.ml.png
img.rating-widget.com/widget/s/ 6 KB
6 KB 46ms
25ms Image
image/png 2606:4700:3031::ac43:990b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.rating-widget.com/widget/s/thumbs.ml.png
Requested by: Host: rating-widget.com
URL: https://rating-widget.com/css/widget/theme.css?data=%7B%22star%22%3A%7B%22theme%22%3A%7B%7D%2C%22style%22%3A%7B%7D%7D%2C%22nero%22%3A%7B%22theme%22%3A%7B%22medium%22%3A%7B%22thumbs_1%22%3Atrue%7D%7D%2C%22style%22%3A%7B%22medium%22%3A%7B%22thumbs%22%3Atrue%7D%7D%7D%7D&huid=19324&v=2.1.7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:990b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3a165a460b0592c69d79581aa275553bd9d5b7f4902e806be2935d7797de229

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rating-widget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2987848
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6083
last-modified: Thu, 11 Jun 2015 19:43:40 GMT
server: cloudflare
etag: "5579e4ec-17c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0B753w9yUQgJTmf6xd2GW6rAHLkNOickJBfVQL1YCblGblMuEpSC82hgE5jL1j6m96VxCJR%2B4zaWapq8Evd3NuU5ZvQRBVQGhIN7yvbmnkqtGyM1gdoggeJWhc7TEN6AlbJ9EHMeQLvCAoRahjd7me3j6HQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000, must-revalidate
accept-ranges: bytes
cf-ray: 6955ea826e0e1772-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 im.png
secure.rating-widget.com/img/widget/ 2 KB
2 KB 30ms
29ms Image
image/png 2606:4700:3031::ac43:990b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.rating-widget.com/img/widget/im.png
Requested by: Host: rating-widget.com
URL: https://rating-widget.com/css/widget/style.secure.css?v=2.1.7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:990b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48d77b6088472a9974d20860c48d79a7c3fba24cebe39fadef071927961ceecd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rating-widget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2989226
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1638
last-modified: Tue, 09 Jun 2015 21:37:27 GMT
server: cloudflare
etag: "55775c97-666"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v6rSxRhRFCHY8D5iA4rr1kIqN9PZ4kJUpdN3AoidqcZ%2BLfwDE6Ld47sNcoV%2BeMlKpD2YwQJdbVib8bGdM8Fv9qag%2BjCyyPe0C68u5nyAmtVS%2By9Nc3Oinam6MBplqdH3Lbka%2FrwrdEvYWWmKFz1VSjlNGBzxllA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6955ea825de61772-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 27 Sep 2021 15:55:23 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame E353 12 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.framar.bg/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Mon, 27 Sep 2021 15:47:43 GMT
expires: Tue, 27 Sep 2022 15:47:43 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 460
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C46C 783 B
994 B 17ms
16ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b8c43c011efb5286dfe5e82547fe5715935bd14e3253e2f20aeee595d5113603

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kPpcpj/DfmVe3j/syFMOYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.framar.bg/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 27 Sep 2021 15:55:23 GMT
date: Mon, 27 Sep 2021 15:55:23 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-kPpcpj/DfmVe3j/syFMOYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 eMI_14UsC1j.css
www.facebook.com/rsrc.php/v3/y2/l/0,cross/ Frame 2E5C 20 KB
5 KB 11ms
9ms Stylesheet
text/css 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/y2/l/0,cross/eMI_14UsC1j.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2cfb36a98ea4720144a3f1a41a94f911e786656d0837cb9b55bada97f34806b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fb-debug: qLiW04wePl5/LP5RRHiwh6eHQrF/bj647w0bJyvvF4Fe7Uh2kwWNZA+ECKFRJmJAH47zy8SeyD08bG8qFLBYIg==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: IH4OjL0Ad5N8btp7YUgz0w==
date: Sun, 26 Sep 2021 14:33:20 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5174
x-fb-rlafr: 0
expires: Mon, 26 Sep 2022 14:33:20 GMT

GET
H2 200 FPdNN1TK3wJ.css
www.facebook.com/rsrc.php/v3/yF/l/0,cross/ Frame 2E5C 2 KB
1 KB 10ms
9ms Stylesheet
text/css 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yF/l/0,cross/FPdNN1TK3wJ.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fb-debug: S5dVg9d0HZs6+4xYkzc7emxZkaFClYLNOXRW+WkOAPxxFY0XZ97PQg87Gqs5LVc+EzBclmOinitOYMlLx3spvg==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: qki4Wy05mlz5CwH9oqDKag==
date: Mon, 20 Sep 2021 15:19:43 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 815
x-fb-rlafr: 0
expires: Tue, 20 Sep 2022 15:19:43 GMT

GET
H2 200 CDBUf3L5Iup.js Show response
www.facebook.com/rsrc.php/v3/yp/r/ Frame 2E5C 300 KB
82 KB 11ms
9ms Script
application/x-javascript 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yp/r/CDBUf3L5Iup.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cf8c4e6304712bf09958038528196d87079449c1701c5910859358ff8f175ea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 01:16:22 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 2atFXW942+WxmS3wVGVhHw==
cross-origin-resource-policy: cross-origin
content-length: 83257
x-fb-rlafr: 0
x-fb-debug: HZR9EASflxU13Jnr7AZaA3fcm8dqtVspnxs3EE5Uw4ryw1iSfm97ZCsHYNCPQoB8CNwyPVK8Borga0/icEnAHQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 25 Sep 2022 01:16:22 GMT

GET
H2 200 GG1Y0sYc7My.js Show response
www.facebook.com/rsrc.php/v3/yv/r/ Frame 2E5C 5 KB
2 KB 11ms
9ms Script
application/x-javascript 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

39685db80e880ec9e59c22115c5bcbf76586a95bf618a714d61fc0e5f271fe77

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 15:44:49 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: kw22OIA6eDgOltzbJdNVmQ==
cross-origin-resource-policy: cross-origin
content-length: 1640
x-fb-rlafr: 0
x-fb-debug: VkGxvAfoN8MGGOWCEMjlyPoJuVCoyzmjPqfqp1VDFl7jHSzDJEoEZWjnKZFiwpzf3xB7CzViQObJbWwnu1mUSg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 22 Sep 2022 15:44:49 GMT

GET
H2 200 1kDejkRJZe8.js Show response
www.facebook.com/rsrc.php/v3/y5/r/ Frame 2E5C 64 KB
20 KB 27ms
26ms Script
application/x-javascript 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/y5/r/1kDejkRJZe8.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ea70a4043bfff91a8b7d15650f75dc6d1c8cd81cbd55d02fd67bf99fa4424a5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 15:33:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 6BQZedFiLKoy2f8GQ//+LA==
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com;frame-src *.facebook.com *.fbsbx.com;worker-src blob: *.facebook.com;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy: cross-origin
content-length: 20160
x-fb-rlafr: 0
x-fb-debug: bNbeKdRTpR8MVMleerK/We96dUuI1dUGyFXhtvNhNjfmYc+8pJguuv06pgDGByhpxeCymwjf8g4YfakDd6/H3g==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sun, 25 Sep 2022 15:33:54 GMT

GET
H2 200 LaSaGFy1cqz.js Show response
www.facebook.com/rsrc.php/v3iEpO4/yk/l/en_US/ Frame 2E5C 126 KB
35 KB 27ms
27ms Script
application/x-javascript 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3iEpO4/yk/l/en_US/LaSaGFy1cqz.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6aa40d95ce6aec657a94a1a1cc96404308b573ce189a91f13266f304bdec484b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 21:51:33 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 14MXO6Me+nzpT1RB2KPlCw==
cross-origin-resource-policy: cross-origin
content-length: 35830
x-fb-rlafr: 0
x-fb-debug: 5Jc1aJpbJ4nDKqkFeZ76cp183IfGaX1SUXOyGusATCB9NmIi9T0bMcYTVv1vRmzdVMF3cOEZh0Qsmx10a5nuRA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 23 Sep 2022 21:51:33 GMT

GET
H2 200 e2osLY84fpI.js Show response
www.facebook.com/rsrc.php/v3/y-/r/ Frame 2E5C 1 KB
736 B 27ms
27ms Script
application/x-javascript 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/y-/r/e2osLY84fpI.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

36fde156c21814a89b4b1325805d9c0c0c0136487bcbb0db32c6f799cd4836f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 05:03:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: yi+ktKfsTjXNkCmLZh1dPA==
cross-origin-resource-policy: cross-origin
content-length: 524
x-fb-rlafr: 0
x-fb-debug: 2MfqmGaYYNGYCXhvF+1FhA2xdu0Ck1sQorfE51k4QkOP+Ma4BUe7oWfvjlVWI7NDtyAdmg32blpZdRi06h2cFA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 14 Sep 2022 05:03:32 GMT

GET
H2 200 224217044_4620009458028840_1243062123706612301_n.jpg
scontent.xx.fbcdn.net/v/t1.6435-9/p133x133/ Frame 2E5C 7 KB
7 KB 70ms
69ms Image
image/jpeg 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t1.6435-9/p133x133/224217044_4620009458028840_1243062123706612301_n.jpg?_nc_cat=107&ccb=1-5&_nc_sid=dd9801&_nc_ohc=3u_-q1Cd3CgAX_8pwgY&_nc_ht=scontent.xx&edm=ANSO7JkEAAAA&oh=f520e3c390ce041ba8db069bfb30ed8a&oe=6177D1C9
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 121cd95885d8432c2af06921beeb3eaf57ce962f267c84eeff0822bd7e645cee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-haystack-needlechecksum: 682212908
date: Mon, 27 Sep 2021 15:55:24 GMT
x-fb-trip-id: 2050670934
last-modified: Thu, 29 Jul 2021 06:28:47 GMT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: X-FB-CEC-Video-Limit
cache-control: max-age=1209600, no-transform
x-fb-edge-debug: nz4G5m6z3_JwsD_KRz_5hstBe_K4-RSvzagwVplllwQESCszyWgWfPys_39k64Cj-B2AP4l-dKHLFSewI1m2uw
cross-origin-resource-policy: cross-origin
x-needle-checksum: 1489971796
timing-allow-origin: *
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 7491

GET
H2 200 72328057_2867639713265832_2038704530257870848_n.png
scontent.xx.fbcdn.net/v/t1.6435-1/cp0/p50x50/ Frame 2E5C 4 KB
4 KB 23ms
23ms Image
image/png 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t1.6435-1/cp0/p50x50/72328057_2867639713265832_2038704530257870848_n.png?_nc_cat=102&ccb=1-5&_nc_sid=dbb9e7&_nc_ohc=EMtK_vDQJIAAX8Zuxr-&_nc_ht=scontent.xx&edm=ANSO7JkEAAAA&oh=a317ec82d149dbe73ecbf87f657cfc73&oe=6177440D
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c7520387fc0e%26domain%3Dblog.framar.bg%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.framar.bg%252Ff286fcca1e95128%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fframar.bg&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 7e627d9b02b0b16cac20874e54aeae79db3a625161ada8c1f0e1cf0f72664340

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-haystack-needlechecksum: 1250666995
date: Mon, 27 Sep 2021 15:55:24 GMT
x-fb-trip-id: 2050670934
last-modified: Thu, 17 Oct 2019 11:59:49 GMT
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-FB-CEC-Video-Limit
cache-control: max-age=1209600, no-transform
x-fb-edge-debug: RVodupEVqwhek0hUrGxVoUW6Qglw6hzEh_DVC6UkBy481omsuoufvrBkpsYPjcwSelQHyljGvmWXomP0qTxQMg
cross-origin-resource-policy: cross-origin
x-needle-checksum: 173019089
timing-allow-origin: *
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 4050

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C46C 0
0 88ms
60ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021092101&jk=4009601423321733&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js Show response
pagead2.googlesyndication.com/bg/ Frame E353 35 KB
14 KB 36ms
9ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 10:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20972
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13388
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 23:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Tue, 27 Sep 2022 10:05:51 GMT

GET
H2 200 mOcgOmDDSbN.png
www.facebook.com/rsrc.php/v3/yL/r/ Frame 2E5C 1 KB
1 KB 8ms
8ms Image
image/png 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/yL/r/mOcgOmDDSbN.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/rsrc.php/v3/y2/l/0,cross/eMI_14UsC1j.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3dc936b3c6e476fbbbfea1c5d962f4bee0e3636450608357ffcf9e6e92e0d596

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/rsrc.php/v3/y2/l/0,cross/eMI_14UsC1j.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fb-debug: gRwWhCZC5gX92ucsDmMPDJEmbUbr81iEu4t5REb16l9SHJhn95aKMNJ41991R3O5//PQfLIvMwDSlqG+HyO75w==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 2bKr5oI1XogALo4o3p6kDA==
date: Sun, 19 Sep 2021 05:52:16 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1193
x-fb-rlafr: 0
expires: Mon, 19 Sep 2022 05:52:16 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 92ms
92ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gpt_2021092101&jk=4009601423321733&bg=!2dql2p7NAAZNQyuQTUM7ACkAdvg8WtNtqyd9fzVRbGcKkeAWH1XzTQ_LxrOBa2CORew_0YS-gAJR7wIAAABbUgAAAAhoAQcKAHfnwcv5E93jXSGzDRwTSO-vThtOaTnd4oCA8er6UHehmcw9QiDlLpgy9mPehqOe6UsfohaxbU_AUQLiC9B1a1Jz4kSFoXHUTKKlhrAS6t4uDtNq0DxQchAO6o4c2gXc8NvBBOh4pvXxQ5wkCoNY4RY07kBKTQ8r9ZkCvO6b8_lve54BBjDU3hAp9n3Ju38Xs0wrQwC0467zERXA7yiZC7RhxVFS4hYAeD-JD-1M8ufeC6XsTgAiLQYZJjc01RKqtVieQ3KSy3DBsEjiTabRQCJnr2HC5Et8HfRpr1cdRrVhUqs6JDurja0Hsyzq-EZR1ewOfGfWwBtux2TM4RTt0hUeJdJ8c2OnOBcqbtwdllMymc_H41l_AgMXMuOFXrKa4QKSdwL_faRC_ywI9QQkEJAUfKPuq5W-mkrL87i-HqXciRDufXwIdCQVy1147q-nSkgXnIFGllmI2CJXDGfj-EcgtfUUptZ4d4nF45I4JKrpLldnmMoGM7ARBuWAwmmtoSfUm8BLddHu-uUvrmAo35vJACptFwWlqIjlMscr09fl0vVrIxi5-EE7P9hgTjwdDJSQuEHjs8ByGdBqGEKZwTG2Qne_Vfyh0H0PD7Bh0Dl9uMP8DsyyXGJHEmzVzoh7hOUNGGEk8QcY6EnZE998H3ZMCZVCIBRDfNWJKIkzKTzCNSwzek9B5AcFagSfv1sHVY-pylOBy63yI5MsE41gHbhKhYm7pHhuMTpSt3OD-y01PdlNv1jNJKnEhlWDNJ8-FndECxYGCu74_PYOon8HOafBCJMgA1e629ld7II8x08Jz0Dzvc0XmYZpdKC0IUnNyHh9JGhVp2WLIIyek_hKZzVWMAithEZjn0Wx55i5t0hxX7fsm-MzrfiPNlS8wQQi2LQCOWn_hZeUlhGrp_wdtiej1barR9uCcOUdSua1Lpx5uQPqDA3EvtP6Zlwi_OgQfCyghvjl-IT7UqZnluc2SgoqTJlYbGdhh6Xz16N4BalCSQCwaNMys0ELRc8EB7vj3-TntlG8pnw34hDVM_IM1JlFWqTtEWn3lCAd-m8nwxsVD1R1cgEzOvPH89HfdnZRGk7UsA4gzdk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.framar.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 633D 42 B
174 B 28ms
28ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssRquGSCmaioBAPHZmNnRbIwNAp-99qtAMvLZgI1W2JF6K3UVpUHMxwaKT3GeGrvuvGRg1wwonxs-kALKKNmEOD4w&sig=Cg0ArKJSzDaT8q3sJpnIEAE&id=lidar2&mcvt=1000&p=256,1000,856,1160&asp=307,1000,907,1160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210922&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=782357956&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1632758123025&rpt=281&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame E990 0
150 B 36ms
13ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=90304900188436503168686011730030&a=a11b6dcd&vb=v
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=90304900188436503168686011730030&a=7f093c78
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/request_content.php?s=90304900188436503168686011730030&a=7f093c78
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 27 Sep 2021 15:55:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H2 200 /
track.adform.net/serving/unload/ Frame E990 35 B
469 B 19ms
18ms Ping
image/gif 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6272554243926335284@@49615354,2019078646268018134,100|1175|0|0|0|0|0|0|0||59|1|||||1|0|0|gW3DzB1CeTJcPlakbYq96RScMMPs0vN_w2KURbgeimLMrn2bCxmIjom3nyX34Xgm0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900030.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 27 Sep 2021 15:55:25 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900030.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.framar.bg/	1970-01-20 15:03:50	Name: __utma Value: 24869737.1014289140.1632758123.1632758123.1632758123.1
.blog.framar.bg/	1969-12-31 23:59:59	Name: __utmc Value: 24869737
.blog.framar.bg/	1970-01-20 01:55:26	Name: __utmz Value: 24869737.1632758123.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.blog.framar.bg/	1970-01-19 21:32:38	Name: __utmt Value: 1
.blog.framar.bg/	1970-01-19 21:32:39	Name: __utmb Value: 24869737.1.10.1632758123
.doubleclick.net/	1970-01-20 06:54:14	Name: IDE Value: AHWqTUkbE3dlSKqFjVxoUvo0TSRdApW5ywg54zKutEc91LSrFhA3MpmH1_95M82JXRY
.framar.bg/	1970-01-20 07:01:26	Name: __gfp_64b Value: qofaMb9vKIMg70fSwq92KT1HVupB6Gb26SIE1AbzNxL.M7\|1632758122
.doubleclick.net/	1970-01-19 21:32:39	Name: test_cookie Value: CheckForPermission
.mathtag.com/	1970-01-20 06:18:14	Name: uuid Value: c1576151-e96b-4101-a444-97783f93e57e
.framar.bg/	1970-01-20 06:54:14	Name: __gads Value: ID=d254180d5ebc30e6-226ec77661c900d1:T=1632758122:S=ALNI_MbOALZM6SX1vchYCWyFvQu7NnmIqw
.hit.gemius.pl/	1970-01-20 07:01:26	Name: Gtest Value: KlGhVRXGQMGG50AA2nmtrFoissGMXP8c25nSG931EeKWM5eSQRtF7IxtXMbG
.hit.gemius.pl/	1970-01-20 07:01:26	Name: Gdyn Value: KlGdGMXGQMGG50AA2nmtrFoissGMXP8c25nSG931EeKWM5eSQRtF7IxtXGySssX6nsGfGnZfHQ2xx1GgxcxSD8CBI8l8MG..
.mathtag.com/	1970-01-19 22:15:50	Name: mt_misc Value: mt_bt:1
.adform.net/	1970-01-19 22:15:50	Name: C Value: 1
.adform.net/	1970-01-19 22:59:05	Name: uid Value: 3912691423102835621
.adform.net/	1970-01-19 21:42:42	Name: TPC Value: 1632758123571

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.googletagservices.com/tag/js/gpt.js(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/tag/js/gpt.js(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062917, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5602a72fb805fc2cdef3b7fd0304e6c5.safeframe.googlesyndication.com
adservice.google.com
adservice.google.se
ajax.googleapis.com
blog.framar.bg
connect.facebook.net
gabg.hit.gemius.pl
hal9000.redintelligence.net
hal900014.redintelligence.net
hal900030.redintelligence.net
img.rating-widget.com
ls.hit.gemius.pl
pagead2.googlesyndication.com
pixel.mathtag.com
rating-widget.com
s1.adform.net
scontent.xx.fbcdn.net
secure.rating-widget.com
securepubads.g.doubleclick.net
ssl.google-analytics.com
static.framar.bg
stats.g.doubleclick.net
sync.mathtag.com
tags.mathtag.com
tpc.googlesyndication.com
track.adform.net
www.facebook.com
www.google.com
www.google.se
www.googletagservices.com
136.243.149.243
138.201.63.164
142.250.184.194
145.239.237.56
176.9.26.250
185.29.134.248
185.29.134.249
2.18.233.201
2606:4700:3031::ac43:990b
2a00:1450:4001:802::2002
2a00:1450:4001:809::2008
2a00:1450:4001:80e::200a
2a00:1450:4001:810::2001
2a00:1450:4001:810::2003
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:831::2001
2a00:1450:400c:c01::9c
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
37.157.6.234
37.157.6.252
78.128.6.34
79.124.75.51
00d0e87df1767e087a6c8ffc53cfc38b0917b9d6ea7e341e897fd03e914a485e
032acc2a9dcbf16a63dd2f305e89891bf60e22b6c29674a9462c74a810aefe8b
049e856551a42d1fbd2474d86aa75381d97296faf40c139b116545551539ae14
04d1a12d4f74027df393c50083fe441453361a2bb2c2446f89f439e641b11ffe
0567f4050b249f1d1ba225ac6675a3bd439a4c20acfc8ba122f951ad9d0b6ca2
060b8754b51c5e156fb80a242948ee95397441a7ac619a750c1b77cc10f00daa
06a9ef06d7f43dd23bf5213842b18e005e0a69753c3f41d2bfad9dd345ec6a10
07f313d7a1f3b5c7ae406837c76c1a2ba16b4737a3e35c6117b4ec29c91cb9d4
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0c599132d05d8cca269a3f76478c23cc879cc7cd7aa2c24403c3674ea3e181ee
0d4a998b05253d057fe846922c70a77ae0e3253f657397355ae7d2d9c7d76200
121cd95885d8432c2af06921beeb3eaf57ce962f267c84eeff0822bd7e645cee
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
15dbb0147ef3005cea245418e3e67701403476742d8b8c2876140a39f0b15cce
16266fea0140a733164bdf07577dd9c8602d7dbef9180b9601dd8c7b2e608ad2
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
21e1e8072969583ab092d04d48702416f59bc9a29eee8e8eb6827fefcfe52064
247f1fe604ab9c3fc20d0a19e277e2206c6f4bdbbd7cf144d463476a13400de2
25dac4c91e515d1d192eba006b78cfd1950f24d1839837c02fc7034146480f2b
272ae700ded1eb5d845c9bd9e69c13dbd02df86bbd48a57a6bbd082d410c9dd4
27b770039999c2b072b572c8d424bba92178fa6b15675da293118f47cf3e8862
29c9e8752f25b17961e3c6ff72de34b1f1a157dfc5fabb68bd148b8ec9002b17
2cfb36a98ea4720144a3f1a41a94f911e786656d0837cb9b55bada97f34806b7
319cfe60bbe92497d3ad526fb4b252ed14f9f3e64e7493712382fba2ac21d97f
36fde156c21814a89b4b1325805d9c0c0c0136487bcbb0db32c6f799cd4836f9
3702083fb2f5e20e0b04aca6996045660832d19135ad7d102e7178d7018da604
39685db80e880ec9e59c22115c5bcbf76586a95bf618a714d61fc0e5f271fe77
3a7ad5974f3d165d1a83149795afe792e241b0e6a41078c6e14bcecc5449934e
3afb261f4ceb689b949234e10d221e5200979ea78938ee0017be4988c455fc03
3b8cf03e285c4769ecd4846317d0747abead6a0e779608f9d90e5065a1150388
3dc936b3c6e476fbbbfea1c5d962f4bee0e3636450608357ffcf9e6e92e0d596
46b87af3a3c61bb3ef62693dd94d3737314383be8825e3ce0f7ad4c3a7bdb442
4877edd3f00cede4caf41008365a69f6b8d33a8d4719c3c610d741fa7fc9b1a8
48d77b6088472a9974d20860c48d79a7c3fba24cebe39fadef071927961ceecd
4991611448fbb90eb2e5ba4b56979809b6d1e96931e79d731267d3881033a808
4a7cfa865bfec3e906f379a7a228c02316d9d859fe6e53abe9696103b0cb618a
4c5325edabfb7a618fea7fb98d21d0940c941d4533c4e337923515685808a056
4e6a180704c9c12821c51830e8f0937dde9f97b2186af85f08914aa5ae43d3f9
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5014b653d557b34e182c9d5352057029ff75ea8005ee7c37d65bd2bd3ae76bee
51fcde2bf09b7bf5856092c90d73c7b8e064fc92213a34ca0f7d22362e6df249
580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0
5ab5b66b7a9e4464ef09ef2aaa5d25b55b01dc879e93459bdd31c05d7591b0de
5c95b7ae9972bc9c9da2fa44ba13d8c2198a2e588e2138cf2688d594c8921eab
5d3fbe3c8d35db71a45f86f973e32aebf28c72dfdaa6a5ca75b1638048f6a85e
5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67
6200ed57e15fd22b62a16ac8874f593badd2dfd43d1d09a9282861ee1919f6ed
645a8c715ae7c537a08f043476f70d9810adcbd201b54b28274b1a8986c13a91
67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429
683c015beb1c6fb1bb2716ec50905b5aa6a5aaa7592a738b5c57835795b30f9a
6aa40d95ce6aec657a94a1a1cc96404308b573ce189a91f13266f304bdec484b
6f47d72a572a58a73f14b4255bde5f747994fb2e29b2c0cda1b594568661f04b
718e19e18e377c005e2ec5cea173901d271621afd6c37db862f682e961b2f185
72e9dedad5ae1d6fc10bc3d710107804132b2f5848a034c7daf968d1dc53ac1d
74d3670d23e0bfd7571d066cb1f2a803c955b1933ad3ef55e6cf984229616599
764eeb60237503651e47fe9c91b2eb64f6c295e91be8f1ab43661b0d5bfb9153
7e627d9b02b0b16cac20874e54aeae79db3a625161ada8c1f0e1cf0f72664340
81b1c2a11b7001d672682602e68d6e80036d5382584e11e09e837117f1395375
8263864e18c9b475b1d046c835fcb0f3cd2d2e2109621879724404d8f17ed47e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
89d4713d88d3c69ce516d9c8e5c2c98b7ffaa9e9e7b2aa2fd5998030b750f303
96b7bba855322a2941aa6bf7c1aeeaef9cb5664d7eecd0cd7aab409f508efc76
98a699731c610862652626d10baf9444f26aa5c462649daca0e5afc682a9fb7c
99a336d42e4e130971fac5e498ac76a43d12fd0acb56a846543dfaa37eccb67c
99b8ec433ee676f10c7d0daa94f90a619c5a71c1974b2126c148bdc17c22ffe3
9cddc4e1c7049c1e45ebb678a8a47bb3b67dfa86009c877de6a9e6da0cfae474
a221432bdb6cee7662efcdcc6db94a1304406478b7993d35f2e23ee192ceb074
a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc
a3a165a460b0592c69d79581aa275553bd9d5b7f4902e806be2935d7797de229
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8f93563142940bae03d6f127114aae69df43edffab854a5b0db4fedb0460f35
abc28c593dc0febddc150d704ca89470805e579a275371dfd3836f6193031e9c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a6c943b6e570d1e8d703314b879cd72a35a36dc23918e95d6203c1d47c3f5d
b8c43c011efb5286dfe5e82547fe5715935bd14e3253e2f20aeee595d5113603
bace408808ff965f81de29eeef9f592fcf11782c98569cad61a36a3b754f37ac
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
beb017f0576502c8b43a899338e628ac628c0c43250204c5dba9e9fc0c32aa9b
c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442
c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809
c615eff1eb627d828c98cde652398c51402e58944265ea95aec8ec1a42a9b532
ca6220fe53c27fcec42dc41b8d428d5f7c8e4d9da4d7872218ea5fcffea8011a
cdf6b7278a300475be00981f6dbad9934239c87bba1500970d4269079889109f
cf8c4e6304712bf09958038528196d87079449c1701c5910859358ff8f175ea8
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d8144ce2cd5918de3beabc8fd113ab560103033fae3956e093b688cda5732a50
d835122a58bf56f6fd417806aa9126438c1ea14b73f18f8c38cf3f7a637bc99e
dd19215106d1bee1b9d13937997f17e1938a743f1a8cf7d7f793ab9534ddcc47
de179e4170de586abf6c3934f291f1a7aa904b38920fb8fde6c38cb33f128fce
de78f750f3c041a42bcd84036332a98521ae8021f6278af8fb02d1a8a1516770
e03cf26b650a6c1052cded32b05ea62a881ca97176f9768610d6851d580cb305
e13a3ed7d22b0ef85e03407887656f25feee70cc56a4a8c79587e38c17890a9f
e19d213c057942a2e0ae03e3dc048e9810632519ca0ccddd102b8c5b7fc7fca1
e2104cca4a08657614070caf72abb0e42c3e34f106463eceb3177584eb607057
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48ea662d2d2521888344e663b744ba91b204a2111ea21a5132cd005fdd37a6f
e59e11a99ff5a121a7721118576c3585bb56dea52dea2ca5b0d6e7501b585937
e939e3688103948801e186b915eead597887fc415b87a01eca5fc6f8d546706c
ea70a4043bfff91a8b7d15650f75dc6d1c8cd81cbd55d02fd67bf99fa4424a5b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f11bdfabaec3862d1e1a679b6c9257c93502abc17d50e84918fc46cd7b3bebad
f1d64e0044ed2dc808e57c89afb4979f87cdd831eeac3d8fca865d96dec3e1e0
f32df4b3645f2baeebff032ae43d264559635157cccc4b6b9c97f1080ab3fbed
f3e7d36c9762ace05eeb674b0cbb72e5a6b5a35c9d58b44e257c781135f01a2c
f5392240b17a6fd3e3b2a8cfdd5460bf031ddd3bf708a239b737649366ec3d30
f7f707142165d60ade0950a81377cc4aaaa6dad34797917182c7101a720793fc

blog.framar.bg Open in urlscan Pro 79.124.75.51 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

131 Requests

100 %HTTPS

54 %IPv6

16 Domains

30 Subdomains

26 IPs

7 Countries

1247 kBTransfer

3139 kBSize

16 Cookies

49 Outgoing links

Redirected requests

131 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.framar.bg Open in urlscan Pro
79.124.75.51 Public Scan

Screenshot
Live screenshot

Full Image

131
Requests

100 %
HTTPS

54 %
IPv6

16
Domains

30
Subdomains

26
IPs

7
Countries

1247 kB
Transfer

3139 kB
Size

16
Cookies

131 HTTP transactions
4 data transactions