glossy.espreso.co.rs Open in urlscan Pro
185.80.68.6 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://glossy.espreso.rs/
Effective URL:
https://glossy.espreso.co.rs/
Submission Tags: falconsandbox
Submission: On June 17 via api (June 17th 2021, 2:18:15 am UTC) from US

Summary HTTP 191 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 47 IPs in 8 countries across 30 domains to perform 191 HTTP transactions. The main IP is 185.80.68.6, located in Serbia and belongs to PROVIDUS-AS, RS. The main domain is glossy.espreso.co.rs.
TLS certificate: Issued by R3 on May 28th 2021. Valid for: 3 months.

This is the only time glossy.espreso.co.rs was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	185.80.68.6 185.80.68.6	43191 (PROVIDUS-AS) (PROVIDUS-AS)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	185.80.68.11 185.80.68.11	43191 (PROVIDUS-AS) (PROVIDUS-AS)
1	2606:4700:20:... 2606:4700:20::681a:e1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:210... 2600:9000:2104:600:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
1 5	87.237.206.234 87.237.206.234	51859 (MNSHA-AS) (MNSHA-AS)
3	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
8	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1	13.224.195.50 13.224.195.50	16509 (AMAZON-02) (AMAZON-02)
4	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 4	137.74.0.158 137.74.0.158	16276 (OVH) (OVH)
3	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:210... 2600:9000:2104:ce00:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:20e... 2600:9000:20eb:5200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	51.159.89.0 51.159.89.0	12876 (Online SAS) (Online SAS)
1	54.208.245.148 54.208.245.148	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1 2	52.51.10.244 52.51.10.244	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
12 18	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
6 14	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
7 11	185.33.221.89 185.33.221.89	29990 (ASN-APPNEX) (ASN-APPNEX)
15	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
2	138.201.64.38 138.201.64.38	24940 (HETZNER-AS) (HETZNER-AS)
3	52.18.40.16 52.18.40.16	16509 (AMAZON-02) (AMAZON-02)
1 5	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
2	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2	52.207.123.8 52.207.123.8	14618 (AMAZON-AES) (AMAZON-AES)
3	138.201.63.145 138.201.63.145	24940 (HETZNER-AS) (HETZNER-AS)
2 4	142.250.185.134 142.250.185.134	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
2	85.114.131.234 85.114.131.234	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:28::c	15169 (GOOGLE) (GOOGLE)
191	47

17 185.80.68.6 (Serbia) 1 redirects

ASN43191 (PROVIDUS-AS, RS)

glossy.espreso.rs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glossy.espreso.co.rs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.80.68.11 (Serbia)

ASN43191 (PROVIDUS-AS, RS)

www.adriamediacontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:e1f (United States)

ASN13335 (CLOUDFLARENET, US)

static.cleverpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2104:600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 87.237.206.234 (Serbia) 1 redirects

ASN51859 (MNSHA-AS, RS)

gars.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rs.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.195.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-50.fra2.r.cloudfront.net

pym.nprapps.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 137.74.0.158 (Warsaw, Poland) 2 redirects

ASN16276 (OVH, FR)
PTR: ovhpl8.host.hit.gemius.pl

alt.adocean.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alt.hudb.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2104:ce00:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:5200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 51.159.89.0 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: www.kurir.rs

www.kurir.rs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.208.245.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-208-245-148.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.10.244 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-10-244.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.185.194 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2.18.234.21 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.33.221.89 (Amsterdam, Netherlands) 7 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.201.64.38 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.38.64.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.18.40.16 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-40-16.eu-west-1.compute.amazonaws.com

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 78.46.23.46 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal900023.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.207.123.8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-123-8.compute-1.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.63.145 (Lingenfeld, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.145.63.201.138.clients.your-server.de

hal900010.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.134 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.131.234 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21038.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:28::c (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r6---sn-4g5e6nes.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	googlesyndication.com bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	226 KB
35	doubleclick.net 14 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net 5994599.fls.doubleclick.net	243 KB
19	2mdn.net 1 redirects s0.2mdn.net gcdn.2mdn.net r6---sn-4g5e6nes.c.2mdn.net	269 KB
16	espreso.co.rs glossy.espreso.co.rs	599 KB
14	casalemedia.com 6 redirects dsum-sec.casalemedia.com	12 KB
11	adnxs.com 7 redirects ib.adnxs.com	11 KB
10	redintelligence.net 1 redirects hal9000.redintelligence.net hal900023.redintelligence.net hal900010.redintelligence.net	18 KB
8	gstatic.com fonts.gstatic.com	245 KB
7	adsafeprotected.com 1 redirects fw.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	130 KB
7	kurir.rs www.kurir.rs	137 KB
7	google.com www.google.com adservice.google.com	929 B
5	googletagservices.com www.googletagservices.com	177 KB
5	gemius.pl 1 redirects gars.hit.gemius.pl rs.hit.gemius.pl	12 KB
4	facebook.net connect.facebook.net	173 KB
3	facebook.com www.facebook.com	473 B
3	google-analytics.com www.google-analytics.com	19 KB
2	contentspread.net cdn.contentspread.net	106 KB
2	quantcount.com rules.quantcount.com pixel.quantcount.com	811 B
2	hudb.pl 1 redirects alt.hudb.pl	593 B
2	adocean.pl 1 redirects alt.adocean.pl	617 B
2	google.de www.google.de adservice.google.de	272 B
2	consensu.org quantcast.mgr.consensu.org	66 KB
2	googleapis.com fonts.googleapis.com ajax.googleapis.com	32 KB
1	chartbeat.net ping.chartbeat.net	201 B
1	chartbeat.com static.chartbeat.com	14 KB
1	nprapps.org pym.nprapps.org	3 KB
1	quantserve.com secure.quantserve.com	9 KB
1	cleverpush.com static.cleverpush.com	38 KB
1	adriamediacontent.com www.adriamediacontent.com	12 KB
1	espreso.rs 1 redirects glossy.espreso.rs	94 B
191	30

	Domain	Requested by
24	pagead2.googlesyndication.com	securepubads.g.doubleclick.net bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
19	tpc.googlesyndication.com	bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net
16	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net
16	glossy.espreso.co.rs	glossy.espreso.co.rs
15	s0.2mdn.net	glossy.espreso.co.rs s0.2mdn.net
14	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
11	ib.adnxs.com	7 redirects googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com glossy.espreso.co.rs
8	fonts.gstatic.com	fonts.googleapis.com
7	www.kurir.rs	pym.nprapps.org www.kurir.rs
5	hal900023.redintelligence.net	1 redirects bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com hal900023.redintelligence.net
5	www.googletagservices.com	securepubads.g.doubleclick.net bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
5	bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	5994599.fls.doubleclick.net	2 redirects glossy.espreso.co.rs
4	securepubads.g.doubleclick.net	www.adriamediacontent.com securepubads.g.doubleclick.net glossy.espreso.co.rs
4	www.google.com	glossy.espreso.co.rs bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com tpc.googlesyndication.com
4	connect.facebook.net	glossy.espreso.co.rs connect.facebook.net
3	r6---sn-4g5e6nes.c.2mdn.net
3	hal900010.redintelligence.net	hal9000.redintelligence.net hal900010.redintelligence.net
3	static.adsafeprotected.com	bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
3	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
3	www.facebook.com	glossy.espreso.co.rs
3	www.google-analytics.com	glossy.espreso.co.rs www.google-analytics.com
3	gars.hit.gemius.pl	glossy.espreso.co.rs gars.hit.gemius.pl
2	ade.googlesyndication.com
2	cdn.contentspread.net	hal900023.redintelligence.net hal900010.redintelligence.net
2	dt.adsafeprotected.com	bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	glossy.espreso.co.rs
2	hal9000.redintelligence.net	bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
2	fw.adsafeprotected.com	1 redirects bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
2	alt.hudb.pl	1 redirects glossy.espreso.co.rs
2	alt.adocean.pl	1 redirects glossy.espreso.co.rs
2	rs.hit.gemius.pl	1 redirects glossy.espreso.co.rs
2	quantcast.mgr.consensu.org	glossy.espreso.co.rs quantcast.mgr.consensu.org
1	gcdn.2mdn.net	1 redirects
1	ajax.googleapis.com	hal900023.redintelligence.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	pixel.quantcount.com	glossy.espreso.co.rs
1	ping.chartbeat.net	glossy.espreso.co.rs
1	rules.quantcount.com	secure.quantserve.com
1	static.chartbeat.com	glossy.espreso.co.rs
1	pym.nprapps.org	glossy.espreso.co.rs
1	secure.quantserve.com	quantcast.mgr.consensu.org
1	www.google.de	glossy.espreso.co.rs
1	stats.g.doubleclick.net	www.google-analytics.com
1	static.cleverpush.com	glossy.espreso.co.rs
1	www.adriamediacontent.com	glossy.espreso.co.rs
1	fonts.googleapis.com	glossy.espreso.co.rs
1	glossy.espreso.rs	1 redirects
191	49

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.youtube.com
www.instagram.com
stil.kurir.rs
www.kurir.rs
www.elle.rs
www.lepaisrecna.rs
www.newsweek.rs
www.lovesensa.rs
www.nationalgeographic.rs
www.stvarukusa.rs
www.yumama.com
www.wanted.rs
www.espreso.co.rs
www.navidiku.rs

Subject Issuer	Validity	Valid
espreso.co.rs R3	`2021-05-28` - `2021-08-26`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.adriamediacontent.com R3	`2021-06-03` - `2021-09-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-12` - `2021-08-12`	a year	crt.sh
quantcast.mgr.consensu.org Amazon	`2021-04-24` - `2022-05-23`	a year	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2019-09-11` - `2021-09-24`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
pym.nprapps.org Amazon	`2021-05-06` - `2022-06-04`	a year	crt.sh
*.adocean.pl Sectigo RSA Domain Validation Secure Server CA	`2020-01-27` - `2022-02-05`	2 years	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
www.kurir.rs R3	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2020-09-09` - `2021-10-09`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
redintelligence.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
contentspread.net R3	`2021-06-04` - `2021-09-02`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-06-08` - `2021-08-17`	2 months	crt.sh

This page contains 23 frames:

Primary Page: https://glossy.espreso.co.rs/
Frame ID: 51E9EC25E4D1B8DA713FAAAA73D2C9F5
Requests: 65 HTTP requests in this frame

Frame: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
Frame ID: 651CA2A09F35A43F4DFE908EE9E55EED
Requests: 7 HTTP requests in this frame

Frame: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E3C10830EB31510F8170B87290B29A08
Requests: 12 HTTP requests in this frame

Frame: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C6F5A072043DA948D7DA9C845C7BEE76
Requests: 14 HTTP requests in this frame

Frame: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6F7FACC5B3AE823944CD45070051D148
Requests: 17 HTTP requests in this frame

Frame: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 144277A1EA99627D0F161A35B0A35C0E
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWxNOs2lCEarN7pTZvG8MltpeGy64aNY-Mn3tofvbnrp3ltGlfWbxvzsObAGDNBmiRmaRiLqRHxc42gIJbY4uFaFFonP9X80eEEI6euecP8fb3JgdmyPVF0nNBaTyKqMLxjm8G4Yxkx58Uh_bI8SuO-sJOjFY6ayZtX5Ezzmq5T_aIFKIM
Frame ID: A99EDE4A79D2D05279228A5BA97E6411
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzg5AEQxrjnARjTwMWiATAB&v=APEucNViQNJiNDzXiZPOonzAidUgYvYJNxKvxhNe0OERG9XM8tSOAN3b-p7GIIrAea6n-IaiFZwcPfhNA2LhYEOZoT47HMLkYVpqeefdkZd6sCUDXDDkJ6EK74pqMBqEbOVHWPiDFtTfuFLjbSnPCt13WCgcKQo73xMFkFRkWIarIsAGtK8BI5I
Frame ID: 9A99190B742E38C1726D347C39C86A89
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOW9wIQ7ubZ-gEYnoH9rAEwAQ&v=APEucNUBcaZxNurEv1otdT-z29blx7Hv-to1s5qaJB0MOdzbAhUCgp9S_TeSfGthMjBidX9XIEdIh6E_ar5ZldR1xRdZ7RnsQNYa03EGq7wuGGVnAQTpX2gg_-ahKEBPOYZMzf8hbgLZ3PakVQZfi_nyvQLaLIMRNKBZRtWGtmPsxiNISc7Cc4w
Frame ID: A0E97B2308047C9D310002BE3153D5D2
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWcdSHJ-HtE5bbV0yr09zaZLdVPr1bNYDhukcCAZzjw4YTDUjKJzXPIpmzVZ1haZKX666eay5NGmoBKGb8oKu4SinIvn8mYQixRQu-KRFuwUGejsRA4bBiWMUZmFSFi6qHhgRRmJIhKVPCb9sTBP8PjYUufEHt31tUFKggAmwqMEZWshqw
Frame ID: D2AE6AD16584B3B564F2B1AC7F839827
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Frame ID: E868D1B5C23580D783CE8EF66B4F8189
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BBC6AB05816E73884CD66C42371B4101
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 658BE0BA0C5CB1CDC473625F8EB41DAF
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 545CAEA7B00AE35485DB466F3A2D2A2D
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.5.js
Frame ID: 0FED8C492DAF00A546CC7B8D2DE13685
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8CAAB5352E34BC898D0E2F900841EF37
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2
Frame ID: F52BC52B7F7D2448F5932641BB06086E
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B54FF41E59C26483273EDC6E93DAC440
Requests: 3 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45
Frame ID: 5888923B48ACD5B16AC773A540BC62F2
Requests: 2 HTTP requests in this frame

Frame: https://hal900023.redintelligence.net/request_content.php?s=57431900011982200710612011628023&a=0e6cc936
Frame ID: C02C355B53856AF51B61BEDF78DC3CC9
Requests: 6 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935
Frame ID: E966C3EAD652EA714A45933BBCE48377
Requests: 2 HTTP requests in this frame

Frame: https://hal900010.redintelligence.net/request_content.php?s=80906300010186500710624011628010&a=61d6b381
Frame ID: DC09D9108883C668D698BE8EFA9EC6EB
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js
Frame ID: 4A76689289A036A7FA21014165FCC265
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://glossy.espreso.rs/ HTTP 301
https://glossy.espreso.co.rs/ Page URL

Detected technologies

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /chartbeat\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Gemius () Expand

Overall confidence: %
Detected patterns

script /hit\.gemius\.pl\/xgemius\.js/i
script /hit\.gemius\.pl/i
script /xgemius\.js/i

Page Statistics

191
Requests

99 %
HTTPS

57 %
IPv6

30
Domains

49
Subdomains

47
IPs

8
Countries

2537 kB
Transfer

6146 kB
Size

11
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/glossy.rs/

Search URL Search Domain Scan URL

URL: https://twitter.com/glossy_rs

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCdyMbH4JckymM38HzUugwsA

Search URL Search Domain Scan URL

URL: https://www.instagram.com/glossy_rs/

Search URL Search Domain Scan URL

URL: https://stil.kurir.rs/sex/ljubav-zavodenje/153417/otkrivamo-vam-ono-sto-oni-kriju-kao-zmija-noge-15-stvari-koje-svaki-muz-krije-od-svoje-zene

Search URL Search Domain Scan URL

URL: https://stil.kurir.rs/porodica/enterijer/128287/emili-ratajkovski-zivi-u-kuci-od-milion-i-po-dolara-mesavina-moderne-umetnosti-i-starinskog-stila-foto

Search URL Search Domain Scan URL

URL: https://stil.kurir.rs/lifestyle/153415/toma-zdravkovic-pevao-je-o-mnogim-zenama-ali-zabranjena-ljubav-ga-je-unistila-pricao-je-o-njoj-suze-su-mu-tekle

Search URL Search Domain Scan URL

URL: https://stil.kurir.rs/trpeza/recepti/153407/slatko-od-visanja-po-receptu-nasih-baka?utm_source=glossy&utm_medium=web_home&utm_campaign=adria_internal

Search URL Search Domain Scan URL

URL: https://stil.kurir.rs/porodica/enterijer/153391/ako-ovako-zalivate-sobne-biljke-unisticete-ih-zlatni-savet-da-cvetaju-i-listaju-kao-lude?utm_source=glossy&utm_medium=web_home&utm_campaign=adria_internal

Search URL Search Domain Scan URL

URL: https://www.kurir.rs/?utm_source=glossy&utm_campaign=footer_link&utm_medium=link

Search URL Search Domain Scan URL

URL: http://www.elle.rs/?utm_source=glossy&utm_campaign=footer_link&utm_medium=link

Search URL Search Domain Scan URL

URL: http://www.lepaisrecna.rs/?utm_source=glossy&utm_campaign=footer_link&utm_medium=link

Search URL Search Domain Scan URL

URL: http://www.newsweek.rs/?utm_source=glossy&utm_campaign=footer_link&utm_medium=link

Search URL Search Domain Scan URL

URL: http://www.lovesensa.rs/

Search URL Search Domain Scan URL

URL: http://www.nationalgeographic.rs/?utm_source=glossy&utm_campaign=footer_link&utm_medium=link

Search URL Search Domain Scan URL

URL: http://www.stvarukusa.rs/?utm_source=glossy&utm_campaign=footer_link&utm_medium=link

Search URL Search Domain Scan URL

URL: http://www.yumama.com/?utm_source=glossy&utm_campaign=footer_link&utm_medium=link

Search URL Search Domain Scan URL

URL: http://www.wanted.rs/?utm_source=glossy&utm_campaign=footer_link&utm_medium=link

Search URL Search Domain Scan URL

URL: https://www.espreso.co.rs/?internal_campaign=glossy_footer_link

Search URL Search Domain Scan URL

URL: https://www.navidiku.rs/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://glossy.espreso.rs/ HTTP 301
https://glossy.espreso.co.rs/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://rs.hit.gemius.pl/_1623896277641/redot.gif?id=bVnr24M7JJDtjp3qdxyvFZchT.SgXsSakv3V1jPYkKv.u7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D0 HTTP 301
https://rs.hit.gemius.pl/__/_1623896277641/redot.gif?id=bVnr24M7JJDtjp3qdxyvFZchT.SgXsSakv3V1jPYkKv.u7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D0

Request Chain 33

https://alt.adocean.pl/_1623896277641/redot.gif?id=1_XlneraySw7LL8m2QmY8bdeT.RwIcSaaWLV1n_0kKv.O7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D1 HTTP 301
https://alt.adocean.pl/__/_1623896277641/redot.gif?id=1_XlneraySw7LL8m2QmY8bdeT.RwIcSaaWLV1n_0kKv.O7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D1

Request Chain 34

https://alt.hudb.pl/_1623896277641/repoint.gif?id=10ZL__tKNMmbYXfT6Pa8D7cc.jhwbe86CT6t3N9b9W3.87&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D2 HTTP 301
https://alt.hudb.pl/__/_1623896277641/repoint.gif?id=10ZL__tKNMmbYXfT6Pa8D7cc.jhwbe86CT6t3N9b9W3.87&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D2

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

Request Chain 104

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMqw1unfC--HVncfXU2ZPgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

Request Chain 106

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

Request Chain 112

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

Request Chain 113

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMqw1unfC--HVncfXU2ZPgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

Request Chain 115

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

Request Chain 116

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

Request Chain 117

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMqw1unfC--HVncfXU2ZPgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

Request Chain 119

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

Request Chain 125

https://fw.adsafeprotected.com/rfw/bgd/682666/53792651/xbbe/creative/adj?p=APEucNUBWQNXEx6ehH95aRVInBsxcP8zP4tBIyc34MiShs7Ufl3toDU&d=CnkAoCZ_4Pqml3EotbJO_aSV9c0ZZA7on2zEIsFOqRC4N2oq6X1kmzt8hEYgRXZBSwQNUVOGUt9GrDhSY7Sab6JAJYtVW8rTb9VIpVbL52L3HELPQcmWBWn_meB2bZuW6WunvhLqjcu7rFMgfkPYYzF80vcbRZ9MPbHZErkTAKAmf-CWaFH2D9pSAe_hqcNK-JYxPaiy_vYh8R8ss-WKpfANkbv0lz_dy0pDx0jt9jpaOHPAcMbXIbCpoeubfmmq2suj4uf19RY6mwjJFPIjfhUmGoqMjMMQARplNeHi13J1fxfmhnSog_l9FHPdpw28lKDRqQGSnMpCFuY-gU1HmcGU8zJ-CONg7f6uF8DLk_ILdJzv0JzIjcD0puCqJiEBcI_HFzBpYJrrca3K7nBVSe2kfPooQ-mPvlVuq-mpV6yT4OX-Hj8XpGnz4wGwNU8GH-lXvcr_ifRIKI01yQbW-mCoeqwt2-yu6nrnySEhpnpobdx5BjbD_v-cNQ6IMTGuNVndgiQGvMBCh-TvLKgp7kpEREvZlUivEVzZWUbo60hKYu8UMbgna0nOYB8vrBdB0Bpcx3DRhVvX43-Y6bfn87iLVmvhhmZsG2hPUo1NBN1Xz-9hJ4D0ejrM7s_v4EZNZX_aKOlUFAMST_JtHjb9vQws_PaK3qpoucps7HTw5rj5Mj69SYMkRpm4SGytBUqUiNmA4iBrk5Mx4-6fvnySFHLV-5pmdnq4cXjlUVFEm-zR8mcdi1G9nrxjAewqMUpvY2duoCITCighy1RizdiyDVUjJj0MZNESB8XPNLghFyhVw5Twx1mCbY3wzm-l2jYx1T05LrOnhUG1WzcHeks2X7ZNUswHK4RWCG_VF-SiI1A9lD-D_Ji63fEeyjTszte2pxlL55rRjfwruqqkDbgcU-WiCkqY76NCMaHHGB8QqqbEhv2590UYa-Hr910nw8nIlO1s5YRGB8MCdv7p0tHos__nBss6MOIVRIiM3RHMq4ipHTgSzwFy4A1XmGPkDPcU8xqkHGIJlSf58y0skyRDkqexCPrYeuT6VcIP3NRhBsohENiUfzHSu49oM3Z3uiVzAsaUJLonN3pzLcI33hAWFOwILPAWDEm9OBoYOXQHf8yxIo_8gUMENSY1g6fcqDhmbQVtQGhUXmHtmYTvCPaY-nirm_WtWp1yYR3OHn42WftHypzI0XZiywM_gT4kms8wWnths2X-af8Jr_C-sm7ZnWh2RxKC0Wsk4yYd71qQmpz961Zt_39-d8Sqw3p1-9SgaNaz1xIpSIOjdloyZCtVuaXu0fWSlN8KlaNL_Pl-6uXGheh43Zxw7BbKrsYffTGu8OPHzcTuNL2EVnZRRNKVdOTt6AdZNuhYZKIUsfcJJL2Dt_5z35u2Jyv274rB8LghlkxelukfQtUo2NtqHAmpttbRxo3FODGVF1N9O2YG-696bP9C8SsBOq4TZ-i55p23_fgqFxYQaJrLlgQAsgdh7DRChpVYc4ehoXyB5DeO6fZgV3KhmZ39C0Q-P5em-F6oJBKFM3XSvsDSSco8-FtDbC1iZLy-Srh4ByLjmOlAR7Y24zQbdXd25-etwEVwYfOWDq7e2DHX6hcCJ1ILsNWhCTwp1jQN3xOUedpzT8DLdF64W5hU1v0CiActOQc9HZKaDU5tOT_TjuHSM0CfyUA-xEzjcoPCAR-ygQ6JBqRgdMIXfFUyDAhw2TBPlEoPWRqu7zWHAjPwiDxpGuot7oQ43haXqVLzukYwx01hiHXWPe7hzfLLR1Eaufm0q-FkG5NQ5StKyv60nYusYldm3TkIkdlex09bg6lYODhGQWuqlzv1Nnn0UrjETpMAQwNIj8hEyB5gpreQY4XY2hIxAQH8VHh8LqC4sylC4wmQDUuxA7Lk0QramgAmm6WxEm0C_UWNOdn9DclI6Ri2PhWBXWqjGXi6913lwkk-wWjaj020qVbGBR99FEfgnhw52Fuucf_Ah98dYFQ_phNtjAcfTUwy3eQEYYIFESK6UjD-JCyYnKEabY_rMIuYu98TwK0hpqaFrw4HWWRSxEt4nEMtgw7_M9FZHS0QUpY-hqqtjHYeGpicde4m_FTTGP2Z9NPiRCm1Rot15VZVDnNkkJxuNzCLk0ixARC_donNH5uhnDVW2lVWaqRSF7SuA9X_foQ08wozlz0HwxSUjN_Y8ebwaMeyTkdyW6apObaKJovs8fEeEyP_kzDoxaR-aQZ_Ce8kVq1FOJGq64KM5Ec8GvPMSStdyVaeB5KmOZr7PIAfVCE6cjxBWul4cPYY2IjMMwyEiBr94BlxWAeAp1nq9JioyjCkSLj6LGGykzQrzW1q2Gy2p0QbBE-XdXeIKzzmUG9EXp-r75dYw4rCv7sGVOU_5mrg5DVeEto3tMtq2u38hsDg-QUt18KiS3xO3cLn6X58qwAMo88AuzSt2adsN81wmy4YYaG-66ED2LQks5EhhtidP7vTFE2oH0m8nALthtxrfd66wHhV1UmhPImc_v29-aUj167W_Npox6DLWSmkE0g47PTzlG6dgIMD7I91BBQOprH30xB5TWnXVfw04m-YXhpDjWzGBelqHpHXBTaMNQ6CfoREak-X2pA-CYbAFdh_C2n2nqJIvcioOmmCQl4wi9F94LEMSnACJyAWo8QU2ChEls1jpKZglS1BmxVS4J2sU0oukQbKelDdnhIITN_NMXRcNwaY-yB6vrTxdodplzlkiEHTaV7-bzlFKlUB5-dfxUkEyL5fr0622bNUGtuL3hBnwtNxGD0yV3SaZ6qbzTtxfdKm5UtFC5xo7vIDVF3Vo63Ebkakj3CeA8tRnDiIX4iQlUR_hUSj02ese61JThCzZ_1N8GKOVsubPsG5kqzBCaMoPuJoxdvk7Lf1ROE2LNoSfoPnUBFodGYfvIyDDzHruP0cq4mmaWEmgXQKm97CAXCeFyMfGaaXfWZ54RfZ4EKpvhu33MpXBDpdUvP7K2aOSL60mQjnhj8wx8KboRg2B2g06v1PYHYTRJ3RuTv2XUJhlgWOBTrOgaowdknFvTa2z-zeAZ4fZ8yM7mlEplufMyIPiXD8mJF9I29CFi4hLJVIwCOKC0k1dz_cn868m1Tl-mHRC9QzFW7Z8Mqg6mBjcL5JiCE_ilZnMdKReZnFxgtNpTCJOa1r6nM5YA06-3zdIbsVvADbptTcA6RcbudYOteQMPIwUT3qgh9JIpTR-d75kXklhE5B4F_lex378NPXgkT9_bQgbV-kLNuinSSfgnxSfdFbtv6M33k-vo8zNdIxPKVaTy1Yg54jJ5BKYLR0RqXYVHG8DYYwWcRsbdVms1C8AHXZpTNistNVwGzBwczO2N9m7vw940hcYcB9Rh3R1CY8HAsS-5RWf3h5BQnADCWokREpW-mBzscTfjQcOWE1nlqh3Dr7TNf90MDSLG0SrIpANz5zijD8egFjSHWTGLnaPGKszXufuKSSfv3pWJWFz4m_3yExKqAaGQgAEhXkaGaPSUcFA0-xpOEhnwtU6dgXW51gAQ&adsafe_url=https%3A%2F%2Fglossy.espreso.co.rs%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fbc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fbc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:8158b8cc-dde8-b400-834d-5914204a010f,c:fLhCbk,sl:na,em:true,fr:false,mn:app34ie,pt:1-5-15,br:u,abv:na,an:n,oam:0,nbld:0,fm:sAyrid4+11%7C12%7C131%7C132%7C14*.682666-53792651%7C141%7C142%7C151%7C161%7C17%7C18%7C19,idMap:14*,pl:,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,thd:1,et:36,oid:3bd02675-cf12-11eb-8a02-02b1f7e14db1,v:19.8.206,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/passback_970x250.js

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

Request Chain 128

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMqw1unfC--HVncfXU2ZPgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

Request Chain 129

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

Request Chain 130

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

Request Chain 133

https://hal900023.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=48eccfecf9&subid=&uid=e84308adb601522a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGn_L1bDKYO23OZCK3wOm-ZTID7XN-YNX_Ni5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE2wFP0IyUtq1PT4oiFdsb5vDwoKJD4OfbrnXTqzWeB_I-u1lQ9_l1LU3ZV2Mmgz20VtOWUBtMjoW_6Rp2yNzMOMlz6-02HJPI57EARrvCWR1YmSMiiIuvigy-ZZHjOWTY3kZwUEQMRHeEA97vYcQZZJDUugMDhJwhmWma_8VPnOsU9EyCKdfF37pe1UTbHzqgmFm2IUk2KZ6aL1O4GuMLgIG_R_U9hOK97-YDWBTifcADcN1Ns4sepgfpKM9yi-LczJJXLXDC1J2Xq_47JqNjq81t_MR5B3HTRmJiYfbABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRogy17_2Arf5ZsCms96bC0ZhABtA%26sig%3DAOD64_388InHMPJTcON8ryv8sYYaBIDahA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-ChrXtbpL0_1_aFZi_2v-qArI2Y3X1gWYvijUm1C9QGdVB02cCuXPYLeX0YQfAG6mJrusV7xW_ywxzPDwv_0tvjd5rLNItRUr-sZP0wtQBwbL48enH6ps94YwBeXHnqhIiz83i8w2FCpcvQkG4CKLujuLT9cg%26cry%3D1%26dbm_d%3DAKAmf-CY8zEoUBgc2rnxDFrd4IVXYAiJsWs6fnkh1fCXY3IR3MxD12CAgucf1dc1ulQIKH6_PODHQ1aseQTUfFj24ZY8qZapwWb1-r_Gk71b5ww4siyKmr3a7tF0YaOqQk7DPzIXorGawT6degq11XgMDgFxJuQ8HnwhGB8MwOF6AEaKBrZtYLeECh_u9zBTqPPrc1JSeKu6DRemlV4u3zBukc97EHE87kgAzKK7GpDbw_jkC2nO2qldqHKTWVZQXawmxjlQ2lkYCEh83dKhnPxJZfrRAvthcy9WWXYIfCn2K9J0qG_T5_KDtXgiNOjo6V2vXPMsZ41CCV4dL2pfx5uTO2e7iN27QnwvwQ86E2W5UiKnHpvgc8GNLQoDXqXEN53U3MkeDDWwGtwdjukuScHqvNtBg_ZAVu_pO1Gpby3Ux2Y_qf8pG26nFv1xsHlHyZQ90D7kaD137yTCEpHsekJHmd9S90tsyQ%26adurl%3D&documentReferer=https%3A%2F%2Fglossy.espreso.co.rs%2F&ancestorOrigins=https%3A%2F%2Fglossy.espreso.co.rs&random=4957739080086&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 HTTP 302
https://hal900023.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=48eccfecf9&subid=&uid=e84308adb601522a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGn_L1bDKYO23OZCK3wOm-ZTID7XN-YNX_Ni5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE2wFP0IyUtq1PT4oiFdsb5vDwoKJD4OfbrnXTqzWeB_I-u1lQ9_l1LU3ZV2Mmgz20VtOWUBtMjoW_6Rp2yNzMOMlz6-02HJPI57EARrvCWR1YmSMiiIuvigy-ZZHjOWTY3kZwUEQMRHeEA97vYcQZZJDUugMDhJwhmWma_8VPnOsU9EyCKdfF37pe1UTbHzqgmFm2IUk2KZ6aL1O4GuMLgIG_R_U9hOK97-YDWBTifcADcN1Ns4sepgfpKM9yi-LczJJXLXDC1J2Xq_47JqNjq81t_MR5B3HTRmJiYfbABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRogy17_2Arf5ZsCms96bC0ZhABtA%26sig%3DAOD64_388InHMPJTcON8ryv8sYYaBIDahA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-ChrXtbpL0_1_aFZi_2v-qArI2Y3X1gWYvijUm1C9QGdVB02cCuXPYLeX0YQfAG6mJrusV7xW_ywxzPDwv_0tvjd5rLNItRUr-sZP0wtQBwbL48enH6ps94YwBeXHnqhIiz83i8w2FCpcvQkG4CKLujuLT9cg%26cry%3D1%26dbm_d%3DAKAmf-CY8zEoUBgc2rnxDFrd4IVXYAiJsWs6fnkh1fCXY3IR3MxD12CAgucf1dc1ulQIKH6_PODHQ1aseQTUfFj24ZY8qZapwWb1-r_Gk71b5ww4siyKmr3a7tF0YaOqQk7DPzIXorGawT6degq11XgMDgFxJuQ8HnwhGB8MwOF6AEaKBrZtYLeECh_u9zBTqPPrc1JSeKu6DRemlV4u3zBukc97EHE87kgAzKK7GpDbw_jkC2nO2qldqHKTWVZQXawmxjlQ2lkYCEh83dKhnPxJZfrRAvthcy9WWXYIfCn2K9J0qG_T5_KDtXgiNOjo6V2vXPMsZ41CCV4dL2pfx5uTO2e7iN27QnwvwQ86E2W5UiKnHpvgc8GNLQoDXqXEN53U3MkeDDWwGtwdjukuScHqvNtBg_ZAVu_pO1Gpby3Ux2Y_qf8pG26nFv1xsHlHyZQ90D7kaD137yTCEpHsekJHmd9S90tsyQ%26adurl%3D&documentReferer=https%3A%2F%2Fglossy.espreso.co.rs%2F&ancestorOrigins=https%3A%2F%2Fglossy.espreso.co.rs&random=4957739080086&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1

Request Chain 151

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45

Request Chain 155

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935

Request Chain 182

https://gcdn.2mdn.net/videoplayback/id/1e16a8e083f53fce/itag/43/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3767803046/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/4372681FBB91B0CBB610DD82850534F50D4B618B.9AC7B35544D92F4DFF979086757C0A6FEC5183CE/key/ck2/file/file.webm HTTP 302
https://r6---sn-4g5e6nes.c.2mdn.net/videoplayback/id/1e16a8e083f53fce/itag/43/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3767803046/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/51F8776FAAB3522BAA149BB5D67A979108DBF69A.0815EC3326EC6B5870A93AD6FD9DCCD5C43A55A4/key/cms1/cms_redirect/yes/mh/zz/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nes/ms/onc/mt/1623895957/mv/m/mvi/6/pl/50/file/file.webm

191 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
glossy.espreso.co.rs/
Redirect Chain

http://glossy.espreso.rs/
https://glossy.espreso.co.rs/

115 KB
27 KB

93ms
30ms

Document
text/html

185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 81335cbf9ae8c8097d4198053dba2b587fbb9e0fecebe7ddd46d151090017265

Request headers

:method: GET
:authority: glossy.espreso.co.rs
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:16:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-backend-server: glossy-web1 time for request D=9452
content-length: 26950
content-type: text/html; charset=UTF-8
server: Haste
x-haste-cacheable: YES
expires: 0
x-haste-perspective: desktop
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
age: 58
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq4.itplatforma.com
x-haste-cache: HIT
x-haste-hits: 1
accept-ranges: bytes
x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq4--0

Redirect headers

content-length: 0
location: https://glossy.espreso.co.rs/

GET
H2 200 css
fonts.googleapis.com/ 5 KB
714 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Serif:400,700|PT+Sans:400,700&subset=latin,latin-ext,cyrillic-ext,cyrillic

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d05476160b2e6ab3b268c139f71dcd960449aae386a6b7c7ba330f22f3a12de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Jun 2021 01:25:16 GMT
server: ESF
date: Thu, 17 Jun 2021 02:17:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Jun 2021 02:17:57 GMT

GET
H2 200 main-v-16107096751945.js Show response
glossy.espreso.co.rs/resources/js/ 218 KB
66 KB 31ms
30ms Script
application/javascript 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glossy.espreso.co.rs/resources/js/main-v-16107096751945.js
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 73543b3da479f12c64d510e6483c68283b8990da5888ac5df4f2cc93c669596b

Request headers

:path: /resources/js/main-v-16107096751945.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq1--0
date: Thu, 17 Jun 2021 02:05:49 GMT
content-encoding: gzip
age: 727
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq1.itplatforma.com
x-backend-server: glossy-web2 time for request D=21191
content-length: 66571
x-haste-perspective: desktop
last-modified: Fri, 15 Jan 2021 11:40:43 GMT
server: Haste
etag: "3697e-5b8eed7aed39c-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age = 315360000, public
x-haste-hits: 7
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main-v-16107096751945.css
glossy.espreso.co.rs/resources/css/ 85 KB
16 KB 31ms
30ms Stylesheet
text/css 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glossy.espreso.co.rs/resources/css/main-v-16107096751945.css
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: d3eee9e4ebf3283e4e03867700f591840bb9f2d23ba4b957589b0f88381d28c9

Request headers

:path: /resources/css/main-v-16107096751945.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq1--0
date: Thu, 17 Jun 2021 02:04:42 GMT
content-encoding: gzip
age: 794
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq1.itplatforma.com
x-backend-server: glossy-web1 time for request D=3853
content-length: 15714
x-haste-perspective: desktop
last-modified: Wed, 13 Jan 2021 11:32:19 GMT
server: Haste
etag: "15400-5b8c67dee4b07-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age = 315360000, public
x-haste-hits: 12
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pubjelly.js Show response
www.adriamediacontent.com/js/pubjelly/main/ 36 KB
12 KB 110ms
30ms Script
application/javascript 185.80.68.11
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adriamediacontent.com/js/pubjelly/main/pubjelly.js?pjcbpage=0
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.11 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 5f04c7a08a1212d8162d1eac49de26fae5ae94258da72aab14590cf3c0c7b342

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq3.itplatforma.com(185.80.68.11)/http-in/be_cache_varnish/ha-thq4--0
date: Thu, 17 Jun 2021 02:14:27 GMT
content-encoding: gzip
age: 209
x-haste-cache: HIT
x-haste-debug-backend: amcTHQ
x-haste-node: ha-thq4.itplatforma.com
x-backend-server: adria-amc1 time for request D=5423
content-length: 12155
last-modified: Thu, 17 Jun 2021 01:06:04 GMT
server: Haste
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age = 259200, public
x-haste-hits: 46
accept-ranges: bytes
x-haste-cacheable: YES

GET
H2 200 kTvC4RTe5ySLedKnR.js Show response
static.cleverpush.com/channel/loader/ 154 KB
38 KB 50ms
25ms Script
application/javascript 2606:4700:20::681a:e1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cleverpush.com/channel/loader/kTvC4RTe5ySLedKnR.js
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 517555e17b1360ff89c96cd3416acbd8ff198af435332a62b4ebf951a4a63def

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4968
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: FQA5MFT22X9W4B0J
x-amz-id-2: x9uC8Wk1KEPzwyo1nFX4w1qosICzngduZlj7nISGsjrvO1mSeln6NesWBhT6c17Z9kOIBk/n4PI=
last-modified: Thu, 17 Jun 2021 00:38:26 GMT
server: cloudflare
etag: W/"7460e4343da37dc6dd0b206552200c20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=e6B5mywsRPX7MT5JyInh4NYO3YAaJBnmdSl2nEOT9%2F8UjiqJDF9Y0RlZov6J9hmHFW%2BVI24YNE6GxzyevDdAxCa18A96ye9XUCzXjrIlQGhisYDrolRkXhfu8f51uPuRR15Ef5cBDcfLZqrcrKw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=5356800
cf-request-id: 0ab95bd998000005fd512f8000000001
cf-ray: 6608c8d5baf805fd-FRA

GET
H2 200 logo.svg
glossy.espreso.co.rs/resources/images/svg/ 5 KB
3 KB 37ms
35ms Image
image/svg+xml 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/resources/images/svg/logo.svg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 047ed5c1bcaea807f1edb61af9be9d808c474d7ae00dd2577067ad4adbcffd29

Request headers

:path: /resources/images/svg/logo.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq3--0
date: Thu, 17 Jun 2021 02:17:17 GMT
content-encoding: gzip
age: 39
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq3.itplatforma.com
x-backend-server: glossy-web1 time for request D=846
content-length: 2249
x-haste-perspective: desktop
last-modified: Wed, 13 Jan 2021 11:32:19 GMT
server: Haste
etag: "14b4-5b8c67dee79e7-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-haste-hits: 6
accept-ranges: bytes
x-haste-cacheable: YES
expires: 0

GET
H2 200 322793_suzana-jovanovic-10062021-0271_po-s.jpg
glossy.espreso.co.rs/data/images/2021/06/11/09/ 66 KB
67 KB 38ms
36ms Image
image/jpeg 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/data/images/2021/06/11/09/322793_suzana-jovanovic-10062021-0271_po-s.jpg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 0bacfef26ff1922579b35aedd4f6906354dee8471df00262d03962fd53e54def

Request headers

:path: /data/images/2021/06/11/09/322793_suzana-jovanovic-10062021-0271_po-s.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq2--0
date: Thu, 17 Jun 2021 02:14:08 GMT
age: 229
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq2.itplatforma.com
x-backend-server: glossy-web2 time for request D=1377
content-length: 67868
x-haste-perspective: desktop
last-modified: Fri, 11 Jun 2021 07:27:39 GMT
server: Haste
etag: "1091c-5c47871469c72"
content-type: image/jpeg
cache-control: max-age = 315360000, public
x-haste-hits: 1
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 323190_1733731-whatsappimage20190111at22.23.05-ls_sq-s.jpg
glossy.espreso.co.rs/data/images/2021/06/16/22/ 22 KB
22 KB 38ms
36ms Image
image/jpeg 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/data/images/2021/06/16/22/323190_1733731-whatsappimage20190111at22.23.05-ls_sq-s.jpg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 041e8df19fca5f476e628e1db9c9851b4334d100f48e9c862a912afe3030eb86

Request headers

:path: /data/images/2021/06/16/22/323190_1733731-whatsappimage20190111at22.23.05-ls_sq-s.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq2--0
date: Thu, 17 Jun 2021 02:09:34 GMT
age: 503
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq2.itplatforma.com
x-backend-server: glossy-web2 time for request D=2096
content-length: 22339
x-haste-perspective: desktop
last-modified: Wed, 16 Jun 2021 20:16:40 GMT
server: Haste
etag: "5743-5c4e7c4b6fde0"
content-type: image/jpeg
cache-control: max-age = 315360000, public
x-haste-hits: 5
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 316808_2442701-katarina-ff_sq-s.jpg
glossy.espreso.co.rs/data/images/2021/02/15/21/ 40 KB
41 KB 91ms
89ms Image
image/jpeg 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/data/images/2021/02/15/21/316808_2442701-katarina-ff_sq-s.jpg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 3f27138b8c509198b5d51abc266e37f2961ebf28f8e51508a27a92620345c109

Request headers

:path: /data/images/2021/02/15/21/316808_2442701-katarina-ff_sq-s.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq2--0
date: Thu, 17 Jun 2021 02:09:17 GMT
age: 520
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq2.itplatforma.com
x-backend-server: glossy-web1 time for request D=4333
content-length: 41022
x-haste-perspective: desktop
last-modified: Mon, 15 Feb 2021 20:02:50 GMT
server: Haste
etag: "a03e-5bb65786f0c37"
content-type: image/jpeg
cache-control: max-age = 315360000, public
x-haste-hits: 2
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lazy.png
glossy.espreso.co.rs/resources/images/ 936 B
1 KB 120ms
119ms Image
image/png 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/resources/images/lazy.png
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 8c5a62c74692dd5d707767c763842fa3a199c5d50b526f2a138747af21ba6202

Request headers

:path: /resources/images/lazy.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq2--0
date: Thu, 17 Jun 2021 02:04:58 GMT
age: 779
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq2.itplatforma.com
x-backend-server: glossy-web1 time for request D=353
content-length: 936
x-haste-perspective: desktop
last-modified: Wed, 13 Jan 2021 11:32:19 GMT
server: Haste
etag: "3a8-5b8c67dee6a47"
content-type: image/png
cache-control: max-age = 315360000, public
x-haste-hits: 15
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/pLW1P-3X_Ppr5/www.espreso.co.rs/ 3 KB
2 KB 76ms
30ms Script
application/javascript 2600:9000:2104:600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/pLW1P-3X_Ppr5/www.espreso.co.rs/choice.js
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86ab03a72e25300a317a6a1e722eb5299b33aeac4d2c8c20ba769328bd90180b

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: gzip
last-modified: Wed, 10 Feb 2021 22:07:22 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-C1
etag: W/"236f223ad4fd36f41f0d3ab46fc5f58d"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 084f866feba2345e668d9a32662696cf.cloudfront.net (CloudFront)
cache-control: max-age=900
cross-origin-resource-policy: cross-origin
x-amz-cf-id: hL2tJzzLFSOf_Bk-Su0rodg6poX_RGiKHstskh53gt7ZfzF4BA1Vrw==

GET
H2 200 xgemius.js Show response
gars.hit.gemius.pl/ 39 KB
11 KB 94ms
26ms Script
application/x-javascript 87.237.206.234
MNSHA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gars.hit.gemius.pl/xgemius.js
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 87.237.206.234 , Serbia, ASN51859 (MNSHA-AS, RS),
Reverse DNS
Software: GHC /
Resource Hash: 501ab0e4cb15e8fe0073f3e9e58e9d37b0e15139f7f11e5480269f6aa53ed296

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: gzip
last-modified: Fri, 28 May 2021 09:58:52 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 10551
expires: Thu, 17 Jun 2021 14:17:57 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6797
date: Thu, 17 Jun 2021 00:24:40 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Thu, 17 Jun 2021 02:24:40 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 94 KB
25 KB 22ms
6ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

547f226c6e04b6654144617685448d360e2a92d908c6fb646761a1e6d4850004

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24517
x-xss-protection: 0
pragma: public
x-fb-debug: eYKEYb4zHXWkMoDm0qa7rKCat6CbzqXFE9Hg0Q/GgQb4K70lvU3hrRB54xnrSQ9BmJFM4awDhTTDAMFwnXD9ow==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Thu, 17 Jun 2021 02:17:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ 44 KB
44 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700|PT+Sans:400,700&subset=latin,latin-ext,cyrillic-ext,cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://glossy.espreso.co.rs
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 05:40:22 GMT
x-content-type-options: nosniff
age: 419855
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 05:40:22 GMT

GET
H3-29 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ 46 KB
46 KB 17ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700|PT+Sans:400,700&subset=latin,latin-ext,cyrillic-ext,cyrillic

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://glossy.espreso.co.rs
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 14:39:51 GMT
x-content-type-options: nosniff
age: 387486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 14:39:51 GMT

GET
H3-29 200 jizfRExUiTo99u79B_mh0OCtLQ0Z.woff2
fonts.gstatic.com/s/ptsans/v12/ 29 KB
29 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0OCtLQ0Z.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700|PT+Sans:400,700&subset=latin,latin-ext,cyrillic-ext,cyrillic

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e4563071048dd98f7120d73d55aa8f31fef27b1c1cf600eb38306421078153d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://glossy.espreso.co.rs
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 04:46:04 GMT
x-content-type-options: nosniff
age: 423113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29328
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 04:46:04 GMT

GET
H3-29 200 EJRSQgYoZZY2vCFuvAnt66qSVys.woff2
fonts.gstatic.com/s/ptserif/v12/ 29 KB
29 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700|PT+Sans:400,700&subset=latin,latin-ext,cyrillic-ext,cyrillic

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e548abcd8734bfcf8b4ebbbca1af98f9e8ae1e0ff884c0971f29498a4fc108f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://glossy.espreso.co.rs
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 05:05:29 GMT
x-content-type-options: nosniff
age: 421948
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29400
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:05:20 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 05:05:29 GMT

GET
H3-29 200 EJRVQgYoZZY2vCFuvAFWzr8.woff2
fonts.gstatic.com/s/ptserif/v12/ 32 KB
32 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRVQgYoZZY2vCFuvAFWzr8.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700|PT+Sans:400,700&subset=latin,latin-ext,cyrillic-ext,cyrillic

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef391572f9fbb7bab7fef6ce2c4fc92ad68a8c148889a79cb9f9b1452d851fab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://glossy.espreso.co.rs
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 12:13:20 GMT
x-content-type-options: nosniff
age: 396277
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32960
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:06:03 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 12:13:20 GMT

GET
H3-29 200 EJRSQgYoZZY2vCFuvAnt66qcVyvHpA.woff2
fonts.gstatic.com/s/ptserif/v12/ 19 KB
19 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRSQgYoZZY2vCFuvAnt66qcVyvHpA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700|PT+Sans:400,700&subset=latin,latin-ext,cyrillic-ext,cyrillic

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba462692b44ec826922965ea262e87e2fa936c82383982380b10b898444cf90f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://glossy.espreso.co.rs
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 08:36:45 GMT
x-content-type-options: nosniff
age: 409272
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19220
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:05:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 08:36:45 GMT

GET
H3-29 200 EJRVQgYoZZY2vCFuvAFYzr-tdg.woff2
fonts.gstatic.com/s/ptserif/v12/ 21 KB
21 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRVQgYoZZY2vCFuvAFYzr-tdg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700|PT+Sans:400,700&subset=latin,latin-ext,cyrillic-ext,cyrillic

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be36bf0f2001beedfdeec85a65ee55b6b610f5466b59ca38c7a427c553f9195c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://glossy.espreso.co.rs
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 03:30:16 GMT
x-content-type-options: nosniff
age: 427661
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21172
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:06:08 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 03:30:16 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
91 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-67410988-1&cid=380280673.1623896277&jid=881558708&gjid=1426714560&_gid=1664425215.1623896277&_u=IGBAgEABAAAAAE~&z=1873374235

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Jun 2021 02:17:57 GMT
content-type: text/plain
access-control-allow-origin: https://glossy.espreso.co.rs
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=33223145&t=pageview&_s=1&dl=https%3A%2F%2Fglossy.espreso.co.rs%2F&ul=en-us&de=UTF-8&dt=Glossy&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGDAAEABAAAAAG~&jid=1951145731&gjid=1047412896&cid=380280673.1623896277&tid=UA-86981738-2&_gid=1664425215.1623896277&_r=1&_slc=1&z=1139404095

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://glossy.espreso.co.rs
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=33223145&t=pageview&_s=1&dl=https%3A%2F%2Fglossy.espreso.co.rs%2F&ul=en-us&de=UTF-8&dt=Glossy&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEAB~&jid=881558708&gjid=1426714560&cid=380280673.1623896277&tid=UA-67410988-1&_gid=1664425215.1623896277&z=1471331446

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Jun 2021 09:59:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 58699
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 322513038446696 Show response
connect.facebook.net/signals/config/ 261 KB
74 KB 13ms
12ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/322513038446696?v=2.9.41&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7f69a42e8100685904bb22b5ff3ccddeb7b953e3d31ba169bc8e1833c71a561b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 75805
x-xss-protection: 0
pragma: public
x-fb-debug: 16fRBrD2agYBFUxkFu3E2kpGZkwAF4Lh2kVE/aAY9ngLys96CXPQrz3rI7PemvkggtLh7oCCG9BjnOlEUIEoRg==
x-frame-options: DENY
date: Thu, 17 Jun 2021 02:17:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 16ms
16ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-67410988-1&cid=380280673.1623896277&jid=881558708&_u=IGBAgEABAAAAAE~&z=437780801

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 16ms
15ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-67410988-1&cid=380280673.1623896277&jid=881558708&_u=IGBAgEABAAAAAE~&z=437780801

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 26ms
8ms Script
application/javascript 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/pLW1P-3X_Ppr5/www.espreso.co.rs/choice.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Thu, 24 Jun 2021 02:17:57 GMT

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/ 234 KB
64 KB 36ms
36ms Script
text/javascript 2600:9000:2104:600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.espreso.co.rs
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/pLW1P-3X_Ppr5/www.espreso.co.rs/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2ddef05ee7b0caa6fd9be281a5b4e53ada42bff7814578d748144f2f9181e476

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: gzip
x-amz-cf-pop: AMS1-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Thu, 13 May 2021 19:03:54 GMT
server: AmazonS3
etag: W/"2848b39634e3b71d7b4f01531f83807a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 084f866feba2345e668d9a32662696cf.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-meta-qc-ineu: True
x-amz-cf-id: r9km6VXVP80faUwmKhvGgEWZI1sRxjS5O1Z59i6N4eg-iTjmJivXmw==

GET
H2 200 pym.v1.min.js Show response
pym.nprapps.org/ 9 KB
3 KB 59ms
6ms Script
application/javascript 13.224.195.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pym.nprapps.org/pym.v1.min.js
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-50.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b7f736144a4c3c86a1e620f94d91b3c0eedcadac33888203e554dc2e7c3cfa66

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 09:44:55 GMT
content-encoding: gzip
last-modified: Tue, 13 Feb 2018 16:23:08 GMT
server: AmazonS3
age: 59582
etag: "dfb7091815cbff12a30bfad66911926f"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA2-C1
content-length: 2818
x-amz-cf-id: zlQFWMexoGSXz87zjrFoBlOci17iKnRMvvTeSFe79cvDJVZoAYVM8A==

GET
H2 200 fpdata.js Show response
gars.hit.gemius.pl/ 282 B
395 B 26ms
25ms Script
application/x-javascript 87.237.206.234
MNSHA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gars.hit.gemius.pl/fpdata.js?href=glossy.espreso.co.rs
Requested by: Host: gars.hit.gemius.pl
URL: https://gars.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 87.237.206.234 , Serbia, ASN51859 (MNSHA-AS, RS),
Reverse DNS
Software: GHC /
Resource Hash: fceb383956a313eba092f8618ea26600780ae79e85cf7dbe08bba1b50aed2940

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 282
expires: Sat, 17 Jul 2021 02:17:57 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 63 KB
21 KB 36ms
14ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.adriamediacontent.com
URL: https://www.adriamediacontent.com/js/pubjelly/main/pubjelly.js?pjcbpage=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

476e4ac7143827a9b8c242de1b67d8359661ccadaff81ca252b118898b122ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "905 / 318 of 1000 / last-modified: 1623882059"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21569
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:57 GMT

GET
H2

200

redot.gif
rs.hit.gemius.pl/__/_1623896277641/
Redirect Chain

https://rs.hit.gemius.pl/_1623896277641/redot.gif?id=bVnr24M7JJDtjp3qdxyvFZchT.SgXsSakv3V1jPYkKv.u7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D0
https://rs.hit.gemius.pl/__/_1623896277641/redot.gif?id=bVnr24M7JJDtjp3qdxyvFZchT.SgXsSakv3V1jPYkKv.u7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D0

43 B
215 B

31ms
31ms

Image
image/gif

87.237.206.234
MNSHA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rs.hit.gemius.pl/__/_1623896277641/redot.gif?id=bVnr24M7JJDtjp3qdxyvFZchT.SgXsSakv3V1jPYkKv.u7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D0
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 87.237.206.234 , Serbia, ASN51859 (MNSHA-AS, RS),
Reverse DNS
Software: GHC /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: image/gif
content-length: 43
expires: Wed, 16 Jun 2021 02:17:57 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1623896277641/redot.gif?id=bVnr24M7JJDtjp3qdxyvFZchT.SgXsSakv3V1jPYkKv.u7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D0
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 16 Jun 2021 02:17:57 GMT

GET
H2

200

redot.gif
alt.adocean.pl/__/_1623896277641/
Redirect Chain

https://alt.adocean.pl/_1623896277641/redot.gif?id=1_XlneraySw7LL8m2QmY8bdeT.RwIcSaaWLV1n_0kKv.O7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D1
https://alt.adocean.pl/__/_1623896277641/redot.gif?id=1_XlneraySw7LL8m2QmY8bdeT.RwIcSaaWLV1n_0kKv.O7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D1

43 B
215 B

29ms
23ms

Image
image/gif

137.74.0.158
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.adocean.pl/__/_1623896277641/redot.gif?id=1_XlneraySw7LL8m2QmY8bdeT.RwIcSaaWLV1n_0kKv.O7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D1
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 137.74.0.158 Warsaw, Poland, ASN16276 (OVH, FR),
Reverse DNS: ovhpl8.host.hit.gemius.pl
Software: GHC /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: image/gif
content-length: 43
expires: Wed, 16 Jun 2021 02:17:57 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1623896277641/redot.gif?id=1_XlneraySw7LL8m2QmY8bdeT.RwIcSaaWLV1n_0kKv.O7&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D1
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 16 Jun 2021 02:17:57 GMT

GET
H2

200

repoint.gif
alt.hudb.pl/__/_1623896277641/
Redirect Chain

https://alt.hudb.pl/_1623896277641/repoint.gif?id=10ZL__tKNMmbYXfT6Pa8D7cc.jhwbe86CT6t3N9b9W3.87&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D2
https://alt.hudb.pl/__/_1623896277641/repoint.gif?id=10ZL__tKNMmbYXfT6Pa8D7cc.jhwbe86CT6t3N9b9W3.87&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D2

43 B
189 B

27ms
21ms

Image
image/gif

137.74.0.158
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.hudb.pl/__/_1623896277641/repoint.gif?id=10ZL__tKNMmbYXfT6Pa8D7cc.jhwbe86CT6t3N9b9W3.87&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D2
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 137.74.0.158 Warsaw, Poland, ASN16276 (OVH, FR),
Reverse DNS: ovhpl8.host.hit.gemius.pl
Software: GHC /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: image/gif
content-length: 43
expires: Wed, 16 Jun 2021 02:17:57 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1623896277641/repoint.gif?id=10ZL__tKNMmbYXfT6Pa8D7cc.jhwbe86CT6t3N9b9W3.87&fpdata=&extra=_unique%3D82961623896277641%7C_order%3D2
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 16 Jun 2021 02:17:57 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 20ms
7ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=322513038446696&ev=PageView&dl=https%3A%2F%2Fglossy.espreso.co.rs%2F&rl=&if=false&ts=1623896277663&sw=1600&sh=1200&v=2.9.41&r=stable&ec=0&o=30&fbp=fb.2.1623896277660.1366042634&it=1623896277514&coo=false&rqm=GET

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 17 Jun 2021 02:17:57 GMT

GET
H2 200 network_sprite.svg
glossy.espreso.co.rs/resources/images/footer/ 61 KB
27 KB 30ms
30ms Image
image/svg+xml 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/resources/images/footer/network_sprite.svg?v3.6
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/resources/css/main-v-16107096751945.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 39e110d013cee5277b6be02ea51c5b08319dd79697aa19bd2a191f47d7ca26fb

Request headers

:path: /resources/images/footer/network_sprite.svg?v3.6
pragma: no-cache
cookie: _ga=GA1.3.380280673.1623896277; _gid=GA1.3.1664425215.1623896277; _gat=1; _gat_tstTracker=1; _fbp=fb.2.1623896277660.1366042634
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/resources/css/main-v-16107096751945.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/resources/css/main-v-16107096751945.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq3--0
date: Thu, 17 Jun 2021 02:17:18 GMT
content-encoding: gzip
age: 39
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq3.itplatforma.com
x-backend-server: glossy-web2 time for request D=11841
content-length: 26575
x-haste-perspective: desktop
last-modified: Wed, 13 Jan 2021 11:32:19 GMT
server: Haste
etag: "f2d0-5b8c67dee6a47-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-haste-hits: 6
accept-ranges: bytes
x-haste-cacheable: YES
expires: 0

GET
H3-29 200 jizaRExUiTo99u79D0yExdGM.woff2
fonts.gstatic.com/s/ptsans/v12/ 26 KB
26 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0yExdGM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700|PT+Sans:400,700&subset=latin,latin-ext,cyrillic-ext,cyrillic

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7cc569a18a9dfd7f191b5cf516e335c67255047ffbd4da0f1e8109598665ada8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://glossy.espreso.co.rs
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 06:37:26 GMT
x-content-type-options: nosniff
age: 416431
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26408
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 06:37:26 GMT

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1370be8cb4d55008a4edaa4c8df7a0eb1277703fa18dfdb557b98eab0a86b365

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: pWxqhf9l8OM6mAt5PyiCvw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: OpJNg57alKha50FVv1ElbkWjVE8QTZ2aDMP0ZPuipufyGoHk8Ub/v/67AbrCDlyq/A/EbRbppc6c+LELnNnK4A==
x-fb-content-md5: 3939a4fc6470f4814962062381e85a21
x-frame-options: DENY
date: Thu, 17 Jun 2021 02:17:57 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "70ec764ad3c5bb22c75f3ff30437b876"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 17 Jun 2021 02:23:22 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 43ms
14ms Script
application/x-javascript 2600:9000:2104:ce00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:ce00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ec93813683cccb74a7896a34a2ed1b2163288620f6959ae06de3ded30cf518b9

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 09:36:23 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 00:04:46 GMT
server: nginx
age: 60094
etag: W/"60665f9e-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 e79fcd7f3f0a842841acfca75e35ea79.cloudfront.net (CloudFront)
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: 4vB3g2erRY_o1EIx4iu69iLGct3RVFBl2rfuuE2_3nS1oqnAGICMGA==
expires: Thu, 17 Jun 2021 09:36:23 GMT

POST
H2 200 check_if_user_is_logged_in Show response
glossy.espreso.co.rs/profil/ 115 B
396 B 303ms
303ms XHR
text/html 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glossy.espreso.co.rs/profil/check_if_user_is_logged_in
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/resources/js/main-v-16107096751945.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Apache /
Resource Hash: 22882a69a2cd613b25bc774dded2d9d71c97bf0677d764e8bd270402a6802688

Request headers

sec-fetch-mode: cors
origin: https://glossy.espreso.co.rs
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: _ga=GA1.3.380280673.1623896277; _gid=GA1.3.1664425215.1623896277; _gat=1; _gat_tstTracker=1; _fbp=fb.2.1623896277660.1366042634
content-length: 0
:path: /profil/check_if_user_is_logged_in
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: */*
Referer: https://glossy.espreso.co.rs/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_glossy/glossy-web1--0
date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
set-cookie: X-Proxy-To=glossy-web1; path=/
x-backend-server: glossy-web1 time for request D=4483
content-length: 92

GET
H2 200 323105_remiks-photo_sq-s.jpg
glossy.espreso.co.rs/data/images/2021/06/16/10/ 125 KB
125 KB 31ms
29ms Image
image/jpeg 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/data/images/2021/06/16/10/323105_remiks-photo_sq-s.jpg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 946b641e36084d4db7894790a21f361eed3fe249bb7d2f42bb4f19acede3108f

Request headers

:path: /data/images/2021/06/16/10/323105_remiks-photo_sq-s.jpg
pragma: no-cache
cookie: _ga=GA1.3.380280673.1623896277; _gid=GA1.3.1664425215.1623896277; _gat=1; _gat_tstTracker=1; _fbp=fb.2.1623896277660.1366042634
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq4--0
date: Thu, 17 Jun 2021 02:14:24 GMT
age: 213
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq4.itplatforma.com
x-backend-server: glossy-web2 time for request D=1032
content-length: 127797
x-haste-perspective: desktop
last-modified: Wed, 16 Jun 2021 08:43:40 GMT
server: Haste
etag: "1f335-5c4de165efdf3"
content-type: image/jpeg
cache-control: max-age = 315360000, public
x-haste-hits: 1
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 323189_2610339-kajlitrevis1-ls_sq-s.jpg
glossy.espreso.co.rs/data/images/2021/06/16/22/ 46 KB
46 KB 186ms
184ms Image
image/jpeg 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/data/images/2021/06/16/22/323189_2610339-kajlitrevis1-ls_sq-s.jpg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: abf231b869211c0c55300c8272ef35d405886b5d01ab407ae454f5cf1d0bb0d8

Request headers

:path: /data/images/2021/06/16/22/323189_2610339-kajlitrevis1-ls_sq-s.jpg
pragma: no-cache
cookie: _ga=GA1.3.380280673.1623896277; _gid=GA1.3.1664425215.1623896277; _gat=1; _gat_tstTracker=1; _fbp=fb.2.1623896277660.1366042634
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq1--0
date: Thu, 17 Jun 2021 02:08:59 GMT
age: 538
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq1.itplatforma.com
x-backend-server: glossy-web2 time for request D=772
content-length: 46912
x-haste-perspective: desktop
last-modified: Wed, 16 Jun 2021 20:02:12 GMT
server: Haste
etag: "b740-5c4e790fa5f40"
content-type: image/jpeg
cache-control: max-age = 315360000, public
x-haste-hits: 2
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 323166_profimedia0295137034_sq-s.jpg
glossy.espreso.co.rs/data/images/2021/06/16/18/ 29 KB
29 KB 243ms
242ms Image
image/jpeg 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/data/images/2021/06/16/18/323166_profimedia0295137034_sq-s.jpg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 94f5cc49c8a00bfa0976f542ac6b5c24ff32d00af1dfe581f6ab669558a8dff3

Request headers

:path: /data/images/2021/06/16/18/323166_profimedia0295137034_sq-s.jpg
pragma: no-cache
cookie: _ga=GA1.3.380280673.1623896277; _gid=GA1.3.1664425215.1623896277; _gat=1; _gat_tstTracker=1; _fbp=fb.2.1623896277660.1366042634
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq1--0
date: Thu, 17 Jun 2021 02:09:59 GMT
age: 478
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq1.itplatforma.com
x-backend-server: glossy-web2 time for request D=2489
content-length: 29498
x-haste-perspective: desktop
last-modified: Wed, 16 Jun 2021 16:14:38 GMT
server: Haste
etag: "733a-5c4e463209170"
content-type: image/jpeg
cache-control: max-age = 315360000, public
x-haste-hits: 5
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 61929252001-bracnipar-share_sq-s.jpg
glossy.espreso.co.rs/data/images/external/2021/06/16/22/ 47 KB
48 KB 273ms
272ms Image
image/jpeg 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/data/images/external/2021/06/16/22/61929252001-bracnipar-share_sq-s.jpg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 2c3597b696e68fc11727ba93994b398530494b10cfa2423899a6623f20903a6f

Request headers

:path: /data/images/external/2021/06/16/22/61929252001-bracnipar-share_sq-s.jpg
pragma: no-cache
cookie: _ga=GA1.3.380280673.1623896277; _gid=GA1.3.1664425215.1623896277; _gat=1; _gat_tstTracker=1; _fbp=fb.2.1623896277660.1366042634
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq2--0
date: Thu, 17 Jun 2021 02:06:15 GMT
age: 701
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq2.itplatforma.com
x-backend-server: glossy-web1 time for request D=1064
content-length: 48154
x-haste-perspective: desktop
last-modified: Wed, 16 Jun 2021 20:45:58 GMT
server: Haste
etag: "bc1a-5c4e82d88e7ae"
content-type: image/jpeg
cache-control: max-age = 315360000, public
x-haste-hits: 8
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 64738223343-profimedia0532273833-share_sq-s.jpg
glossy.espreso.co.rs/data/images/external/2021/06/16/22/ 54 KB
54 KB 272ms
271ms Image
image/jpeg 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/data/images/external/2021/06/16/22/64738223343-profimedia0532273833-share_sq-s.jpg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: bf0aac0288eb062621e22a2f984ee8a69b8716df4436fd2a95bf0842007e027d

Request headers

:path: /data/images/external/2021/06/16/22/64738223343-profimedia0532273833-share_sq-s.jpg
pragma: no-cache
cookie: _ga=GA1.3.380280673.1623896277; _gid=GA1.3.1664425215.1623896277; _gat=1; _gat_tstTracker=1; _fbp=fb.2.1623896277660.1366042634
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq4--0
date: Thu, 17 Jun 2021 02:06:17 GMT
age: 700
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq4.itplatforma.com
x-backend-server: glossy-web1 time for request D=1239
content-length: 55228
x-haste-perspective: desktop
last-modified: Wed, 16 Jun 2021 20:45:31 GMT
server: Haste
etag: "d7bc-5c4e82be06a38"
content-type: image/jpeg
cache-control: max-age = 315360000, public
x-haste-hits: 7
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 75773235269-tomazdravkovic-share_sq-s.jpg
glossy.espreso.co.rs/data/images/external/2021/06/16/22/ 26 KB
27 KB 272ms
272ms Image
image/jpeg 185.80.68.6
PROVIDUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://glossy.espreso.co.rs/data/images/external/2021/06/16/22/75773235269-tomazdravkovic-share_sq-s.jpg
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.68.6 , Serbia, ASN43191 (PROVIDUS-AS, RS),
Reverse DNS
Software: Haste /
Resource Hash: 0f7d532802612c4f419ca9afc05559a546fac06259f23e5bcd22b2b43f7703ce

Request headers

:path: /data/images/external/2021/06/16/22/75773235269-tomazdravkovic-share_sq-s.jpg
pragma: no-cache
cookie: _ga=GA1.3.380280673.1623896277; _gid=GA1.3.1664425215.1623896277; _gat=1; _gat_tstTracker=1; _fbp=fb.2.1623896277660.1366042634
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: glossy.espreso.co.rs
referer: https://glossy.espreso.co.rs/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->ha-thq4.itplatforma.com(185.80.68.6)/http-in/be_cache_varnish/ha-thq1--0
date: Thu, 17 Jun 2021 02:09:17 GMT
age: 520
x-haste-cache: HIT
x-haste-debug-backend: glossyTHQ
x-haste-node: ha-thq1.itplatforma.com
x-backend-server: glossy-web2 time for request D=1609
content-length: 26632
x-haste-perspective: desktop
last-modified: Wed, 16 Jun 2021 20:45:14 GMT
server: Haste
etag: "6808-5c4e82ae03463"
content-type: image/jpeg
cache-control: max-age = 315360000, public
x-haste-hits: 5
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rules-p-pLW1P-3X_Ppr5.js Show response
rules.quantcount.com/ 147 B
601 B 28ms
11ms Script
application/javascript 2600:9000:20eb:5200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-pLW1P-3X_Ppr5.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:5200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1250cac1df26eff62cb52c6732a01bad753ba6c8299329177da2e43c714564f8

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 01:33:45 GMT
via: 1.1 9568a708c8ab21597698ebe7dce6c42e.cloudfront.net (CloudFront)
age: 2653
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 147
last-modified: Tue, 27 Apr 2021 19:43:45 GMT
server: AmazonS3
etag: "e3373b96c8cb8ac9cdcc2b2ffd87c7b7"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: 1PZE_rWRMfnF1LVoZ3pa0dSsCAOyAJXz-Ms7k9KC8gSjBAS0z41qiw==

GET
H2 200 / Show response
www.kurir.rs/news_widget_amc/ Frame 651C 20 KB
7 KB 148ms
90ms Document
text/html 51.159.89.0
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
Requested by: Host: pym.nprapps.org
URL: https://pym.nprapps.org/pym.v1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.159.89.0 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS: www.kurir.rs
Software: Haste /
Resource Hash: dcff73cc7b0aa93b6b8ac0bc18cc3f3871ae1f42ecd1c128393c58f44f273155

Request headers

:method: GET
:authority: www.kurir.rs
:scheme: https
:path: /news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://glossy.espreso.co.rs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://glossy.espreso.co.rs/

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-backend-server: kurir-web4 time for request D=11273
access-control-allow-origin: *
content-length: 6574
content-type: text/html; charset=UTF-8
server: Haste
x-haste-cacheable: YES
expires: 0
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-haste-perspective: desktop
age: 0
x-haste-debug-backend: kurirTHQ
x-haste-node: haste-fr1.itplatforma.com
x-haste-cache: MISS
accept-ranges: bytes
x-haste-cfg: 144.76.109.30->haste-fr2.itplatforma.com(51.159.89.0)/http-in/be_cache_varnish/haste-fr1--0

GET
H3-29 200 pubads_impl_2021061502.js Show response
securepubads.g.doubleclick.net/gpt/ 326 KB
114 KB 32ms
14ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

4ecfa657a94c57109985f7d07882a68936fe311340910a2f592ebd80a1c82906

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 15 Jun 2021 21:12:38 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116908
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:57 GMT

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 246 KB
73 KB 14ms
13ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=8c412b21b1ab7ae3b0bf52d07495448e&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e1fd175ab2f666d230639d413f7bb1f293208cb5bcbf380e6c0dc8b288fd2b9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://glossy.espreso.co.rs
Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 5zB5Ufdk9+WXlG41QwS5Pg==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74485
x-fb-rlafr: 0
x-fb-debug: KBgqRAkK9tggSRbakXcBhdGUUow3kS9WVCl0yahHUadPOwQl49LBm7CcaYd70jAhlGVf9IBCPVqoTzoKSnIb6w==
x-fb-content-md5: c8eb659377ef6e10fbcf63e865599440
x-frame-options: DENY
date: Thu, 17 Jun 2021 02:17:57 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "1732ed6a228715b44dbda42b78a21541"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 17 Jun 2022 02:03:22 GMT

GET
H2 200 rexdot.js Show response
gars.hit.gemius.pl/_1623896277803/ 169 B
502 B 97ms
96ms Script
application/x-javascript 87.237.206.234
MNSHA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gars.hit.gemius.pl/_1623896277803/rexdot.js?l=100&id=.Wqab_7.PymlI6QznIZAr5eCDkaUbycwxOudM3_kSXz.M7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fglossy.espreso.co.rs%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=kReHJIJx6tlisPhP3aoawjsF15DVqDI9NjBlFKC4ftL.V7&vis=1
Requested by: Host: gars.hit.gemius.pl
URL: https://gars.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 87.237.206.234 , Serbia, ASN51859 (MNSHA-AS, RS),
Reverse DNS
Software: GHC /
Resource Hash: b533a17c2cdc90922af4c3eab68f1f72db64d0b714231e15eecc681a64cd01e3

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 169
expires: Wed, 16 Jun 2021 02:17:57 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 307ms
101ms Image
image/gif 54.208.245.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=glossy.espreso.co.rs&p=%2F&u=Dg63miB_-cG3Ckr2pL&d=glossy.espreso.co.rs&g=54177&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=10208&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=791&t=BCNSHRCUWMSjB8yjWCgETwu_tflN&V=126&i=Glossy&tz=-120&sn=1&sv=2anqyfgnclB_Qle1D9rt2QDcl45V&sd=1&im=067b2fff&_
Requested by: Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.208.245.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-208-245-148.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 pixel;r=336331938;source=choice;rf=0;a=p-pLW1P-3X_Ppr5;url=https%3A%2F%2Fglossy.espreso.co.rs%2F;uh=u;uht=u;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=1;gdpr_consent=;ref=;d=espreso.co.rs;...
pixel.quantcount.com/ 35 B
210 B 10ms
8ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantcount.com/pixel;r=336331938;source=choice;rf=0;a=p-pLW1P-3X_Ppr5;url=https%3A%2F%2Fglossy.espreso.co.rs%2F;uh=u;uht=u;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=1;gdpr_consent=;ref=;d=espreso.co.rs;je=0;sr=1600x1200x24;dst=1;et=1623896277838;tzo=-120;ogl=title.Glossy%2Cimage.%2Ctype.article%2Curl.https%3A%2F%2Fglossy%252Eespreso%252Eco%252Ers%2F%2Csite_name.Glossy%2Cdescription.

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:57 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 20ms
18ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=glossy.espreso.co.rs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 18ms
17ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=glossy.espreso.co.rs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Jun 2021 02:17:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 64 KB
22 KB 373ms
373ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1673677711425563&correlator=1603144135273851&output=ldjh&impl=fifs&eid=31061039%2C31061160%2C31061279%2C31061423%2C31061459%2C31061476%2C31061199%2C31061425&vrg=2021061502&ptt=17&gdpr=1&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210617&iu_parts=338515395%2Cglossy%2Cglossy_desk_id1%2Cglossy_desk_id2%2Cglossy_desk_id3%2Cglossy_desk_id4&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5&prev_iu_szs=728x90%2C970x500%7C998x90%7C998x180%7C998x250%7C998x500%7C970x180%7C970x250%2C300x250%7C300x600%2C300x600%7C300x250&cust_params=glossy_espreso_pages%3Dhome&cookie_enabled=1&bc=31&abxe=1&lmt=1623896277&dt=1623896277892&dlt=1623896277300&idt=558&frm=20&biw=1600&bih=1200&oid=3&adxs=552%2C320%2C980%2C980&adys=15%2C210%2C340%2C1556&adks=2341537960%2C2049153674%2C437793788%2C1605551008&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fglossy.espreso.co.rs%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x110%7C960x24%7C300x28%7C300x28&msz=728x-1%7C960x0%7C300x0%7C300x0&ga_vid=380280673.1623896277&ga_sid=1623896278&ga_hid=33223145&ga_fc=false&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0&btvi=0%7C0%7C0%7C1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

9db3984b51c528a4eb5c9ac0a30d771d0f749ded8d8108456c9992b58606f4f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22462
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://glossy.espreso.co.rs
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 31ms
11ms Other
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 9ms
6ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1864170247150479&ev=fb_page_view&dl=https%3A%2F%2Fglossy.espreso.co.rs%2F&rl=&if=false&ts=1623896277917&sw=1600&sh=1200&at=

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Thu, 17 Jun 2021 02:17:57 GMT

GET
H2 200 pym.v1.min.js Show response
www.kurir.rs/resources/js/ Frame 651C 7 KB
3 KB 99ms
98ms Script
application/javascript 51.159.89.0
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.kurir.rs/resources/js/pym.v1.min.js
Requested by: Host: www.kurir.rs
URL: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.159.89.0 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS: www.kurir.rs
Software: Haste /
Resource Hash: ff3587135389fc0f7399474f84d6bff086059dbcb13d9b4e64b495d72ba4e4c7

Request headers

Referer: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->haste-fr2.itplatforma.com(51.159.89.0)/http-in/be_cache_varnish/haste-fr3--0
date: Thu, 17 Jun 2021 02:07:32 GMT
content-encoding: gzip
age: 625
x-haste-cache: HIT
x-haste-debug-backend: kurirTHQ
x-haste-node: haste-fr3.itplatforma.com
x-backend-server: kurir-web1 time for request D=1382
content-length: 2193
x-haste-perspective
last-modified: Fri, 05 Mar 2021 14:44:02 GMT
server: Haste
etag: "1bc3-5bccb1d77019f-gzip"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age = 315360000, public
x-haste-hits: 91
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2610511_novica1convertimage_ls-s.jpg
www.kurir.rs/data/images/2021/06/16/23/ Frame 651C 22 KB
23 KB 27ms
25ms Image
image/jpeg 51.159.89.0
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kurir.rs/data/images/2021/06/16/23/2610511_novica1convertimage_ls-s.jpg
Requested by: Host: www.kurir.rs
URL: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.159.89.0 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS: www.kurir.rs
Software: Haste /
Resource Hash: 70ab00991c0b8d520e1fba9b9964466fc8a5c25974d6402256069ff57d79df04

Request headers

Referer: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->haste-fr2.itplatforma.com(51.159.89.0)/http-in/be_cache_varnish/haste-fr2--0
date: Thu, 17 Jun 2021 02:06:50 GMT
age: 667
x-haste-cache: HIT
x-haste-debug-backend: kurirTHQ
x-haste-node: haste-fr2.itplatforma.com
x-backend-server: kurir-web5 time for request D=763
content-length: 22527
x-haste-perspective
last-modified: Wed, 16 Jun 2021 21:45:52 GMT
server: Haste
etag: "57ff-5c4e903bf930f"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age = 315360000, public
x-haste-hits: 540
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2610527_1_ls-s.jpg
www.kurir.rs/data/images/2021/06/17/00/ Frame 651C 24 KB
24 KB 28ms
26ms Image
image/jpeg 51.159.89.0
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kurir.rs/data/images/2021/06/17/00/2610527_1_ls-s.jpg
Requested by: Host: www.kurir.rs
URL: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.159.89.0 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS: www.kurir.rs
Software: Haste /
Resource Hash: 61778a50493e58b841786c3de1ffe8daa73fbdec205cdf712261c9d50d69bde9

Request headers

Referer: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->haste-fr2.itplatforma.com(51.159.89.0)/http-in/be_cache_varnish/haste-fr1--0
date: Thu, 17 Jun 2021 02:07:02 GMT
age: 654
x-haste-cache: HIT
x-haste-debug-backend: kurirTHQ
x-haste-node: haste-fr1.itplatforma.com
x-backend-server: kurir-web5 time for request D=1351
content-length: 24142
x-haste-perspective
last-modified: Wed, 16 Jun 2021 22:05:46 GMT
server: Haste
etag: "5e4e-5c4e94ae8b138"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age = 315360000, public
x-haste-hits: 434
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2608715_xxjpbee007541-20190904-pepfn0a001_ls-s.jpg
www.kurir.rs/data/images/2021/06/15/19/ Frame 651C 28 KB
28 KB 28ms
27ms Image
image/jpeg 51.159.89.0
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kurir.rs/data/images/2021/06/15/19/2608715_xxjpbee007541-20190904-pepfn0a001_ls-s.jpg
Requested by: Host: www.kurir.rs
URL: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.159.89.0 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS: www.kurir.rs
Software: Haste /
Resource Hash: f256fc754073c6c1c5b1901281680fa7b68804eba4ed62d57a72e4fbd242e896

Request headers

Referer: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->haste-fr2.itplatforma.com(51.159.89.0)/http-in/be_cache_varnish/haste-fr1--0
date: Thu, 17 Jun 2021 02:06:56 GMT
age: 661
x-haste-cache: HIT
x-haste-debug-backend: kurirTHQ
x-haste-node: haste-fr1.itplatforma.com
x-backend-server: kurir-web4 time for request D=756
content-length: 28446
x-haste-perspective
last-modified: Tue, 15 Jun 2021 17:10:21 GMT
server: Haste
etag: "6f1e-5c4d10c932a40"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age = 315360000, public
x-haste-hits: 329
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2610455_olivera-kovacevic_ls-s.jpg
www.kurir.rs/data/images/2021/06/16/22/ Frame 651C 20 KB
21 KB 71ms
70ms Image
image/jpeg 51.159.89.0
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kurir.rs/data/images/2021/06/16/22/2610455_olivera-kovacevic_ls-s.jpg
Requested by: Host: www.kurir.rs
URL: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.159.89.0 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS: www.kurir.rs
Software: Haste /
Resource Hash: 5b15b644333397d466bbfb81b62195721aa925a3c60d3eafe79749eee8c24a55

Request headers

Referer: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->haste-fr2.itplatforma.com(51.159.89.0)/http-in/be_cache_varnish/haste-fr1--0
date: Thu, 17 Jun 2021 02:06:51 GMT
age: 666
x-haste-cache: HIT
x-haste-debug-backend: kurirTHQ
x-haste-node: haste-fr1.itplatforma.com
x-backend-server: kurir-web3 time for request D=1317
content-length: 20711
x-haste-perspective
last-modified: Wed, 16 Jun 2021 20:48:13 GMT
server: Haste
etag: "50e7-5c4e8358ee476"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age = 315360000, public
x-haste-hits: 330
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2608765_ps_ls-s.jpg
www.kurir.rs/data/images/2021/06/15/19/ Frame 651C 31 KB
31 KB 48ms
48ms Image
image/jpeg 51.159.89.0
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kurir.rs/data/images/2021/06/15/19/2608765_ps_ls-s.jpg
Requested by: Host: www.kurir.rs
URL: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.159.89.0 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS: www.kurir.rs
Software: Haste /
Resource Hash: 7fde8977ecff29929cd4d82f1081a3d3f29874cabd78853259651b5a9762bc7f

Request headers

Referer: https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haste-cfg: 144.76.109.30->haste-fr2.itplatforma.com(51.159.89.0)/http-in/be_cache_varnish/haste-fr1--0
date: Thu, 17 Jun 2021 02:07:03 GMT
age: 654
x-haste-cache: HIT
x-haste-debug-backend: kurirTHQ
x-haste-node: haste-fr1.itplatforma.com
x-backend-server: kurir-web5 time for request D=707
content-length: 31658
x-haste-perspective
last-modified: Tue, 15 Jun 2021 17:50:16 GMT
server: Haste
etag: "7baa-5c4d19b53688e"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age = 315360000, public
x-haste-hits: 216
accept-ranges: bytes
x-haste-cacheable: YES
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 6ms
6ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=322513038446696&ev=Microdata&dl=https%3A%2F%2Fglossy.espreso.co.rs%2F&rl=&if=false&ts=1623896278166&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Glossy%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Glossy%22%2C%22og%3Aimage%22%3A%22%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fglossy.espreso.co.rs%2F%22%2C%22og%3Asite_name%22%3A%22Glossy%22%2C%22og%3Adescription%22%3A%22%22%2C%22article%3Apublisher%22%3A%22https%3A%2F%2Fwww.facebook.com%2Fglossy.rs%2F%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.41&r=stable&ec=1&o=30&fbp=fb.2.1623896277660.1366042634&it=1623896277514&coo=false&es=automatic&tm=3&rqm=GET

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H3-29 200 container.html Show response
bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E3C1 6 KB
3 KB 22ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://glossy.espreso.co.rs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://glossy.espreso.co.rs/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 17 Jun 2021 02:17:57 GMT
expires: Fri, 17 Jun 2022 02:17:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C6F5 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://glossy.espreso.co.rs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://glossy.espreso.co.rs/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 17 Jun 2021 02:17:57 GMT
expires: Fri, 17 Jun 2022 02:17:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6F7F 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://glossy.espreso.co.rs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://glossy.espreso.co.rs/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 17 Jun 2021 02:17:57 GMT
expires: Fri, 17 Jun 2022 02:17:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3d2fb5e2edecc03632d4232f8956dfc6cea25557cdd082cab892d00f2769bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842926269324"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28241
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H3-29 200 container.html Show response
bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1442 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://glossy.espreso.co.rs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://glossy.espreso.co.rs/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 17 Jun 2021 02:17:57 GMT
expires: Fri, 17 Jun 2022 02:17:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 23ms
23ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021061502&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c87523df036c51f20ffceb5b53e9c8bb074a052b0d285beb48f3d961b8a1511f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7930
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A99E 624 B
590 B 18ms
18ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWxNOs2lCEarN7pTZvG8MltpeGy64aNY-Mn3tofvbnrp3ltGlfWbxvzsObAGDNBmiRmaRiLqRHxc42gIJbY4uFaFFonP9X80eEEI6euecP8fb3JgdmyPVF0nNBaTyKqMLxjm8G4Yxkx58Uh_bI8SuO-sJOjFY6ayZtX5Ezzmq5T_aIFKIM

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWxNOs2lCEarN7pTZvG8MltpeGy64aNY-Mn3tofvbnrp3ltGlfWbxvzsObAGDNBmiRmaRiLqRHxc42gIJbY4uFaFFonP9X80eEEI6euecP8fb3JgdmyPVF0nNBaTyKqMLxjm8G4Yxkx58Uh_bI8SuO-sJOjFY6ayZtX5Ezzmq5T_aIFKIM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 17 Jun 2021 02:17:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUmOQ4esjyfEs_TSRnOAs68hptQWcCZ3fx7qeMuiW7p-moD46si556mRfa7i; expires=Tue, 12-Jul-2022 02:17:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E3C1 24 KB
12 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CotzUkEBuaRm85a_bnIcvkSZ2P3Gyol1kwq62VJOQOVSGxFplJ1imTZFaOQ6HfbEkidGVDDQ74NfEc3J8UuNlAwvCVt3pHqjIvar9ViYKxq6KJcqvbJ8Vn6PLCn_xhyNjt-EmqEtnMcuOLFZjDiD2F-OFoBA&cry=1&dbm_d=AKAmf-CsEk78ikXqGHDUPNbUwmIMPWLelw6jPwXvnWCWx_axUlHeHW2F8G8kv8mWKZ-06px5LpTGHhw0a2UA2_Bl0Gj8aWDhpOE56lIUIrkO3nwvuplk_bshPT0voHIIwGtQ7_KeBstG0X6FwhaR3aLEd7gyWrZQzCrGKI_-LzbJcJynb2y7IKrKbKcGwRFRrGvjaP7PFkeKgYB6k2HWH-wgKi9E3vjzlDp_xnfw3jX7WBngeLDoOKgBqNqlYXsmL1_HdYjp5P6yvwdSfjQ2Ojvrru-UgAAB_75Kc0MLchbN91v1QLHaXV7eyTRIvkSeZgPK5Lc-Afb4E5q3F6av2R4TXBqrdkB2L-8z42q-H6yb3qQNBHbRHyJL4GUvRsiPx08TfG4UWNU_2ahYw5yTGWyJrEC1BXFGgE0DjQ3f3jpp1cozkuPUa0cIq8V4aycBT73C3t8vNhBQvLXBFBFZetPVDi_0LM8FFJNl20lVu1RLPr_pt1UbtW2UT_92umUCnmEn5A2cRXWCAa5glOVVcywnDBJeP1yXld1BAML-RJ8fAksypL7fd11fV-hs3ygBNbGwylBB3PAaR-yF4mAlGJiN9TXxO76rVVeA_vTyPoJJfp7CWTb2eFhNdGRgCGcSToNBm-pVzt08TRS7nzDoisQcjrhf3ahbQ5OVED9TkdIAiaan5ALIG6E0N5pSVgc-Ec41qv0VSG-Yo0KS3MNC-4fC15ZjAFqBLdsqLsFNmKvJNacVAKC1apIKdg9eXsA__Jwv7aUOuTRnUR2qhoeNmvllNBCr3MIc2cmKh_jjuwLjNEL9gkg8G51W3JkEbE24N1wJ94wzr0Fxz8-ufIPUNBJjfiaXd_WlOscIYGrp7ekPq1kUaBgf8fdVseB7YoNHp4pxBnOuZISuIAQk_YZEWgTfTLZweE6dNFe2xSJ49o7NlRefDbPdIIWHm49J9EGdBQp7TgrooISC6CIdQJICL53gPzmNM1JLXmftwbKbQwpsLNsezy4mvD_sQClZoPxtJjNHcPXiBGBUkmDjw4EeRh3kGvAK9adiTBVu6zp9Ngh9aVQYlnxHCg6BYtk6z0a7V1ndjBUu3TmhjPXKdwUioX_XV2jVepja8e-5w2qNToPlOWptosFRgzMbOFbZlDxENMCucydRBK_LZT5BHB8SzW8PkcOD5mdc8SrriN_3Jx_CiGCmJykmImKYYh3uSf0uyVepf70lCSWhH070twkVb62ZjF4SDbvswLu4_E6xGFMItR57CeJ7VTpARoWcQtK0inoQsmLraU4EGhfqoKQXiyH6m0IAg4ZTH0NCnQOZBe1tZHy8FsrZ1jiiJe3NX-ebeOLZK219mN9EVVNanRc4rxojPCWi5QciqUYza7vhT7nAyrWxtJjhZLYciowc0BDCYjAEDwhJaaJCjmrxHM5Ud7o-pFEUTKd7njVcXBICeDcAi65GuS7AfVwnZL_uHpBNmdJmm7eCB1qzEehgeALgSUEPYZJyJBEip8zV6uR-zONrbCCsmmS9vAWvW_palALVaz1cMoCE31GkeAC1usKER-ygfyl8q6fanct6Ak_fzVlSq9SNH4RX8yQRgRcbfXPYb9EAhXRn_glRpi_sfjN-clwd1C9HT9GDVsy8C8-V4GHjspnhWoauLUiZavCP_VerIhKEBNsY4IlPCWXYa8AjMF2_TfXfx1r2_OVmDWhHvWArObzFZZOiwfSpgLWIAR90RtQVgd1TKAwHIcMx6K-0QpUXXuvJt8YxtuDgec34vYZDQJtALusVSm0pPxfrvCX0dbKTpM04LOreIiAe0GToO991ETHa3-r0Z6aYN9YJDcaCF9YKlXsvRKuHqxfjB6oL1I6bj4tiqgDeWKDwOc_I5Bc6l1A5xTcb9CsWr8_rUjDPPq8Bw2RrrBbfdLYjApc32-VSUIxv3tkV8OzGfhT61aVEX9oinNVaClUK9pjYYZZgdCKHXOqCDCQXnr_S83sCMyE4z0S97c5L-UIbmfo4h9I20asbBUbOIquipi1T8ecshj5rcaQNTGppId_4b2zsEPcFlSgfXk10R_zVIg3Jo8mGSJ0VhyZEOXnXlJXAbfp8U-Dw1q2BRXdiSJ6o4qWDZjeVJDz3WBzYxVBgFeaeEiPZBWV9HTWkkDW4HQtFH39er5dfs4ZkYMqHiiD3NW8q2RAiDK4B5B-uODBH_f4c9MFVqQgf9h2a-4k9y9Ad-UWZjgplprK7yvsIx-b7XzgvJrENsxgVy3AKRrMkkysq7IXgdD5PTOO8ech1jvXlsPjmvJa2es1LuOm5PhNIWpVkjSuJtc269rJBel6s8UaCPcunr0eSP9A6EASXDfUZAgNLUwlg_ApdVq5S_Fvuo3emYzw0l6X-VhkKjuKmbYV6Wx0mU4DgS7uX6mUgSpmuYW3XIPGsfLIA_ArLKOZxnhuzAGl6Ci-EMrur6gT1hTs0DY_f3CHtXo0AGMs4coPIaemu2ROdYfsI-4bgCT5gCiQeZ_KZUUn9t77jOOkoj6PJI_MMMgfZ0_GhtayVQ6fl80AHv8IxhsKYFG_dxd6tLug9gPV0N3GEqc2oCOHODvgqeRqrSbmsH3vpGTmhU8pttVLe2ZAo15xzsSEm7DGlI7Nz5aOFsGPdtEbyI9E6UtTDS3cEy5Wg9e8yCh0gF4bAk-kw3xvL6Wf7NuAtKc2jwfVl-_9lQl_y4Aj7f0P-h221tLHBq5xA2_LPGNwf7cOgj_2JqxuoE0i73iA4oQEEQuLDDCYQf2jPgoxBJJYt1AheFNwrNqrj6RClguMj5FPsyo3gZIHbbyDAoY-wO4GW0Drej4s4xcbLhcwYxMXsAK1lHIqq0UvRPQ5B9Od2y9IF8NYcVvu8r5QxwsO_kRvR8XjjnI4aS_zguMcJwnxEzvgqQJbPzHry50zTXWf8xC6g6xIYjw2lcrnoXuMH_V62v3uLSsgHW0jkHtZg_JBtgg6UdhlzesPTFGYk1spqmrmFEOTH0ivk5BykwlSyyzU-KU-E7ykVPAYzf0CQungmV-aiyPjDzG4UIsg5EYO0Ht65KXNm6BGkoX6Pu-dLno5OVdUOnjlm9zXckQzmeFX9dfRgddRWfBq3gxjxYffa5Z-20pPJykdbldrEYXNhZnn69yKwSEJLa27Snz21EkNf-YMk1ne7yDcYUitgQaB-vbLbYPCsAL4IuMad6cBpqZ2nbk2J8433X770qFgFUZfI1uQJPEzfMVgYNwzJj7wMRP1zGZNoBANSdXdAz9oixsvn8GlWWhgQNvSzhX2f&cid=CAASFeRogy17_2Arf5ZsCms96bC0ZhABtA&rfl=1%2Chttps%253A%252F%252Fglossy.espreso.co.rs%252F%240

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89f82e0b8b8919bc50c1770bc92d933823bd668158fd48a21f9869d5a65d4b59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12430
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E3C1 42 B
63 B 23ms
20ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AncauhNGVPijkpkBPwHUERJLm29z_2ZkOFJ4l64Lt78WJ4YShrQ6K2FNGP-ZzP4Ah_dtKerDxav1zF_j0p1FCNRVk6GwmbMjS71BekSukw32pEok0

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/ Frame E3C1 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/window_focus_fy2019.js

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 01:56:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1281
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 01:56:37 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E3C1 122 KB
37 KB 30ms
27ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/ Frame E3C1 13 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 01:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1506
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 01:52:52 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9A99 624 B
558 B 46ms
44ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzg5AEQxrjnARjTwMWiATAB&v=APEucNViQNJiNDzXiZPOonzAidUgYvYJNxKvxhNe0OERG9XM8tSOAN3b-p7GIIrAea6n-IaiFZwcPfhNA2LhYEOZoT47HMLkYVpqeefdkZd6sCUDXDDkJ6EK74pqMBqEbOVHWPiDFtTfuFLjbSnPCt13WCgcKQo73xMFkFRkWIarIsAGtK8BI5I

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CNzg5AEQxrjnARjTwMWiATAB&v=APEucNViQNJiNDzXiZPOonzAidUgYvYJNxKvxhNe0OERG9XM8tSOAN3b-p7GIIrAea6n-IaiFZwcPfhNA2LhYEOZoT47HMLkYVpqeefdkZd6sCUDXDDkJ6EK74pqMBqEbOVHWPiDFtTfuFLjbSnPCt13WCgcKQo73xMFkFRkWIarIsAGtK8BI5I
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 17 Jun 2021 02:17:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUlcq2bKPyXZPlXzhg0d_sUhL4FsE6J4HRRrF9Esobd1aKMeePA5ecWDu5v3; expires=Tue, 12-Jul-2022 02:17:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C6F5 11 KB
8 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B73EdrF_7SdgIJxd3jYORgnXGgNR8rcOr7izM7l7zN8ZHj4lND0Jw5D6dwTu0ZGiV1WLZp9x-YwzgRRWKt0BG7iw5SZ54NFZrgMrVJJAq9gtsk5QUcs7raOYlbIFz9CqPabIRCMOCOHFU1Me0vUM3hYG46mA&dbm_d=AKAmf-CkKqEuDyQ7WjoHzk2DsGFJuv8i7gHN_mKtGxmb35o2fhTAApx5bd4u-dcTbiTCj7sqkfLyo9pm-Hgo-opYDiGV1qs8Mh9ym0s_zPHrlNNe3x8fN4Zp-SjcNeckOAZNgoHWjI0UEqshrVDhey0GNg4EZjBCsOyVNRdSTigVI7lUPO1Y_BtyGQjX6NDGr-7W50gfTeBYZUnvSoksL0oGs5en5MjXt0egymIyo1HZ8qRq2QtAPlOv_QTXPrtQqz8935cqptfmemYgZfoYniWKpa0K5nh5suaWK09jBROebO-IZRI7UyPZIZfeTfGuVaWD7gmCh__m6WyfeNrSM9GerRUm2VbKfMb2hN8f2mAM8gsqVe205oK6p5anFQALAdGzy9FpJYi6rcOvtnkz3a1uKmPDvMRJlWm8z7ABYQQcaDiKhJC-htFbW6m8Alk6CCd4pdsCb0fQgpcnHWSVjSMQlO0ZcDgpdFg594ZWnIBaSOkV_6wviZfOfWI3c8wfaNE6K87olYUgw0-j4j1BibZXfMleM_NQSW9O3_5LvaT5fG9QuHim9VfVUhn2gDkYP5LvdxKhkW0wwjNVYi_JosKNNWI90HgjONxvYxoIant1JLobkDq55Iss1EqtLf6PsNyMsHAe19S02Lf2d2VRuWtZU32Ax37kE4yhvLhReO8nBOSDGuuS-3N9hiHeF1nOc459MkddYamorL_v1fnGWqXioL7MwnRKUhaUPzYnqgkHdfNbHFFNe2SEEhZFw_N614qXYv02sr1A5yeTW1DJR9Jm2yZFJbkOR8sdJhtzGMiZBoqXTXKg_YqTiG01gPumhVwu-Eps0y7nr_JRdpfwXnkAbNBP5-2fLJjUPNriuND0Mg86qg9e9evJAdSm7it-xEFBB7j2ELBkGknceRDCuqwBCoHj2SMITXnXdHg_8mt40MZmms9hz6e7BCJyPbnaD4OPAim_j6hyL52eO5lCxs4ORzl0wAdyCy4G7tFDu3_qVTrMIcAn10LEoT3YgR9Iai5-i6L71rn7jqFgk8t9hCSNPbwmDcBgdeq2wE6sVC1-CzobKt7ZeEaDfKos2N6_DbOimwyof93VpABPQYwEhCkqcWi3tghVoloEctBtc6hNySPpkY-DXBDLp2ttk4A7Rr5QhJk-EciUtBvSn6DBu7nLVGAoQhJJ-fh2CtNOfD2OEQSI6g33hbEI3uLW70_UA_q6I2NirQUQBEg6Ce_oFSsaWFsZua5X6gGf1cZzRxecWCh0l44Q_VBnKHvxe_VqgTGSurZT51yAhFoZpxvlHRkvCVrxxS_lYkMgbFErUnwjM_7JcnJdFTAIrJjYOmvib4D_UR3TZAe2TPCWn3sf-8Jr5P6SP3Jd8QAoYqabNtNba4F40VmsK6eBbeHtiu7ykMj__HTrtdpC5_s4y5ycLzavAuFGCfM9mtuGizWDKUmeE6jf7us80B59AJQ0SPck05uupGcMmNgZMAEU3mE24E8nctm5HqmK64rLYT23sv_vmR_9sfK0VwfRxpm5GpsGNvZ8jopBOxc6Yf511ivMKlQUHgydclODywschVfst0lpl2bW4IHLib5Gc6UU71EjkttPURTxMoFDJQbIxEZGi1snOXCaKUfB2SXoN6ffwE5-gCftAE254nX1agleDec8zWrVynmX7xCSVHZAlCsjky3O3gCifQECe5k7llqCDTbzY3RgWicC9lbVkCphqT8xnkYiRYPx_DXjY5OUCfv6SmTAAZA_hIj6xIN0z6fB9bbvJWRPj9I6G3uPmXpVmPOV3eaErXUgtGgsLoj8P9jvtpzkuko6LmjVP1oq_ZmaDnIg3Qgu1SWfAFL6lLvjhZbmuGWKsZ59l4GpnoVKCYaQ4qbDpCYtWhfTioX2PYPT3-QPk6pru438pOSWUqzJSxPmb54YtBDTtB1T7zIQX9qCzgmH1XIeSAcsWP9JzXb5I4z2Ej9sp6IlNmR9AQfwiBC0OQUd_o-hvLTM998IbhaJNbHFGrb3U3WvULvRoAxN4OrwMPj07z70SNMgkdmKYg0nz4W6k2iuHy54Q7SWYgL68TEDhGHohfSUOPTzbpsRRjdZOwFsF6avgHBJWZqON67knm19ABzdwGcjAtnbBHYEfWjCBPWoZbrSMwmLh8Xi5irNqDgYT3YzsLibxvK500xiR_oVT2Z6k5JOiimId-33e11JE3wc7dKh15hU6hJI36ckSybsm-XqMJefl17c5sK_drQgvGtcgNQlc-dlbOKXaysrr2ggw8QIbDVPHc_bOBDQfnyJ1ikczPkU-T7H-VCW-CNG0yL23R2qfwZ6CqNH7w-vePLPOBxtflkJncROgWMYLRWoZ4VNPH1WY_KLrH_swTxCsfMJuYPPk9NZhe27d8NF0mnMUtIkh7OAvsyJacTd1or3J5k2ue0S43XE44jerAC1YzVxsPbhT0c4XA1Q_J_1o0qZNUyGjH1a-pJSw1xy9ytBuOck_Xyd8ZFoee3T6jG6-CAD2v200u-yK8zOOJ8wjizysiEfwCVyTinN3XdHVoYwq_rfODxAOBjli7Ty-uz-zZW6F-QyKPaWjBpvaR3xIyIcK05AfzDVv5rsHbnbqvmXJ9F8jlhC451oX6n7pIvarCkhuExoqfCfCHWP7Hs_8Jr0uMU01w&cid=CAASFeRoZo9JRwUDT7Gk4SGfC1Tp2BdbnQ&rfl=1%2Chttps%253A%252F%252Fglossy.espreso.co.rs%252F%240

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5e70389c972c7ba533e257af2956ce547209790cafc89e9c0a0ab3b42f8e1a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8340
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C6F5 42 B
63 B 20ms
19ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DmAO4fSvq0al0f835rF2of_iYP6xmNSj5imEdzwpg9trXq_ng8aCDH2fB5QhU7Z4MW6bWuvyFAI2i6718G316WE_0ve92Wgrot5Qi7uq9-PhOjFW8

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/682666/53792651/xbbe/creative/ Frame C6F5 234 KB
78 KB 127ms
59ms Script
application/javascript 52.51.10.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/682666/53792651/xbbe/creative/adj?p=APEucNUBWQNXEx6ehH95aRVInBsxcP8zP4tBIyc34MiShs7Ufl3toDU&d=CnkAoCZ_4Pqml3EotbJO_aSV9c0ZZA7on2zEIsFOqRC4N2oq6X1kmzt8hEYgRXZBSwQNUVOGUt9GrDhSY7Sab6JAJYtVW8rTb9VIpVbL52L3HELPQcmWBWn_meB2bZuW6WunvhLqjcu7rFMgfkPYYzF80vcbRZ9MPbHZErkTAKAmf-CWaFH2D9pSAe_hqcNK-JYxPaiy_vYh8R8ss-WKpfANkbv0lz_dy0pDx0jt9jpaOHPAcMbXIbCpoeubfmmq2suj4uf19RY6mwjJFPIjfhUmGoqMjMMQARplNeHi13J1fxfmhnSog_l9FHPdpw28lKDRqQGSnMpCFuY-gU1HmcGU8zJ-CONg7f6uF8DLk_ILdJzv0JzIjcD0puCqJiEBcI_HFzBpYJrrca3K7nBVSe2kfPooQ-mPvlVuq-mpV6yT4OX-Hj8XpGnz4wGwNU8GH-lXvcr_ifRIKI01yQbW-mCoeqwt2-yu6nrnySEhpnpobdx5BjbD_v-cNQ6IMTGuNVndgiQGvMBCh-TvLKgp7kpEREvZlUivEVzZWUbo60hKYu8UMbgna0nOYB8vrBdB0Bpcx3DRhVvX43-Y6bfn87iLVmvhhmZsG2hPUo1NBN1Xz-9hJ4D0ejrM7s_v4EZNZX_aKOlUFAMST_JtHjb9vQws_PaK3qpoucps7HTw5rj5Mj69SYMkRpm4SGytBUqUiNmA4iBrk5Mx4-6fvnySFHLV-5pmdnq4cXjlUVFEm-zR8mcdi1G9nrxjAewqMUpvY2duoCITCighy1RizdiyDVUjJj0MZNESB8XPNLghFyhVw5Twx1mCbY3wzm-l2jYx1T05LrOnhUG1WzcHeks2X7ZNUswHK4RWCG_VF-SiI1A9lD-D_Ji63fEeyjTszte2pxlL55rRjfwruqqkDbgcU-WiCkqY76NCMaHHGB8QqqbEhv2590UYa-Hr910nw8nIlO1s5YRGB8MCdv7p0tHos__nBss6MOIVRIiM3RHMq4ipHTgSzwFy4A1XmGPkDPcU8xqkHGIJlSf58y0skyRDkqexCPrYeuT6VcIP3NRhBsohENiUfzHSu49oM3Z3uiVzAsaUJLonN3pzLcI33hAWFOwILPAWDEm9OBoYOXQHf8yxIo_8gUMENSY1g6fcqDhmbQVtQGhUXmHtmYTvCPaY-nirm_WtWp1yYR3OHn42WftHypzI0XZiywM_gT4kms8wWnths2X-af8Jr_C-sm7ZnWh2RxKC0Wsk4yYd71qQmpz961Zt_39-d8Sqw3p1-9SgaNaz1xIpSIOjdloyZCtVuaXu0fWSlN8KlaNL_Pl-6uXGheh43Zxw7BbKrsYffTGu8OPHzcTuNL2EVnZRRNKVdOTt6AdZNuhYZKIUsfcJJL2Dt_5z35u2Jyv274rB8LghlkxelukfQtUo2NtqHAmpttbRxo3FODGVF1N9O2YG-696bP9C8SsBOq4TZ-i55p23_fgqFxYQaJrLlgQAsgdh7DRChpVYc4ehoXyB5DeO6fZgV3KhmZ39C0Q-P5em-F6oJBKFM3XSvsDSSco8-FtDbC1iZLy-Srh4ByLjmOlAR7Y24zQbdXd25-etwEVwYfOWDq7e2DHX6hcCJ1ILsNWhCTwp1jQN3xOUedpzT8DLdF64W5hU1v0CiActOQc9HZKaDU5tOT_TjuHSM0CfyUA-xEzjcoPCAR-ygQ6JBqRgdMIXfFUyDAhw2TBPlEoPWRqu7zWHAjPwiDxpGuot7oQ43haXqVLzukYwx01hiHXWPe7hzfLLR1Eaufm0q-FkG5NQ5StKyv60nYusYldm3TkIkdlex09bg6lYODhGQWuqlzv1Nnn0UrjETpMAQwNIj8hEyB5gpreQY4XY2hIxAQH8VHh8LqC4sylC4wmQDUuxA7Lk0QramgAmm6WxEm0C_UWNOdn9DclI6Ri2PhWBXWqjGXi6913lwkk-wWjaj020qVbGBR99FEfgnhw52Fuucf_Ah98dYFQ_phNtjAcfTUwy3eQEYYIFESK6UjD-JCyYnKEabY_rMIuYu98TwK0hpqaFrw4HWWRSxEt4nEMtgw7_M9FZHS0QUpY-hqqtjHYeGpicde4m_FTTGP2Z9NPiRCm1Rot15VZVDnNkkJxuNzCLk0ixARC_donNH5uhnDVW2lVWaqRSF7SuA9X_foQ08wozlz0HwxSUjN_Y8ebwaMeyTkdyW6apObaKJovs8fEeEyP_kzDoxaR-aQZ_Ce8kVq1FOJGq64KM5Ec8GvPMSStdyVaeB5KmOZr7PIAfVCE6cjxBWul4cPYY2IjMMwyEiBr94BlxWAeAp1nq9JioyjCkSLj6LGGykzQrzW1q2Gy2p0QbBE-XdXeIKzzmUG9EXp-r75dYw4rCv7sGVOU_5mrg5DVeEto3tMtq2u38hsDg-QUt18KiS3xO3cLn6X58qwAMo88AuzSt2adsN81wmy4YYaG-66ED2LQks5EhhtidP7vTFE2oH0m8nALthtxrfd66wHhV1UmhPImc_v29-aUj167W_Npox6DLWSmkE0g47PTzlG6dgIMD7I91BBQOprH30xB5TWnXVfw04m-YXhpDjWzGBelqHpHXBTaMNQ6CfoREak-X2pA-CYbAFdh_C2n2nqJIvcioOmmCQl4wi9F94LEMSnACJyAWo8QU2ChEls1jpKZglS1BmxVS4J2sU0oukQbKelDdnhIITN_NMXRcNwaY-yB6vrTxdodplzlkiEHTaV7-bzlFKlUB5-dfxUkEyL5fr0622bNUGtuL3hBnwtNxGD0yV3SaZ6qbzTtxfdKm5UtFC5xo7vIDVF3Vo63Ebkakj3CeA8tRnDiIX4iQlUR_hUSj02ese61JThCzZ_1N8GKOVsubPsG5kqzBCaMoPuJoxdvk7Lf1ROE2LNoSfoPnUBFodGYfvIyDDzHruP0cq4mmaWEmgXQKm97CAXCeFyMfGaaXfWZ54RfZ4EKpvhu33MpXBDpdUvP7K2aOSL60mQjnhj8wx8KboRg2B2g06v1PYHYTRJ3RuTv2XUJhlgWOBTrOgaowdknFvTa2z-zeAZ4fZ8yM7mlEplufMyIPiXD8mJF9I29CFi4hLJVIwCOKC0k1dz_cn868m1Tl-mHRC9QzFW7Z8Mqg6mBjcL5JiCE_ilZnMdKReZnFxgtNpTCJOa1r6nM5YA06-3zdIbsVvADbptTcA6RcbudYOteQMPIwUT3qgh9JIpTR-d75kXklhE5B4F_lex378NPXgkT9_bQgbV-kLNuinSSfgnxSfdFbtv6M33k-vo8zNdIxPKVaTy1Yg54jJ5BKYLR0RqXYVHG8DYYwWcRsbdVms1C8AHXZpTNistNVwGzBwczO2N9m7vw940hcYcB9Rh3R1CY8HAsS-5RWf3h5BQnADCWokREpW-mBzscTfjQcOWE1nlqh3Dr7TNf90MDSLG0SrIpANz5zijD8egFjSHWTGLnaPGKszXufuKSSfv3pWJWFz4m_3yExKqAaGQgAEhXkaGaPSUcFA0-xpOEhnwtU6dgXW51gAQ
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.10.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-10-244.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8b476a5b7af347e2173a050d686ab1c14201bf44db7b30b1716ebd022bed534e

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
x-server-name: app34.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/ Frame C6F5 3 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/window_focus_fy2019.js

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 01:56:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1281
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 01:56:37 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C6F5 122 KB
37 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/ Frame C6F5 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 01:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1506
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 01:52:52 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A0E9 624 B
559 B 46ms
43ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOW9wIQ7ubZ-gEYnoH9rAEwAQ&v=APEucNUBcaZxNurEv1otdT-z29blx7Hv-to1s5qaJB0MOdzbAhUCgp9S_TeSfGthMjBidX9XIEdIh6E_ar5ZldR1xRdZ7RnsQNYa03EGq7wuGGVnAQTpX2gg_-ahKEBPOYZMzf8hbgLZ3PakVQZfi_nyvQLaLIMRNKBZRtWGtmPsxiNISc7Cc4w

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPOW9wIQ7ubZ-gEYnoH9rAEwAQ&v=APEucNUBcaZxNurEv1otdT-z29blx7Hv-to1s5qaJB0MOdzbAhUCgp9S_TeSfGthMjBidX9XIEdIh6E_ar5ZldR1xRdZ7RnsQNYa03EGq7wuGGVnAQTpX2gg_-ahKEBPOYZMzf8hbgLZ3PakVQZfi_nyvQLaLIMRNKBZRtWGtmPsxiNISc7Cc4w
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 17 Jun 2021 02:17:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUnyl7GFgUMYrdSpx-9ZXy7drfOvNiPIwCa3MM5obaUjXbxmHfl-qFl0NO2c; expires=Tue, 12-Jul-2022 02:17:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6F7F 61 KB
25 KB 69ms
66ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DZWmo8t4THRMriX-UCOYfaUgEKkpRmEeNWmTk8n0dPFCoiV8mtgNqW9wbMdJ98zQOvLSEOI8onN3UAWV1mspPmTe9-3Qj1Xi2ZBjyWMDgey8P4l9zovC8JCoPFNkfLzCtKjAN-q6i0RaeyOH_bZ0w_FLHA_A&dbm_d=AKAmf-AF4gJmCxa9K_DBMpp2rELborKz15wQr5gD6cNKYJ-XwQ-cIxjlL3gbhICB2vmW1F5tkALpC6lyeiXBBbBK5bMHxt1ipyVTcneJJywTRrOwMbQGfGLIT6CwJMIptSQ9W4VTnsGxrGL7Y-rgDOCHgpbMerSY5XlZNFrncJzwI6PlcnLYCOEqtBdutosSj5sNttr0qaO8mBvyY1OyDjkIIyWAWDFjHnRpCwEvyEEyUjH1YARekzgSfwzqb7ZxQLLyMUyTDKiRH7zsPhyREcWxVzDxXqDCkQV5j-rPnSz1xnIlprujivCrpyKEABqfufbTPw0_Eq1lh84m_pMXv63c9pzofoJ_Piap1lNGK84AUMIh5Nl17_Y6Nk2P-V1iRD44IzhU6K4iTuTiK2ACz_kMj5CQ_qck6Nb4o-jtDns7sIcWzlK2vAg26ohCmkq_0Iq5pNQiT82TxnVOeq8GNjuKffehoz78nydBWlkGwAwEzBC-AE9cPk3z_NR-hBiDqMXa8AeMrTdWQYCeBpcdeChUynjQBcAliDMKLCGe1rtIrkPAp8oVh7VFx9Qpo1M_LtX-Hb1XuApoxhCsX9ZTi8GUWOv8LUIs22kAlhGd5bETRy0TJd2cAU6j7V1VMTU7BB3JKxtEoQeKEiebVW_9UlNraWe4Z5Wg_PZ4RDegJj5Z3DsIdIM8TmwivxdY-wSq0Um59Nsu3lhcDVg9LIZ15RvfPYnMKAuKQzW5CwsFNIQ_trNJC4_1E4Dv8qHnZxDHjmlaRvl50BInD3QzLSNw94lhZhCCOjDS6vtElHQ-2_X54iHp-uKyPJ1q4xwSyF0ehG_tLsZ6Z7gMyyyRLNx_iuYch9nhove0VUtuE_Ponf31ghQtBIbK4cov8tfSECoGLlCZ2k9knhd0_fErPQl9A-Glgxwfz2n6h9ogsDQWAissjv0CHOmZeuxJUT0glV0_IHQzqILtNoC_DAluGHdg85jBP4qMGsYA42l-B5S2g3fPRWVnpPkXviIBHbA04TUY-lpDRpRHYPFAEimgMQX7qtTYizWLVKUc-W-yG43DCZSi7ZmnhDk0Z3f13MDUcRjFi59BAdfA0DN11jDnwMMD4g1EET58EQKHuby5UAIlDcpjCzER-7aTS4aB1AJgZl5FztQHOpbenUD0EYnqsa596kd_cTwByf3FyOKlmQyV-7pPJ6Bx6pwLRw1bg1v7H8lldQYC7ZPKQ8D0vYlutykndVpQcfrM7TRCUfaNviS0ODdHRr_XXSLs0ZTszwIqsATnCiQHpcyg2AxfXZXoExetVLlS792mcimXZ61EB2WkKMLnuJVcrPqHUPuMcrTK1jHLsubKPsXbJ_NeXMad_9O-YaeTSQ_rUPz_JHSa8xc-QlA4Og3993VYFL7OvIBhhYl992Mv61cG81B_ORRE7DHSd1lSZvZyBC5dqh_46sqXwIxeax53DufegxZ0JGzLwnVT6nkZlKULJ1WFUDwF-cRo7KETpIOpcyWHZA_rDofEHcG14IChQcdnGfiZG-LbpXAT12PxjOtXEFDAM0FGvE52RumwKkg3NmoUxg4PQRqqFLGN9C4SbqOWKXDlTA-u5oYasiqL9HVy3ENIJoArBqUglyiuEMCOlRkL7DHO4YwexXwjYSRGxrdkgHHJSATjUeDi4WNsCocTpmz-wdaptJYSUjacdex2gmM2-j-qWgpVSRkGiBca-95YXImQOabqw6tt9PIGeVV3Xny-pJUUoedimaRiEYar4XaHf-J-IVEAijhyg8JgAtUMg6J5DfNU8VIa8bZ2AdtMSvchuw0jfWB1MKCXXJt-SdRp3Ddbs-tTd6CqkSUqtEpVtavsP5nLE1z4sZdHZNANleQiu8cAZ3G3khRKIHcX2ptj6ES5eU0JgzS6SRdIvmel8cyhL5sppo_Yls7ezR0XyaRQ7A-iRHPaypev9GUfeYWE3-pAf4LzeMooUOSsCcypZ6saPP320VXg6jhGnnWFPi_HaX6MyQKN1SZWt39KjtYlZGp45WfOcQPMGOsZcewpVWpt2Mj5Jw_C66EIkoJdeyINBpLzVpt1AVgFvRv9Sksq669VEAd2g_npfQHdLvWhUTc3QLd6i11JtsBSBzz5j6hDEOIVczHQ7NU9IEQmCUnJM-6566bZWl5lnrqMISMKZCDDYUFMUpgJbbBlLGfMUnrS6PdTbdgV-v8adMF8wrRSwMLQWYkzW2dAc8n6y_87C6uzX8bm49NF1dasrWiOvycGfEB0CroYeOLBLdvFMe21c2AT_lCTLDO3AgcjfczE-0pIIFIIj5UxsDF_5ZeD6xFW-F7SqMyZV0EghJniRImFHtaLL0Ipt6kUCmjZ2gE1oKcg2wGLXQc99uWpqkKkQAgFO_36UlRum3QditR860I9RHhhOTsjp-LKyX3a_Cu2WyqsGxBBPUX65ns4Kvp0nURdUfQ94AnSNHMDEs4RnmyIrQz60Y3IY-mmUjSubNyH1HgdpVqEPd-vVvIgMqODez2wc6PscQqIT_1QWZN1j5zHPybDITIwyL4mcK5Weydr3D23iNRviFxzyAZv2rz2319JSuYbatRObi5HGG2inNcqSUfT0Bvkq1O8nS_LeI7nRPc4sc_k-q4ikPLV7sbQRiVUVLvpVNBdywKtJiJoAbWmkVzzNpQJOthwH_J6a6qMxsAUbkMJMgi0Db9dXKn47s52maS88Ng9kSPYU1w2qh4T7LIziAhVyOW1A-HTJsHdAKaUyyz0qSMMA3A8jYje557iKuz3gz3--tfR__Sf64dwxncYezL8mbf9-ghkKB3G83ua6yMNLc8uD8K1oXa4pYIXb0iaVss_1aCynraYO3S0exbuVjwXsR9S3y0ArB6EkcBSeP6VVZn_eRu0HovUHjEfnat33HPsE7rByKALNX5D1j5O5bjl9PzQTn4J6rJfFHA4qV9Km5cePhdtESgin1sKhjnsTEyXOsiOMZT52LrPK_qntHI9TheMidYolJMaZ7Zo1MxV1kPqszY3RBG2okNcen2YMDnKc3LEoLnbhx3UZPot9d5NzVf2n_FJbsGP0WT0tWILjcGfkgU5npeWmxDILv1-s3IpLOTZOjCNxpSJvR8clvQ41D_MogjjYcsZDvBHB49BafJq52yiP7ZiJU4vVbGWC0KGPxtEPRy6LUuTL9hoVV0EKU-cqIe-iX_aVOvlDGXsw6wZSOa27yhh4fi8dzVRRPU4VSSrqXMLwiLCDI68zoqD706YLLGF9Qijvtagku44UU4dawflOiNmVgHBXsFiBGNH-DUcZccG97tuw72XMCKiS8XHgnsLMPD2YodZIjKOSpPCXkJ-sIAF0M7R&cid=CAASFeRoGCzkrRgrjsbp2eC2wco0Cf11aA&rfl=1%2Chttps%253A%252F%252Fglossy.espreso.co.rs%252F%240

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74474f4c24a435cf43422b6515c2d448b3a3a84385aaa0e4b2d9582797c00f8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25418
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F7F 42 B
63 B 16ms
13ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ASXYYTV5VYmQke1yY5pML5hilqeOZ4J81s1geZS2cr-9XzO4dhcDTi2JRtHHLD-47gBQakyp8GOPnwo7O2eL-gOUi-RzYiGZD9GW-YbBc7wa8GGpE

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/ Frame 6F7F 3 KB
1 KB 20ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/window_focus_fy2019.js

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 01:56:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1281
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 01:56:37 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6F7F 122 KB
37 KB 22ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/ Frame 6F7F 13 KB
6 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:09:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 495
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 02:09:43 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 6F7F 0
0 17ms
15ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSlxHCZQqyGy_Zg1RQWvMLTvrobyo2JkjtivYUXp99AU46uanar02fwi1ehEitfCpqV8GAwNAlpbEDtNpMdUbg0aAr_Vw
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061502.js?31061476

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D2AE 624 B
297 B 27ms
24ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWcdSHJ-HtE5bbV0yr09zaZLdVPr1bNYDhukcCAZzjw4YTDUjKJzXPIpmzVZ1haZKX666eay5NGmoBKGb8oKu4SinIvn8mYQixRQu-KRFuwUGejsRA4bBiWMUZmFSFi6qHhgRRmJIhKVPCb9sTBP8PjYUufEHt31tUFKggAmwqMEZWshqw

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWcdSHJ-HtE5bbV0yr09zaZLdVPr1bNYDhukcCAZzjw4YTDUjKJzXPIpmzVZ1haZKX666eay5NGmoBKGb8oKu4SinIvn8mYQixRQu-KRFuwUGejsRA4bBiWMUZmFSFi6qHhgRRmJIhKVPCb9sTBP8PjYUufEHt31tUFKggAmwqMEZWshqw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm4Y05Kfk_14XeUpv7_HKlUF2ZTaWHUYwGqulD4c7QO7z8UP9mPh0Fth3aQduQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 17 Jun 2021 02:17:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1442 24 KB
12 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CvcWfFqclqIf-ZMdvuYABIR9GZnFfjF--hVOlSs4jcoiEucW1PvWYMV4C-jv9MFQkAnLcy7Ljh0utKJ-oZCskPeR-b9Lx4EB81EyBmYC4ULZgfCThu3UF_JSgAeGhFd7bIQ4tqQn0M1cWlkBBuNppNS8UMxQ&cry=1&dbm_d=AKAmf-BAN4eogkIQkIsjzflwqRH66ftC5QnWlfdxdvdO4C6im_se--VT55xrR0MZQ91v6L3smuYaTjxgDQrT7323aKgc4wYB5Kq9Eq06FDKdVzF7KLQXCsfDzV_4v_S2SFbDYf1XGPP5KP_28eMf4HJ_xtd68nkjK2DO_1GHRQcfmkqj7_weAdag-dFtm5IuVDNWMkBbSRMZVoisumKFb_QafZe_7RLE_Mpb1yloMLUYOY91iFLZTto7qvdht-3zXoISHc_0acXqU0BE7TWbxBL8p-kX6uxOofhFu4W4iKRjzJX8bm8H8ZCrqOOnuh4IC3k37WpeX_HhbgbsEH5vRI51KbWK_0-kzsXgW_PMQL8B00xsxxTvDYEvAlbkaJj89IY9nWH_jfn4S2w-Blb45Q3ooIegfym95nV8EXnx-Ju8PJrjkiTVU4Shvg2fMvfMDVhxfZPhfastLmhYdQNgx1DO57PCFZ0tQqLeRhG___UHaq3zKKZSSVPBYuGlkIpcERhMhDcSy61PwJcOaE3j_pPS2RaxUD35RKoR79-LiaVWOR7df5IZCFW-ire1_CQYldsAayctlHPEf8TK2C297gQqczdWwy-AoanwEQlSTaWaw5ElpMYjU3Xy-fI_7iSi2rWrDFdkzhRRuu2aCWmYgcodrWgGklitdNlBUtGoUhEthK0XKTYc6vFQeUuw6YFL6jvVHo2m8AAcsplZMI7a4J_AjleXgzPlZGXiVzPt9ZOZNFqGCG7xj4KgUh9ivF5bALDVtmdEJFFsncjvACSO0LRmTfkW_ywWzDysRa84U7iUtG2rr8-ChT1kXRHB178ddrzKRYoNwXxMcreViWvIgJZJ3QuDTWNiyjD1VmB9iWUck7bY-8e0Qd75Hnrb2kIrcKuXdMLSqCGrxaZF0nYXC5oJpoMLYuy4aXbx4E8sP6uKu1rybx-KL0wILVU4nHkTICxfRGqOmvGGvNtypx05XNNi_kcAcRiE445XqEvv4eyMm-E1-ItSQhozNnX6VwPpMaeysACsDYe_hJ-mAP4biDMXJsZlqIiwKUNMT1gKzjTVEE53zeEAm67INpnglTdJQ-e_ajsnQH7BkEKS86Tz9QW_JlZHjG85tTkWCZR7uAbDrw81VmbDxCq-IuoBRHmtKFBBWB5sEfNZGYExhwGMn0CFwg3B9CS6wq9get-MUzs7gsmWREE2I2HtiDJW9jCeueqz-z4OMFPqJzg39khoNCYEgXYbExelyuMGCFotOLQlzO-XpFhaB2Oqpwf8RddRyOxuKkJB6Q8qPtkJsCKX_DcVmoqLo-PNNkLe7huNtkUm3woQ5o3wg4DrDJ6cMggNDck0Fbh8aIrYtLo4CiJIZbvbDk3JXqLVX8ChHrU-9wMub2MgWqQrBWDI04z_z4bf-n-W1kDkEAI4CSS_Ew7WwP0vBRhX7L-KcWsQZjoh_9Oe1poROzdehhYWe4B1KKARrPHDCFQ1H01JMAa9lYD2VBiPTtY923rCzPTDhFxQ7NEBm0gVWKn9olfKd2eM7IpgpSywB1iKw_eRtLQ4QXbp5f74Qs7IcZQu25DXhrPoA4D180tPPkrJjZYvTHWxmvMNPGVtBpPGMIyADH_eYJmIziOmrgbvudfZhagkTY_7g27Hxuc1HzzQ3yJcaY-XkMT1prBa6apLbabPxjq4wcy4hpZQU6wJ8SP9UnF4WlVZ_-yxep1maksICLrWUxe3ISUoHIXnCG8ntPIxro7FQpnVQZzOWaLR6rfLdqfsoWs-GTBf2DrU1JKaaOCLrvgGZyd9EQ9wSpoa-GN4nGYD55XBV9kJVqcruGyOUw9UYY0ORCIsBKlFq0ifjiIFUIg8-1_94op0WNS-SURpXVLQVtaRV8RzYzzi09MO59y9oOncsPfTWcovZznTac-p9ODHMEkXAxKSy6XjK-8KrVDGno1VJa2Z9fBCJtEFwyxZ96J3rnOCCa2QS2bLe0CfilpRNMJCRptOxkeMKNgmCm3LqullhLYxzakKmbY_SLj_UF5u3VQK2I0rZVxGG4k8h8vyOiGCbxpe6XM36XAmWu0N816M53lOg7gNNTn1ttVJN9QRPua1k3Fja0CVeHfxRo339x9bhpiToDFvHcybIhBULw5VeMpsa8f9S4Mu-8wWCnrQQIG-lcdl0lLx2do80mJ_aEvz8tXqOAjiLDdXUis6wkcXmVRavF914ZgGMnHEP6veLLQ7OjnpTo8FE1pwL0lcfy7qXHN6p_RaN-uqEHq2nHlBU3EEAW439UWQfv75h-gNaDxdgKq6NWyZUSvy5AbR5GilmUikdrRLb-7SerjEvJ_ARnZBwaCJPTU5jiuXd9nKCMhqZPWEtFd8dBwGko5ShhcCZ6k6S-pF3IyHfW8J4dLUv6Lek5OWZxaxfMJTrFolFDj1coMKpTD0NUWcxOmum3f4sOxXQOs8U1k96uJ2uvpV_6LxXaX3Qv14n-lzGLPF4R-osSStf4Q0kBGuhs7A0FYfQifC-HJEloBLXhulB3uH8RT1dy9hDR7NJsYBwF3shqGYNk4MbXPImseGzGwTQ1AhFcpsltOoF-suxud-oGLS5X5iAd-MATHj5j3ZSpgdkNnZSbql5MzL-VtlRtZzEZo9rFjdyJ9wTU6xKuT7JlKWLA-HZbTW-hkfZHd-Vhu-ASaxIVe5mMxYwIsWglo4e3fM7uaKpST0x-NWzSt0MeLxE0N-YB9gLKAacUbSEWvHPVtRl8RgxRrDtyscmS6pU40eaH_OklPsDO3lVbEJCx2fCI8v2a0Ig3mtDPIAnrOQDl79qchAFRjQZlUo4-PDzUpjoyIFAopCJWOEXmD1cvwnmcuBvt196Q4MMt6M3H4uP2i_dmQaUqAY2H_yilHJm3q4XYYgF2KkazeDW933Hi2rUcxGa5mpNr_hJ8FfikeNZ9BELOd_fodzXP7qeXxyF38zunPEe3t1XBsrQqPPnV2h10-HkG1liYw1l6ik6VssTLhbYZMYErwtT2mfNTPo3_iZieXyjSww7SF_n7kk3IUSLgc1qFYF7RQLHMyxzekmeaV347qrgVux2OVE8gkPAA7eLiw7fFOaedE5T10gWodtg5XErcOD36QVoPl6feMFEGTWaa4x0lPVDy38W0LSE6G4keFVCkIFWS1EEW6xKYHRZXg2641tI21qrMZdHa17JAnhd5fL_YCUsLayl1mz10gBZDuzycet40XWdmPvuaNddAIpzTwP-pL1U3IWjcbzQ8bBB2vAljE1xypZovMjiTcIgyjZbKWE8J3BLSPCCDaT3WaCl0U6SpDyDA&cid=CAASFeRotxPshQIBejDoXVl0_zFYSjn_8g&rfl=1%2Chttps%253A%252F%252Fglossy.espreso.co.rs%252F%240

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

12ac0f75a9f8b7a564428e2e8eac46da0b50260cc7f6a5a3ec85fd667db60332

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12413
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1442 42 B
63 B 19ms
15ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BnOBCuaVPYFMwmd_P9Qe1DylmXVyiiwp9SxhNmX2r8AFhl6LpyRlzLaJIZbxTLSF-X2wWNg8MVIctJ2c4yo0OIepo8p03A786tfVSJK0o4szo5Ioc

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/ Frame 1442 3 KB
1 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/window_focus_fy2019.js

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 01:56:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1281
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 01:56:37 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1442 122 KB
37 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/ Frame 1442 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210615/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:09:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 495
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 02:09:43 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 1442 0
0 17ms
14ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTfOXU7dxW6oGO5xKgx_87X2gibbGv5W4hnlhyu94B6g67QhY3_AzMJ5jfQ4IeeuHS1gWqX6BPRA6JPRSRPL_I9VyS-8A
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210615/r20110914/ Frame E3C1 22 KB
8 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210615/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CotzUkEBuaRm85a_bnIcvkSZ2P3Gyol1kwq62VJOQOVSGxFplJ1imTZFaOQ6HfbEkidGVDDQ74NfEc3J8UuNlAwvCVt3pHqjIvar9ViYKxq6KJcqvbJ8Vn6PLCn_xhyNjt-EmqEtnMcuOLFZjDiD2F-OFoBA&cry=1&dbm_d=AKAmf-CsEk78ikXqGHDUPNbUwmIMPWLelw6jPwXvnWCWx_axUlHeHW2F8G8kv8mWKZ-06px5LpTGHhw0a2UA2_Bl0Gj8aWDhpOE56lIUIrkO3nwvuplk_bshPT0voHIIwGtQ7_KeBstG0X6FwhaR3aLEd7gyWrZQzCrGKI_-LzbJcJynb2y7IKrKbKcGwRFRrGvjaP7PFkeKgYB6k2HWH-wgKi9E3vjzlDp_xnfw3jX7WBngeLDoOKgBqNqlYXsmL1_HdYjp5P6yvwdSfjQ2Ojvrru-UgAAB_75Kc0MLchbN91v1QLHaXV7eyTRIvkSeZgPK5Lc-Afb4E5q3F6av2R4TXBqrdkB2L-8z42q-H6yb3qQNBHbRHyJL4GUvRsiPx08TfG4UWNU_2ahYw5yTGWyJrEC1BXFGgE0DjQ3f3jpp1cozkuPUa0cIq8V4aycBT73C3t8vNhBQvLXBFBFZetPVDi_0LM8FFJNl20lVu1RLPr_pt1UbtW2UT_92umUCnmEn5A2cRXWCAa5glOVVcywnDBJeP1yXld1BAML-RJ8fAksypL7fd11fV-hs3ygBNbGwylBB3PAaR-yF4mAlGJiN9TXxO76rVVeA_vTyPoJJfp7CWTb2eFhNdGRgCGcSToNBm-pVzt08TRS7nzDoisQcjrhf3ahbQ5OVED9TkdIAiaan5ALIG6E0N5pSVgc-Ec41qv0VSG-Yo0KS3MNC-4fC15ZjAFqBLdsqLsFNmKvJNacVAKC1apIKdg9eXsA__Jwv7aUOuTRnUR2qhoeNmvllNBCr3MIc2cmKh_jjuwLjNEL9gkg8G51W3JkEbE24N1wJ94wzr0Fxz8-ufIPUNBJjfiaXd_WlOscIYGrp7ekPq1kUaBgf8fdVseB7YoNHp4pxBnOuZISuIAQk_YZEWgTfTLZweE6dNFe2xSJ49o7NlRefDbPdIIWHm49J9EGdBQp7TgrooISC6CIdQJICL53gPzmNM1JLXmftwbKbQwpsLNsezy4mvD_sQClZoPxtJjNHcPXiBGBUkmDjw4EeRh3kGvAK9adiTBVu6zp9Ngh9aVQYlnxHCg6BYtk6z0a7V1ndjBUu3TmhjPXKdwUioX_XV2jVepja8e-5w2qNToPlOWptosFRgzMbOFbZlDxENMCucydRBK_LZT5BHB8SzW8PkcOD5mdc8SrriN_3Jx_CiGCmJykmImKYYh3uSf0uyVepf70lCSWhH070twkVb62ZjF4SDbvswLu4_E6xGFMItR57CeJ7VTpARoWcQtK0inoQsmLraU4EGhfqoKQXiyH6m0IAg4ZTH0NCnQOZBe1tZHy8FsrZ1jiiJe3NX-ebeOLZK219mN9EVVNanRc4rxojPCWi5QciqUYza7vhT7nAyrWxtJjhZLYciowc0BDCYjAEDwhJaaJCjmrxHM5Ud7o-pFEUTKd7njVcXBICeDcAi65GuS7AfVwnZL_uHpBNmdJmm7eCB1qzEehgeALgSUEPYZJyJBEip8zV6uR-zONrbCCsmmS9vAWvW_palALVaz1cMoCE31GkeAC1usKER-ygfyl8q6fanct6Ak_fzVlSq9SNH4RX8yQRgRcbfXPYb9EAhXRn_glRpi_sfjN-clwd1C9HT9GDVsy8C8-V4GHjspnhWoauLUiZavCP_VerIhKEBNsY4IlPCWXYa8AjMF2_TfXfx1r2_OVmDWhHvWArObzFZZOiwfSpgLWIAR90RtQVgd1TKAwHIcMx6K-0QpUXXuvJt8YxtuDgec34vYZDQJtALusVSm0pPxfrvCX0dbKTpM04LOreIiAe0GToO991ETHa3-r0Z6aYN9YJDcaCF9YKlXsvRKuHqxfjB6oL1I6bj4tiqgDeWKDwOc_I5Bc6l1A5xTcb9CsWr8_rUjDPPq8Bw2RrrBbfdLYjApc32-VSUIxv3tkV8OzGfhT61aVEX9oinNVaClUK9pjYYZZgdCKHXOqCDCQXnr_S83sCMyE4z0S97c5L-UIbmfo4h9I20asbBUbOIquipi1T8ecshj5rcaQNTGppId_4b2zsEPcFlSgfXk10R_zVIg3Jo8mGSJ0VhyZEOXnXlJXAbfp8U-Dw1q2BRXdiSJ6o4qWDZjeVJDz3WBzYxVBgFeaeEiPZBWV9HTWkkDW4HQtFH39er5dfs4ZkYMqHiiD3NW8q2RAiDK4B5B-uODBH_f4c9MFVqQgf9h2a-4k9y9Ad-UWZjgplprK7yvsIx-b7XzgvJrENsxgVy3AKRrMkkysq7IXgdD5PTOO8ech1jvXlsPjmvJa2es1LuOm5PhNIWpVkjSuJtc269rJBel6s8UaCPcunr0eSP9A6EASXDfUZAgNLUwlg_ApdVq5S_Fvuo3emYzw0l6X-VhkKjuKmbYV6Wx0mU4DgS7uX6mUgSpmuYW3XIPGsfLIA_ArLKOZxnhuzAGl6Ci-EMrur6gT1hTs0DY_f3CHtXo0AGMs4coPIaemu2ROdYfsI-4bgCT5gCiQeZ_KZUUn9t77jOOkoj6PJI_MMMgfZ0_GhtayVQ6fl80AHv8IxhsKYFG_dxd6tLug9gPV0N3GEqc2oCOHODvgqeRqrSbmsH3vpGTmhU8pttVLe2ZAo15xzsSEm7DGlI7Nz5aOFsGPdtEbyI9E6UtTDS3cEy5Wg9e8yCh0gF4bAk-kw3xvL6Wf7NuAtKc2jwfVl-_9lQl_y4Aj7f0P-h221tLHBq5xA2_LPGNwf7cOgj_2JqxuoE0i73iA4oQEEQuLDDCYQf2jPgoxBJJYt1AheFNwrNqrj6RClguMj5FPsyo3gZIHbbyDAoY-wO4GW0Drej4s4xcbLhcwYxMXsAK1lHIqq0UvRPQ5B9Od2y9IF8NYcVvu8r5QxwsO_kRvR8XjjnI4aS_zguMcJwnxEzvgqQJbPzHry50zTXWf8xC6g6xIYjw2lcrnoXuMH_V62v3uLSsgHW0jkHtZg_JBtgg6UdhlzesPTFGYk1spqmrmFEOTH0ivk5BykwlSyyzU-KU-E7ykVPAYzf0CQungmV-aiyPjDzG4UIsg5EYO0Ht65KXNm6BGkoX6Pu-dLno5OVdUOnjlm9zXckQzmeFX9dfRgddRWfBq3gxjxYffa5Z-20pPJykdbldrEYXNhZnn69yKwSEJLa27Snz21EkNf-YMk1ne7yDcYUitgQaB-vbLbYPCsAL4IuMad6cBpqZ2nbk2J8433X770qFgFUZfI1uQJPEzfMVgYNwzJj7wMRP1zGZNoBANSdXdAz9oixsvn8GlWWhgQNvSzhX2f&cid=CAASFeRogy17_2Arf5ZsCms96bC0ZhABtA&rfl=1%2Chttps%253A%252F%252Fglossy.espreso.co.rs%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a39d2ec9bcdaae22f3c1e9ce78d608ccb743b7c52d072d01475e69fd4ef32f34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 00:41:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5818
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8638
x-xss-protection: 0
server: cafe
etag: 1523618549969485492
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 00:41:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E3C1 41 KB
15 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 21:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jun 2022 21:14:36 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C6F5 41 KB
15 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B73EdrF_7SdgIJxd3jYORgnXGgNR8rcOr7izM7l7zN8ZHj4lND0Jw5D6dwTu0ZGiV1WLZp9x-YwzgRRWKt0BG7iw5SZ54NFZrgMrVJJAq9gtsk5QUcs7raOYlbIFz9CqPabIRCMOCOHFU1Me0vUM3hYG46mA&dbm_d=AKAmf-CkKqEuDyQ7WjoHzk2DsGFJuv8i7gHN_mKtGxmb35o2fhTAApx5bd4u-dcTbiTCj7sqkfLyo9pm-Hgo-opYDiGV1qs8Mh9ym0s_zPHrlNNe3x8fN4Zp-SjcNeckOAZNgoHWjI0UEqshrVDhey0GNg4EZjBCsOyVNRdSTigVI7lUPO1Y_BtyGQjX6NDGr-7W50gfTeBYZUnvSoksL0oGs5en5MjXt0egymIyo1HZ8qRq2QtAPlOv_QTXPrtQqz8935cqptfmemYgZfoYniWKpa0K5nh5suaWK09jBROebO-IZRI7UyPZIZfeTfGuVaWD7gmCh__m6WyfeNrSM9GerRUm2VbKfMb2hN8f2mAM8gsqVe205oK6p5anFQALAdGzy9FpJYi6rcOvtnkz3a1uKmPDvMRJlWm8z7ABYQQcaDiKhJC-htFbW6m8Alk6CCd4pdsCb0fQgpcnHWSVjSMQlO0ZcDgpdFg594ZWnIBaSOkV_6wviZfOfWI3c8wfaNE6K87olYUgw0-j4j1BibZXfMleM_NQSW9O3_5LvaT5fG9QuHim9VfVUhn2gDkYP5LvdxKhkW0wwjNVYi_JosKNNWI90HgjONxvYxoIant1JLobkDq55Iss1EqtLf6PsNyMsHAe19S02Lf2d2VRuWtZU32Ax37kE4yhvLhReO8nBOSDGuuS-3N9hiHeF1nOc459MkddYamorL_v1fnGWqXioL7MwnRKUhaUPzYnqgkHdfNbHFFNe2SEEhZFw_N614qXYv02sr1A5yeTW1DJR9Jm2yZFJbkOR8sdJhtzGMiZBoqXTXKg_YqTiG01gPumhVwu-Eps0y7nr_JRdpfwXnkAbNBP5-2fLJjUPNriuND0Mg86qg9e9evJAdSm7it-xEFBB7j2ELBkGknceRDCuqwBCoHj2SMITXnXdHg_8mt40MZmms9hz6e7BCJyPbnaD4OPAim_j6hyL52eO5lCxs4ORzl0wAdyCy4G7tFDu3_qVTrMIcAn10LEoT3YgR9Iai5-i6L71rn7jqFgk8t9hCSNPbwmDcBgdeq2wE6sVC1-CzobKt7ZeEaDfKos2N6_DbOimwyof93VpABPQYwEhCkqcWi3tghVoloEctBtc6hNySPpkY-DXBDLp2ttk4A7Rr5QhJk-EciUtBvSn6DBu7nLVGAoQhJJ-fh2CtNOfD2OEQSI6g33hbEI3uLW70_UA_q6I2NirQUQBEg6Ce_oFSsaWFsZua5X6gGf1cZzRxecWCh0l44Q_VBnKHvxe_VqgTGSurZT51yAhFoZpxvlHRkvCVrxxS_lYkMgbFErUnwjM_7JcnJdFTAIrJjYOmvib4D_UR3TZAe2TPCWn3sf-8Jr5P6SP3Jd8QAoYqabNtNba4F40VmsK6eBbeHtiu7ykMj__HTrtdpC5_s4y5ycLzavAuFGCfM9mtuGizWDKUmeE6jf7us80B59AJQ0SPck05uupGcMmNgZMAEU3mE24E8nctm5HqmK64rLYT23sv_vmR_9sfK0VwfRxpm5GpsGNvZ8jopBOxc6Yf511ivMKlQUHgydclODywschVfst0lpl2bW4IHLib5Gc6UU71EjkttPURTxMoFDJQbIxEZGi1snOXCaKUfB2SXoN6ffwE5-gCftAE254nX1agleDec8zWrVynmX7xCSVHZAlCsjky3O3gCifQECe5k7llqCDTbzY3RgWicC9lbVkCphqT8xnkYiRYPx_DXjY5OUCfv6SmTAAZA_hIj6xIN0z6fB9bbvJWRPj9I6G3uPmXpVmPOV3eaErXUgtGgsLoj8P9jvtpzkuko6LmjVP1oq_ZmaDnIg3Qgu1SWfAFL6lLvjhZbmuGWKsZ59l4GpnoVKCYaQ4qbDpCYtWhfTioX2PYPT3-QPk6pru438pOSWUqzJSxPmb54YtBDTtB1T7zIQX9qCzgmH1XIeSAcsWP9JzXb5I4z2Ej9sp6IlNmR9AQfwiBC0OQUd_o-hvLTM998IbhaJNbHFGrb3U3WvULvRoAxN4OrwMPj07z70SNMgkdmKYg0nz4W6k2iuHy54Q7SWYgL68TEDhGHohfSUOPTzbpsRRjdZOwFsF6avgHBJWZqON67knm19ABzdwGcjAtnbBHYEfWjCBPWoZbrSMwmLh8Xi5irNqDgYT3YzsLibxvK500xiR_oVT2Z6k5JOiimId-33e11JE3wc7dKh15hU6hJI36ckSybsm-XqMJefl17c5sK_drQgvGtcgNQlc-dlbOKXaysrr2ggw8QIbDVPHc_bOBDQfnyJ1ikczPkU-T7H-VCW-CNG0yL23R2qfwZ6CqNH7w-vePLPOBxtflkJncROgWMYLRWoZ4VNPH1WY_KLrH_swTxCsfMJuYPPk9NZhe27d8NF0mnMUtIkh7OAvsyJacTd1or3J5k2ue0S43XE44jerAC1YzVxsPbhT0c4XA1Q_J_1o0qZNUyGjH1a-pJSw1xy9ytBuOck_Xyd8ZFoee3T6jG6-CAD2v200u-yK8zOOJ8wjizysiEfwCVyTinN3XdHVoYwq_rfODxAOBjli7Ty-uz-zZW6F-QyKPaWjBpvaR3xIyIcK05AfzDVv5rsHbnbqvmXJ9F8jlhC451oX6n7pIvarCkhuExoqfCfCHWP7Hs_8Jr0uMU01w&cid=CAASFeRoZo9JRwUDT7Gk4SGfC1Tp2BdbnQ&rfl=1%2Chttps%253A%252F%252Fglossy.espreso.co.rs%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 21:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jun 2022 21:14:36 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A99E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

43 B
894 B

21ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWxNOs2lCEarN7pTZvG8MltpeGy64aNY-Mn3tofvbnrp3ltGlfWbxvzsObAGDNBmiRmaRiLqRHxc42gIJbY4uFaFFonP9X80eEEI6euecP8fb3JgdmyPVF0nNBaTyKqMLxjm8G4Yxkx58Uh_bI8SuO-sJOjFY6ayZtX5Ezzmq5T_aIFKIM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Jun 2021 02:17:58 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A99E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMqw1unfC--HVncfXU2ZPgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

43 B
894 B

12ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWxNOs2lCEarN7pTZvG8MltpeGy64aNY-Mn3tofvbnrp3ltGlfWbxvzsObAGDNBmiRmaRiLqRHxc42gIJbY4uFaFFonP9X80eEEI6euecP8fb3JgdmyPVF0nNBaTyKqMLxjm8G4Yxkx58Uh_bI8SuO-sJOjFY6ayZtX5Ezzmq5T_aIFKIM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Jun 2021 02:17:58 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A99E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

43 B
1023 B

50ms
21ms

Image
image/gif

185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWxNOs2lCEarN7pTZvG8MltpeGy64aNY-Mn3tofvbnrp3ltGlfWbxvzsObAGDNBmiRmaRiLqRHxc42gIJbY4uFaFFonP9X80eEEI6euecP8fb3JgdmyPVF0nNBaTyKqMLxjm8G4Yxkx58Uh_bI8SuO-sJOjFY6ayZtX5Ezzmq5T_aIFKIM

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.177:80
AN-X-Request-Uuid: 2606b583-ba32-43f0-850c-49c0bf193825
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A99E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

170 B
188 B

14ms
14ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.79:80
AN-X-Request-Uuid: 89a27f22-d323-439a-ad4f-6c7f735d40f6
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame E868 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://glossy.espreso.co.rs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://glossy.espreso.co.rs/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 16 Jun 2021 23:16:27 GMT
expires: Thu, 16 Jun 2022 23:16:27 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10891
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BBC6 783 B
531 B 17ms
16ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

dbaad3dcbd3af75e09e72dda072b749266241e9efa1026b108cada1fdd8b9151

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VPy8TvzToiBccVd32dhBhw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://glossy.espreso.co.rs/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://glossy.espreso.co.rs/

Response headers

expires: Thu, 17 Jun 2021 02:17:58 GMT
date: Thu, 17 Jun 2021 02:17:58 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-VPy8TvzToiBccVd32dhBhw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 6F7F 176 KB
61 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 09:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59775
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Jun 2021 09:41:43 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210615/r20110914/elements/html/ Frame 6F7F 8 KB
3 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210615/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DZWmo8t4THRMriX-UCOYfaUgEKkpRmEeNWmTk8n0dPFCoiV8mtgNqW9wbMdJ98zQOvLSEOI8onN3UAWV1mspPmTe9-3Qj1Xi2ZBjyWMDgey8P4l9zovC8JCoPFNkfLzCtKjAN-q6i0RaeyOH_bZ0w_FLHA_A&dbm_d=AKAmf-AF4gJmCxa9K_DBMpp2rELborKz15wQr5gD6cNKYJ-XwQ-cIxjlL3gbhICB2vmW1F5tkALpC6lyeiXBBbBK5bMHxt1ipyVTcneJJywTRrOwMbQGfGLIT6CwJMIptSQ9W4VTnsGxrGL7Y-rgDOCHgpbMerSY5XlZNFrncJzwI6PlcnLYCOEqtBdutosSj5sNttr0qaO8mBvyY1OyDjkIIyWAWDFjHnRpCwEvyEEyUjH1YARekzgSfwzqb7ZxQLLyMUyTDKiRH7zsPhyREcWxVzDxXqDCkQV5j-rPnSz1xnIlprujivCrpyKEABqfufbTPw0_Eq1lh84m_pMXv63c9pzofoJ_Piap1lNGK84AUMIh5Nl17_Y6Nk2P-V1iRD44IzhU6K4iTuTiK2ACz_kMj5CQ_qck6Nb4o-jtDns7sIcWzlK2vAg26ohCmkq_0Iq5pNQiT82TxnVOeq8GNjuKffehoz78nydBWlkGwAwEzBC-AE9cPk3z_NR-hBiDqMXa8AeMrTdWQYCeBpcdeChUynjQBcAliDMKLCGe1rtIrkPAp8oVh7VFx9Qpo1M_LtX-Hb1XuApoxhCsX9ZTi8GUWOv8LUIs22kAlhGd5bETRy0TJd2cAU6j7V1VMTU7BB3JKxtEoQeKEiebVW_9UlNraWe4Z5Wg_PZ4RDegJj5Z3DsIdIM8TmwivxdY-wSq0Um59Nsu3lhcDVg9LIZ15RvfPYnMKAuKQzW5CwsFNIQ_trNJC4_1E4Dv8qHnZxDHjmlaRvl50BInD3QzLSNw94lhZhCCOjDS6vtElHQ-2_X54iHp-uKyPJ1q4xwSyF0ehG_tLsZ6Z7gMyyyRLNx_iuYch9nhove0VUtuE_Ponf31ghQtBIbK4cov8tfSECoGLlCZ2k9knhd0_fErPQl9A-Glgxwfz2n6h9ogsDQWAissjv0CHOmZeuxJUT0glV0_IHQzqILtNoC_DAluGHdg85jBP4qMGsYA42l-B5S2g3fPRWVnpPkXviIBHbA04TUY-lpDRpRHYPFAEimgMQX7qtTYizWLVKUc-W-yG43DCZSi7ZmnhDk0Z3f13MDUcRjFi59BAdfA0DN11jDnwMMD4g1EET58EQKHuby5UAIlDcpjCzER-7aTS4aB1AJgZl5FztQHOpbenUD0EYnqsa596kd_cTwByf3FyOKlmQyV-7pPJ6Bx6pwLRw1bg1v7H8lldQYC7ZPKQ8D0vYlutykndVpQcfrM7TRCUfaNviS0ODdHRr_XXSLs0ZTszwIqsATnCiQHpcyg2AxfXZXoExetVLlS792mcimXZ61EB2WkKMLnuJVcrPqHUPuMcrTK1jHLsubKPsXbJ_NeXMad_9O-YaeTSQ_rUPz_JHSa8xc-QlA4Og3993VYFL7OvIBhhYl992Mv61cG81B_ORRE7DHSd1lSZvZyBC5dqh_46sqXwIxeax53DufegxZ0JGzLwnVT6nkZlKULJ1WFUDwF-cRo7KETpIOpcyWHZA_rDofEHcG14IChQcdnGfiZG-LbpXAT12PxjOtXEFDAM0FGvE52RumwKkg3NmoUxg4PQRqqFLGN9C4SbqOWKXDlTA-u5oYasiqL9HVy3ENIJoArBqUglyiuEMCOlRkL7DHO4YwexXwjYSRGxrdkgHHJSATjUeDi4WNsCocTpmz-wdaptJYSUjacdex2gmM2-j-qWgpVSRkGiBca-95YXImQOabqw6tt9PIGeVV3Xny-pJUUoedimaRiEYar4XaHf-J-IVEAijhyg8JgAtUMg6J5DfNU8VIa8bZ2AdtMSvchuw0jfWB1MKCXXJt-SdRp3Ddbs-tTd6CqkSUqtEpVtavsP5nLE1z4sZdHZNANleQiu8cAZ3G3khRKIHcX2ptj6ES5eU0JgzS6SRdIvmel8cyhL5sppo_Yls7ezR0XyaRQ7A-iRHPaypev9GUfeYWE3-pAf4LzeMooUOSsCcypZ6saPP320VXg6jhGnnWFPi_HaX6MyQKN1SZWt39KjtYlZGp45WfOcQPMGOsZcewpVWpt2Mj5Jw_C66EIkoJdeyINBpLzVpt1AVgFvRv9Sksq669VEAd2g_npfQHdLvWhUTc3QLd6i11JtsBSBzz5j6hDEOIVczHQ7NU9IEQmCUnJM-6566bZWl5lnrqMISMKZCDDYUFMUpgJbbBlLGfMUnrS6PdTbdgV-v8adMF8wrRSwMLQWYkzW2dAc8n6y_87C6uzX8bm49NF1dasrWiOvycGfEB0CroYeOLBLdvFMe21c2AT_lCTLDO3AgcjfczE-0pIIFIIj5UxsDF_5ZeD6xFW-F7SqMyZV0EghJniRImFHtaLL0Ipt6kUCmjZ2gE1oKcg2wGLXQc99uWpqkKkQAgFO_36UlRum3QditR860I9RHhhOTsjp-LKyX3a_Cu2WyqsGxBBPUX65ns4Kvp0nURdUfQ94AnSNHMDEs4RnmyIrQz60Y3IY-mmUjSubNyH1HgdpVqEPd-vVvIgMqODez2wc6PscQqIT_1QWZN1j5zHPybDITIwyL4mcK5Weydr3D23iNRviFxzyAZv2rz2319JSuYbatRObi5HGG2inNcqSUfT0Bvkq1O8nS_LeI7nRPc4sc_k-q4ikPLV7sbQRiVUVLvpVNBdywKtJiJoAbWmkVzzNpQJOthwH_J6a6qMxsAUbkMJMgi0Db9dXKn47s52maS88Ng9kSPYU1w2qh4T7LIziAhVyOW1A-HTJsHdAKaUyyz0qSMMA3A8jYje557iKuz3gz3--tfR__Sf64dwxncYezL8mbf9-ghkKB3G83ua6yMNLc8uD8K1oXa4pYIXb0iaVss_1aCynraYO3S0exbuVjwXsR9S3y0ArB6EkcBSeP6VVZn_eRu0HovUHjEfnat33HPsE7rByKALNX5D1j5O5bjl9PzQTn4J6rJfFHA4qV9Km5cePhdtESgin1sKhjnsTEyXOsiOMZT52LrPK_qntHI9TheMidYolJMaZ7Zo1MxV1kPqszY3RBG2okNcen2YMDnKc3LEoLnbhx3UZPot9d5NzVf2n_FJbsGP0WT0tWILjcGfkgU5npeWmxDILv1-s3IpLOTZOjCNxpSJvR8clvQ41D_MogjjYcsZDvBHB49BafJq52yiP7ZiJU4vVbGWC0KGPxtEPRy6LUuTL9hoVV0EKU-cqIe-iX_aVOvlDGXsw6wZSOa27yhh4fi8dzVRRPU4VSSrqXMLwiLCDI68zoqD706YLLGF9Qijvtagku44UU4dawflOiNmVgHBXsFiBGNH-DUcZccG97tuw72XMCKiS8XHgnsLMPD2YodZIjKOSpPCXkJ-sIAF0M7R&cid=CAASFeRoGCzkrRgrjsbp2eC2wco0Cf11aA&rfl=1%2Chttps%253A%252F%252Fglossy.espreso.co.rs%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 01:43:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2092
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 01:43:06 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210615/r20110914/ Frame 6F7F 22 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210615/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a39d2ec9bcdaae22f3c1e9ce78d608ccb743b7c52d072d01475e69fd4ef32f34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 00:41:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5818
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8638
x-xss-protection: 0
server: cafe
etag: 1523618549969485492
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 00:41:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9A99
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

43 B
894 B

24ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzg5AEQxrjnARjTwMWiATAB&v=APEucNViQNJiNDzXiZPOonzAidUgYvYJNxKvxhNe0OERG9XM8tSOAN3b-p7GIIrAea6n-IaiFZwcPfhNA2LhYEOZoT47HMLkYVpqeefdkZd6sCUDXDDkJ6EK74pqMBqEbOVHWPiDFtTfuFLjbSnPCt13WCgcKQo73xMFkFRkWIarIsAGtK8BI5I
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Jun 2021 02:17:58 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9A99
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMqw1unfC--HVncfXU2ZPgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

43 B
894 B

11ms
10ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzg5AEQxrjnARjTwMWiATAB&v=APEucNViQNJiNDzXiZPOonzAidUgYvYJNxKvxhNe0OERG9XM8tSOAN3b-p7GIIrAea6n-IaiFZwcPfhNA2LhYEOZoT47HMLkYVpqeefdkZd6sCUDXDDkJ6EK74pqMBqEbOVHWPiDFtTfuFLjbSnPCt13WCgcKQo73xMFkFRkWIarIsAGtK8BI5I
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Jun 2021 02:17:58 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 9A99
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

43 B
1023 B

37ms
12ms

Image
image/gif

185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNzg5AEQxrjnARjTwMWiATAB&v=APEucNViQNJiNDzXiZPOonzAidUgYvYJNxKvxhNe0OERG9XM8tSOAN3b-p7GIIrAea6n-IaiFZwcPfhNA2LhYEOZoT47HMLkYVpqeefdkZd6sCUDXDDkJ6EK74pqMBqEbOVHWPiDFtTfuFLjbSnPCt13WCgcKQo73xMFkFRkWIarIsAGtK8BI5I

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.165:80
AN-X-Request-Uuid: 08428182-84e2-4fb6-9c56-cbd807ea74d0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9A99
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

170 B
188 B

15ms
15ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.232:80
AN-X-Request-Uuid: 53535528-919d-4843-9a7d-3ce6f6a83a8d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A0E9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

43 B
894 B

26ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOW9wIQ7ubZ-gEYnoH9rAEwAQ&v=APEucNUBcaZxNurEv1otdT-z29blx7Hv-to1s5qaJB0MOdzbAhUCgp9S_TeSfGthMjBidX9XIEdIh6E_ar5ZldR1xRdZ7RnsQNYa03EGq7wuGGVnAQTpX2gg_-ahKEBPOYZMzf8hbgLZ3PakVQZfi_nyvQLaLIMRNKBZRtWGtmPsxiNISc7Cc4w
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Jun 2021 02:17:58 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A0E9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMqw1unfC--HVncfXU2ZPgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

43 B
894 B

13ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOW9wIQ7ubZ-gEYnoH9rAEwAQ&v=APEucNUBcaZxNurEv1otdT-z29blx7Hv-to1s5qaJB0MOdzbAhUCgp9S_TeSfGthMjBidX9XIEdIh6E_ar5ZldR1xRdZ7RnsQNYa03EGq7wuGGVnAQTpX2gg_-ahKEBPOYZMzf8hbgLZ3PakVQZfi_nyvQLaLIMRNKBZRtWGtmPsxiNISc7Cc4w
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Jun 2021 02:17:58 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A0E9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

43 B
1022 B

38ms
13ms

Image
image/gif

185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOW9wIQ7ubZ-gEYnoH9rAEwAQ&v=APEucNUBcaZxNurEv1otdT-z29blx7Hv-to1s5qaJB0MOdzbAhUCgp9S_TeSfGthMjBidX9XIEdIh6E_ar5ZldR1xRdZ7RnsQNYa03EGq7wuGGVnAQTpX2gg_-ahKEBPOYZMzf8hbgLZ3PakVQZfi_nyvQLaLIMRNKBZRtWGtmPsxiNISc7Cc4w

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.46:80
AN-X-Request-Uuid: 3dffbfe9-4a4c-4f9c-a41d-2c31f565d88d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A0E9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

170 B
188 B

16ms
15ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.138:80
AN-X-Request-Uuid: 3ed04bf8-1800-4d21-a441-202f8d308a39
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 658B 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 15 Jun 2021 05:09:21 GMT
expires: Wed, 15 Jun 2022 05:09:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 162517
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210615/r20110914/ Frame 1442 22 KB
8 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210615/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CvcWfFqclqIf-ZMdvuYABIR9GZnFfjF--hVOlSs4jcoiEucW1PvWYMV4C-jv9MFQkAnLcy7Ljh0utKJ-oZCskPeR-b9Lx4EB81EyBmYC4ULZgfCThu3UF_JSgAeGhFd7bIQ4tqQn0M1cWlkBBuNppNS8UMxQ&cry=1&dbm_d=AKAmf-BAN4eogkIQkIsjzflwqRH66ftC5QnWlfdxdvdO4C6im_se--VT55xrR0MZQ91v6L3smuYaTjxgDQrT7323aKgc4wYB5Kq9Eq06FDKdVzF7KLQXCsfDzV_4v_S2SFbDYf1XGPP5KP_28eMf4HJ_xtd68nkjK2DO_1GHRQcfmkqj7_weAdag-dFtm5IuVDNWMkBbSRMZVoisumKFb_QafZe_7RLE_Mpb1yloMLUYOY91iFLZTto7qvdht-3zXoISHc_0acXqU0BE7TWbxBL8p-kX6uxOofhFu4W4iKRjzJX8bm8H8ZCrqOOnuh4IC3k37WpeX_HhbgbsEH5vRI51KbWK_0-kzsXgW_PMQL8B00xsxxTvDYEvAlbkaJj89IY9nWH_jfn4S2w-Blb45Q3ooIegfym95nV8EXnx-Ju8PJrjkiTVU4Shvg2fMvfMDVhxfZPhfastLmhYdQNgx1DO57PCFZ0tQqLeRhG___UHaq3zKKZSSVPBYuGlkIpcERhMhDcSy61PwJcOaE3j_pPS2RaxUD35RKoR79-LiaVWOR7df5IZCFW-ire1_CQYldsAayctlHPEf8TK2C297gQqczdWwy-AoanwEQlSTaWaw5ElpMYjU3Xy-fI_7iSi2rWrDFdkzhRRuu2aCWmYgcodrWgGklitdNlBUtGoUhEthK0XKTYc6vFQeUuw6YFL6jvVHo2m8AAcsplZMI7a4J_AjleXgzPlZGXiVzPt9ZOZNFqGCG7xj4KgUh9ivF5bALDVtmdEJFFsncjvACSO0LRmTfkW_ywWzDysRa84U7iUtG2rr8-ChT1kXRHB178ddrzKRYoNwXxMcreViWvIgJZJ3QuDTWNiyjD1VmB9iWUck7bY-8e0Qd75Hnrb2kIrcKuXdMLSqCGrxaZF0nYXC5oJpoMLYuy4aXbx4E8sP6uKu1rybx-KL0wILVU4nHkTICxfRGqOmvGGvNtypx05XNNi_kcAcRiE445XqEvv4eyMm-E1-ItSQhozNnX6VwPpMaeysACsDYe_hJ-mAP4biDMXJsZlqIiwKUNMT1gKzjTVEE53zeEAm67INpnglTdJQ-e_ajsnQH7BkEKS86Tz9QW_JlZHjG85tTkWCZR7uAbDrw81VmbDxCq-IuoBRHmtKFBBWB5sEfNZGYExhwGMn0CFwg3B9CS6wq9get-MUzs7gsmWREE2I2HtiDJW9jCeueqz-z4OMFPqJzg39khoNCYEgXYbExelyuMGCFotOLQlzO-XpFhaB2Oqpwf8RddRyOxuKkJB6Q8qPtkJsCKX_DcVmoqLo-PNNkLe7huNtkUm3woQ5o3wg4DrDJ6cMggNDck0Fbh8aIrYtLo4CiJIZbvbDk3JXqLVX8ChHrU-9wMub2MgWqQrBWDI04z_z4bf-n-W1kDkEAI4CSS_Ew7WwP0vBRhX7L-KcWsQZjoh_9Oe1poROzdehhYWe4B1KKARrPHDCFQ1H01JMAa9lYD2VBiPTtY923rCzPTDhFxQ7NEBm0gVWKn9olfKd2eM7IpgpSywB1iKw_eRtLQ4QXbp5f74Qs7IcZQu25DXhrPoA4D180tPPkrJjZYvTHWxmvMNPGVtBpPGMIyADH_eYJmIziOmrgbvudfZhagkTY_7g27Hxuc1HzzQ3yJcaY-XkMT1prBa6apLbabPxjq4wcy4hpZQU6wJ8SP9UnF4WlVZ_-yxep1maksICLrWUxe3ISUoHIXnCG8ntPIxro7FQpnVQZzOWaLR6rfLdqfsoWs-GTBf2DrU1JKaaOCLrvgGZyd9EQ9wSpoa-GN4nGYD55XBV9kJVqcruGyOUw9UYY0ORCIsBKlFq0ifjiIFUIg8-1_94op0WNS-SURpXVLQVtaRV8RzYzzi09MO59y9oOncsPfTWcovZznTac-p9ODHMEkXAxKSy6XjK-8KrVDGno1VJa2Z9fBCJtEFwyxZ96J3rnOCCa2QS2bLe0CfilpRNMJCRptOxkeMKNgmCm3LqullhLYxzakKmbY_SLj_UF5u3VQK2I0rZVxGG4k8h8vyOiGCbxpe6XM36XAmWu0N816M53lOg7gNNTn1ttVJN9QRPua1k3Fja0CVeHfxRo339x9bhpiToDFvHcybIhBULw5VeMpsa8f9S4Mu-8wWCnrQQIG-lcdl0lLx2do80mJ_aEvz8tXqOAjiLDdXUis6wkcXmVRavF914ZgGMnHEP6veLLQ7OjnpTo8FE1pwL0lcfy7qXHN6p_RaN-uqEHq2nHlBU3EEAW439UWQfv75h-gNaDxdgKq6NWyZUSvy5AbR5GilmUikdrRLb-7SerjEvJ_ARnZBwaCJPTU5jiuXd9nKCMhqZPWEtFd8dBwGko5ShhcCZ6k6S-pF3IyHfW8J4dLUv6Lek5OWZxaxfMJTrFolFDj1coMKpTD0NUWcxOmum3f4sOxXQOs8U1k96uJ2uvpV_6LxXaX3Qv14n-lzGLPF4R-osSStf4Q0kBGuhs7A0FYfQifC-HJEloBLXhulB3uH8RT1dy9hDR7NJsYBwF3shqGYNk4MbXPImseGzGwTQ1AhFcpsltOoF-suxud-oGLS5X5iAd-MATHj5j3ZSpgdkNnZSbql5MzL-VtlRtZzEZo9rFjdyJ9wTU6xKuT7JlKWLA-HZbTW-hkfZHd-Vhu-ASaxIVe5mMxYwIsWglo4e3fM7uaKpST0x-NWzSt0MeLxE0N-YB9gLKAacUbSEWvHPVtRl8RgxRrDtyscmS6pU40eaH_OklPsDO3lVbEJCx2fCI8v2a0Ig3mtDPIAnrOQDl79qchAFRjQZlUo4-PDzUpjoyIFAopCJWOEXmD1cvwnmcuBvt196Q4MMt6M3H4uP2i_dmQaUqAY2H_yilHJm3q4XYYgF2KkazeDW933Hi2rUcxGa5mpNr_hJ8FfikeNZ9BELOd_fodzXP7qeXxyF38zunPEe3t1XBsrQqPPnV2h10-HkG1liYw1l6ik6VssTLhbYZMYErwtT2mfNTPo3_iZieXyjSww7SF_n7kk3IUSLgc1qFYF7RQLHMyxzekmeaV347qrgVux2OVE8gkPAA7eLiw7fFOaedE5T10gWodtg5XErcOD36QVoPl6feMFEGTWaa4x0lPVDy38W0LSE6G4keFVCkIFWS1EEW6xKYHRZXg2641tI21qrMZdHa17JAnhd5fL_YCUsLayl1mz10gBZDuzycet40XWdmPvuaNddAIpzTwP-pL1U3IWjcbzQ8bBB2vAljE1xypZovMjiTcIgyjZbKWE8J3BLSPCCDaT3WaCl0U6SpDyDA&cid=CAASFeRotxPshQIBejDoXVl0_zFYSjn_8g&rfl=1%2Chttps%253A%252F%252Fglossy.espreso.co.rs%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a39d2ec9bcdaae22f3c1e9ce78d608ccb743b7c52d072d01475e69fd4ef32f34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 00:41:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5818
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8638
x-xss-protection: 0
server: cafe
etag: 1523618549969485492
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 00:41:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1442 41 KB
15 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 21:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jun 2022 21:14:36 GMT

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame E3C1 11 KB
4 KB 25ms
2ms Script
text/html 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGn_L1bDKYO23OZCK3wOm-ZTID7XN-YNX_Ni5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE2wFP0IyUtq1PT4oiFdsb5vDwoKJD4OfbrnXTqzWeB_I-u1lQ9_l1LU3ZV2Mmgz20VtOWUBtMjoW_6Rp2yNzMOMlz6-02HJPI57EARrvCWR1YmSMiiIuvigy-ZZHjOWTY3kZwUEQMRHeEA97vYcQZZJDUugMDhJwhmWma_8VPnOsU9EyCKdfF37pe1UTbHzqgmFm2IUk2KZ6aL1O4GuMLgIG_R_U9hOK97-YDWBTifcADcN1Ns4sepgfpKM9yi-LczJJXLXDC1J2Xq_47JqNjq81t_MR5B3HTRmJiYfbABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRogy17_2Arf5ZsCms96bC0ZhABtA%26sig%3DAOD64_388InHMPJTcON8ryv8sYYaBIDahA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-ChrXtbpL0_1_aFZi_2v-qArI2Y3X1gWYvijUm1C9QGdVB02cCuXPYLeX0YQfAG6mJrusV7xW_ywxzPDwv_0tvjd5rLNItRUr-sZP0wtQBwbL48enH6ps94YwBeXHnqhIiz83i8w2FCpcvQkG4CKLujuLT9cg%26cry%3D1%26dbm_d%3DAKAmf-CY8zEoUBgc2rnxDFrd4IVXYAiJsWs6fnkh1fCXY3IR3MxD12CAgucf1dc1ulQIKH6_PODHQ1aseQTUfFj24ZY8qZapwWb1-r_Gk71b5ww4siyKmr3a7tF0YaOqQk7DPzIXorGawT6degq11XgMDgFxJuQ8HnwhGB8MwOF6AEaKBrZtYLeECh_u9zBTqPPrc1JSeKu6DRemlV4u3zBukc97EHE87kgAzKK7GpDbw_jkC2nO2qldqHKTWVZQXawmxjlQ2lkYCEh83dKhnPxJZfrRAvthcy9WWXYIfCn2K9J0qG_T5_KDtXgiNOjo6V2vXPMsZ41CCV4dL2pfx5uTO2e7iN27QnwvwQ86E2W5UiKnHpvgc8GNLQoDXqXEN53U3MkeDDWwGtwdjukuScHqvNtBg_ZAVu_pO1Gpby3Ux2Y_qf8pG26nFv1xsHlHyZQ90D7kaD137yTCEpHsekJHmd9S90tsyQ%26adurl%3D
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 84dbd0a6d03020da002fbbcf233e4113cc4ba90f9dacfbb5bedf1cea4378722b

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 02:17:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3904
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 545C 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 15 Jun 2021 05:09:21 GMT
expires: Wed, 15 Jun 2022 05:09:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 162517
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

passback_970x250.js Show response
static.adsafeprotected.com/ Frame C6F5
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/682666/53792651/xbbe/creative/adj?p=APEucNUBWQNXEx6ehH95aRVInBsxcP8zP4tBIyc34MiShs7Ufl3toDU&d=CnkAoCZ_4Pqml3EotbJO_aSV9c0ZZA7on2zEIsFOqRC4N2oq6X1kmzt8hEYgRXZB...
https://static.adsafeprotected.com/passback_970x250.js

3 KB
1 KB

33ms
31ms

Script
application/javascript

52.18.40.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/passback_970x250.js
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.40.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-40-16.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 5d5e0d3e1cbfadb5c7a63053b5339d06457fe7a66c344a970a762a56123c5ec0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
last-modified: Wed, 14 Apr 2021 17:25:27 GMT
server: nginx/1.16.1
age: 268946
etag: W/"094948b2d1170876fb8e76e432d87da6"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
x-server-name: app22.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/passback_970x250.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.5.js Show response
static.adsafeprotected.com/ Frame 0FED 82 KB
21 KB 127ms
61ms Script
application/javascript 52.18.40.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.5.js
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.40.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-40-16.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 4b4924b6ea8623395984b522ee4e1fe77f464940d2bb155ae40bce56fbcd3423

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
last-modified: Thu, 29 Apr 2021 15:29:23 GMT
server: nginx/1.16.1
age: 2846999
etag: W/"5356fa8b6073c3eb408487be61ef7d77"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D2AE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

43 B
894 B

14ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWcdSHJ-HtE5bbV0yr09zaZLdVPr1bNYDhukcCAZzjw4YTDUjKJzXPIpmzVZ1haZKX666eay5NGmoBKGb8oKu4SinIvn8mYQixRQu-KRFuwUGejsRA4bBiWMUZmFSFi6qHhgRRmJIhKVPCb9sTBP8PjYUufEHt31tUFKggAmwqMEZWshqw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Jun 2021 02:17:58 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D2AE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMqw1unfC--HVncfXU2ZPgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1

43 B
894 B

12ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWcdSHJ-HtE5bbV0yr09zaZLdVPr1bNYDhukcCAZzjw4YTDUjKJzXPIpmzVZ1haZKX666eay5NGmoBKGb8oKu4SinIvn8mYQixRQu-KRFuwUGejsRA4bBiWMUZmFSFi6qHhgRRmJIhKVPCb9sTBP8PjYUufEHt31tUFKggAmwqMEZWshqw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Jun 2021 02:17:58 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPyqAJ6y8PhXjxicJjLfBUE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame D2AE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

43 B
1022 B

14ms
12ms

Image
image/gif

185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNWcdSHJ-HtE5bbV0yr09zaZLdVPr1bNYDhukcCAZzjw4YTDUjKJzXPIpmzVZ1haZKX666eay5NGmoBKGb8oKu4SinIvn8mYQixRQu-KRFuwUGejsRA4bBiWMUZmFSFi6qHhgRRmJIhKVPCb9sTBP8PjYUufEHt31tUFKggAmwqMEZWshqw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.68:80
AN-X-Request-Uuid: 2de2e3c8-b7c3-46f1-8558-4f524df2c025
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEK4EfEQ67950uexe5nfDGso&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D2AE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

170 B
188 B

17ms
15ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.120:80
AN-X-Request-Uuid: b35ada77-f057-4207-af93-896e32ba0dd6
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTQyNDk2OTEwMDQ1MzAwNzY2NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6F7F 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 21:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jun 2022 21:14:36 GMT

GET
DATA 200
OK truncated
/ Frame 6F7F 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ce256491fa2f9d454090ce3e4d13fd37d44f5657181fd0bb08a5cc499f9ff1a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

request.php Show response
hal900023.redintelligence.net/ Frame E3C1
Redirect Chain

https://hal900023.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=48eccfecf9&subid=&uid=e84308adb601522a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900023.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=48eccfecf9&subid=&uid=e84308adb601522a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

63ms
61ms

Script
application/x-javascript

78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=48eccfecf9&subid=&uid=e84308adb601522a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGn_L1bDKYO23OZCK3wOm-ZTID7XN-YNX_Ni5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE2wFP0IyUtq1PT4oiFdsb5vDwoKJD4OfbrnXTqzWeB_I-u1lQ9_l1LU3ZV2Mmgz20VtOWUBtMjoW_6Rp2yNzMOMlz6-02HJPI57EARrvCWR1YmSMiiIuvigy-ZZHjOWTY3kZwUEQMRHeEA97vYcQZZJDUugMDhJwhmWma_8VPnOsU9EyCKdfF37pe1UTbHzqgmFm2IUk2KZ6aL1O4GuMLgIG_R_U9hOK97-YDWBTifcADcN1Ns4sepgfpKM9yi-LczJJXLXDC1J2Xq_47JqNjq81t_MR5B3HTRmJiYfbABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRogy17_2Arf5ZsCms96bC0ZhABtA%26sig%3DAOD64_388InHMPJTcON8ryv8sYYaBIDahA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-ChrXtbpL0_1_aFZi_2v-qArI2Y3X1gWYvijUm1C9QGdVB02cCuXPYLeX0YQfAG6mJrusV7xW_ywxzPDwv_0tvjd5rLNItRUr-sZP0wtQBwbL48enH6ps94YwBeXHnqhIiz83i8w2FCpcvQkG4CKLujuLT9cg%26cry%3D1%26dbm_d%3DAKAmf-CY8zEoUBgc2rnxDFrd4IVXYAiJsWs6fnkh1fCXY3IR3MxD12CAgucf1dc1ulQIKH6_PODHQ1aseQTUfFj24ZY8qZapwWb1-r_Gk71b5ww4siyKmr3a7tF0YaOqQk7DPzIXorGawT6degq11XgMDgFxJuQ8HnwhGB8MwOF6AEaKBrZtYLeECh_u9zBTqPPrc1JSeKu6DRemlV4u3zBukc97EHE87kgAzKK7GpDbw_jkC2nO2qldqHKTWVZQXawmxjlQ2lkYCEh83dKhnPxJZfrRAvthcy9WWXYIfCn2K9J0qG_T5_KDtXgiNOjo6V2vXPMsZ41CCV4dL2pfx5uTO2e7iN27QnwvwQ86E2W5UiKnHpvgc8GNLQoDXqXEN53U3MkeDDWwGtwdjukuScHqvNtBg_ZAVu_pO1Gpby3Ux2Y_qf8pG26nFv1xsHlHyZQ90D7kaD137yTCEpHsekJHmd9S90tsyQ%26adurl%3D&documentReferer=https%3A%2F%2Fglossy.espreso.co.rs%2F&ancestorOrigins=https%3A%2F%2Fglossy.espreso.co.rs&random=4957739080086&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 4f66cfd40407d3fd8f4742e3329e77d088f78bd9f025a8e21c0d9b060f8d07a9

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 57431900011982200710612011628023
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 892
Expires: Thu, 17 Jun 2021 03:17:58 +0200

Redirect headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=48eccfecf9&subid=&uid=e84308adb601522a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGn_L1bDKYO23OZCK3wOm-ZTID7XN-YNX_Ni5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE2wFP0IyUtq1PT4oiFdsb5vDwoKJD4OfbrnXTqzWeB_I-u1lQ9_l1LU3ZV2Mmgz20VtOWUBtMjoW_6Rp2yNzMOMlz6-02HJPI57EARrvCWR1YmSMiiIuvigy-ZZHjOWTY3kZwUEQMRHeEA97vYcQZZJDUugMDhJwhmWma_8VPnOsU9EyCKdfF37pe1UTbHzqgmFm2IUk2KZ6aL1O4GuMLgIG_R_U9hOK97-YDWBTifcADcN1Ns4sepgfpKM9yi-LczJJXLXDC1J2Xq_47JqNjq81t_MR5B3HTRmJiYfbABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRogy17_2Arf5ZsCms96bC0ZhABtA%26sig%3DAOD64_388InHMPJTcON8ryv8sYYaBIDahA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-ChrXtbpL0_1_aFZi_2v-qArI2Y3X1gWYvijUm1C9QGdVB02cCuXPYLeX0YQfAG6mJrusV7xW_ywxzPDwv_0tvjd5rLNItRUr-sZP0wtQBwbL48enH6ps94YwBeXHnqhIiz83i8w2FCpcvQkG4CKLujuLT9cg%26cry%3D1%26dbm_d%3DAKAmf-CY8zEoUBgc2rnxDFrd4IVXYAiJsWs6fnkh1fCXY3IR3MxD12CAgucf1dc1ulQIKH6_PODHQ1aseQTUfFj24ZY8qZapwWb1-r_Gk71b5ww4siyKmr3a7tF0YaOqQk7DPzIXorGawT6degq11XgMDgFxJuQ8HnwhGB8MwOF6AEaKBrZtYLeECh_u9zBTqPPrc1JSeKu6DRemlV4u3zBukc97EHE87kgAzKK7GpDbw_jkC2nO2qldqHKTWVZQXawmxjlQ2lkYCEh83dKhnPxJZfrRAvthcy9WWXYIfCn2K9J0qG_T5_KDtXgiNOjo6V2vXPMsZ41CCV4dL2pfx5uTO2e7iN27QnwvwQ86E2W5UiKnHpvgc8GNLQoDXqXEN53U3MkeDDWwGtwdjukuScHqvNtBg_ZAVu_pO1Gpby3Ux2Y_qf8pG26nFv1xsHlHyZQ90D7kaD137yTCEpHsekJHmd9S90tsyQ%26adurl%3D&documentReferer=https%3A%2F%2Fglossy.espreso.co.rs%2F&ancestorOrigins=https%3A%2F%2Fglossy.espreso.co.rs&random=4957739080086&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Thu, 17 Jun 2021 03:17:58 +0200

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8CAA 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 15 Jun 2021 05:09:21 GMT
expires: Wed, 15 Jun 2022 05:09:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 162517
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 7 KB
2 KB 29ms
15ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb1bc82943d300c448ed1f04ff3e70d029e042f619f52b10f52f7c17eb9c5ad9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2219
date: Thu, 17 Jun 2021 02:17:58 GMT
expires: Fri, 17 Jun 2022 02:17:58 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6F7F 0
592 B 56ms
32ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstS6B0G8mSUWnHVsaXEPlgNbxDheBU6xS4hZrl706JDWRR5Sb6jYoACaSKrGgo6Gbc5_kWfJDm7ChBeB79H_RICMT7m0wYJ5jdGzdILHoBkvBbzWyBqY0QntO5xz7ZPzeXpNKAJ5Ai0vi5EhaEZD4NknReiIcPCpwhScITDKabccbNo3goAMeFrCJoMDExX3GHFLg-f2LqskAgWy8sEVJq3Ve_GzVMIyU7lHhNOdShiIejEWP2KdAnsxhgqEtfDUTVPIR2HWXmBd2pyn_DsiuXI9CYkGdoOgl57RLh8qTGdJXdYum95F2iQQx2fTgDVDBkqIwJiNsQkxLREZptCVQb-ZFz_Q0vLgMUNgZcD02kEwY8nOjYuT7DJTkZA3uxiwAGAxomyBbYtb2ccGWJ8lz9stRPFo3Aaz61Sniy-WlPmZxcEU-pIc6mONFpYe_khsGzx5C-5pO_DGkEk7fLPNTP6jnrWMJEVQ9KcFv6PW_Mpe0KqeZ-Abc05yMBprjsxglnsOQPnZUy-rZ3u4oY4htpkWRFGyheTYR99GuGwqbtVDXATl4t94drbOz-gJTqxE9Mr0kjz-Ano4yz-FqcXNGCVgO1fcOeEr1w_7I3I05EUC-Fd5aX_rsGrLCKsL92Btq1-oGbJ6sX9D0S-v-leAbQ1y0UCpwprS6Qgna1fPocSXRDURFFVkcR2JiVZAzu25oHEM4cqmV516sqXX8t70wtihO-EzmSkob3RdYn5aQ5qBtSI0ErMFcCC5VuKxp5U8yGrCCSEJVyLoX6puw1Cl320rz6TDYXMyHIF-vQRTVhe4vgsIoM_uKAG_GGk-QSkIuK_u2Q3PYlNDNhjxofmRd5AsTW2rQ_XnNOIusKrx-yaGQIkMlrox7naIfXrBkcaJ_j3xOhNpOejOkL3htWBYAFvWHYZeARs3O19VVj3CgNinQgWD59a6Ffught9HZ9Bhffq6UoTxAXKowUK-1fDkYTV3Kc31jc3CUvILe3z7EFbiSPCJIHMeRj1VmnbbNsUYrPYoH0dE6r5s4tF5ez5EeHff2iYDU4rQKlGwcLUzObuwp0On5Kdscu82exQL-avkT4G7yIN_3Rol0B3sagVfkK9cg81vuNEaVM9ElWoQ-6HetUA_S1-ECyhrsaOze9owhnoj-TYVdQEbuVh5d-TIb2ASRe_Y6VCdkGhx-7h-jrttyN9TUO6GoEpwN0UQvALvkWJRO4&sai=AMfl-YSfRDaLcp79ZMRWGEQzze254LF3IhE5DYE6Tai5f4xcE9mtn8ZJ4XEAKLTl2B_m9Q3XZDr5oR7PoisoY_grDS_kc_NIiMI3Jv6iZYcuGsDERqiUQtwhX4J9hPolG3u7qGS07emKw1iVJY4nXYoeZ31srq2UEmF0fkVsAcU&sig=Cg0ArKJSzLVM7xOmfEH1EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=252&cbvp=1&cstd=242&cisv=r20210615.54354&adurl=

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 17 Jun 2021 02:17:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C6F5 43 B
216 B 303ms
99ms Image
image/gif 52.207.123.8
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=682666&asId=8158b8cc-dde8-b400-834d-5914204a010f&tv=%7Bc:fLhCdM,pingTime:-2,time:188,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:267,beZ:269,mfA:271,cmA:273,inA:273,inZ:279,prA:279,prZ:295,si:304,poA:305,poZ:323,cmZ:323,mfZ:323,loA:340,loZ:343,ltA:454,ltZ:454%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:-1,vs:n,r:r,w:970,h:250,t:35%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:0,n:188,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:35,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B179~1%5D,as:%5B179~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sAyrid4+11%7C12%7C131%7C132%7C14*.682666-53792651%7C141%7C142%7C151%7C161%7C17%7C18%7C19,idMap:14*,rmeas:1,rend:0,renddet:IMG.us,sinceFw:149,readyFired:false%7D&br=u
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.207.123.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-123-8.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:59 GMT
x-server-name: dt58.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK ma1tq3l10cm4 Show response
hal9000.redintelligence.net/zone/ Frame 1442 11 KB
4 KB 5ms
2ms Script
text/html 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ma1tq3l10cm4?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCHQRl1bDKYPC3OZCK3wOm-ZTID7XN-YNXnN-5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE3wFP0IqQzOO7HOmUNdX-tnVtCPquTdJ-PBjlTWSpI-CvrdRyrUc0aoQl2kY14Z-xJ8cufhPlTh8XEqua2w1mRAN30kB3gXJzO5CxtR10QsH0XY6H_pc6g-8LhdXDMiHQc5rb2hcL-zITHY6cWz_8nRKBAfv9TY629r0vC4ZAJL68asqW5VOg5z24E87_y4JezSN2loq49FqArw3gZQuA0l3knK9FrevjGJnDvarS1lWl0BhlS2pnGoMotGVEvW-lae3ymZR0MP1Zzow7EvMCJEu0IMQZKCCzeizXwntTSYrMwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE8Ka2grQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRotxPshQIBejDoXVl0_zFYSjn_8g%26sig%3DAOD64_0fqUTQ_GD4nN_M9od68LpfDfJ4UA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-A4-Zpav8_FInCSQBvor4veaAZPz5YqOoB-QpmuQgWnvCjFROdrabzzOxdm6b647CqP9GkmIPOLgP9mE43lzOKo4tGk2NhPQe5hEVYSM0WhiQ_GLHXlm_D19-090k0W6VT4qPjUBHNpFTOD7HDP-LurChfycw%26cry%3D1%26dbm_d%3DAKAmf-DYV7ZR1KNBYdxP1rqvBxItiZEhChBotTsOMMt8QNEtuQAxjfDZNadBEqApyQIMoKY9BOcBEkiG8xkOugir_6eD2FbNhgYyO_Yt7xDuU_ueSaNHs_hzI5wybBvXqh2LVvSXUulxh5u3alnGsHjNUn8fdhhJI2H7esuxYZFrXuQ8nQ62GTyY51Xs42-_ZQnXkTswSxuqJhNLH6_Or8ggTC3xC1Ggm52Nj79oCYesv3MM25xr0FVTCDCE6GvDShQiMfbKaS9gvvcFrxEF_LWtq-Yez1XX4uxiFT8bYMl1mIn3RMFQxILc8Ohd1KXHC0gioIydO4TdjOrPWVlDmLjWUwoYVpSgagpTowIwUMIF168BTqcFHiwyvGz1m1YbwwkRRK7cchj73Cl-qNmKuP4rtQ3AtJMh6W2fQlXOBPzdeMHNiguww6zJeXlc0DRLCHr2cHEPWPgL8Cn_4FJxVBbiJCpjnbaS1g%26adurl%3D
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 9a08c894f6f68684f2faf33015efc32ab719f98551c2bace590635cf122771fe

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 02:17:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3911
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B54F 22 KB
8 KB 12ms
11ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 15 Jun 2021 05:09:21 GMT
expires: Wed, 15 Jun 2022 05:09:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 162517
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 IAS_PassbackAds_970x250.png
static.adsafeprotected.com/ Frame C6F5 28 KB
29 KB 31ms
31ms Image
image/png 52.18.40.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/IAS_PassbackAds_970x250.png
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.40.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-40-16.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 7be9364f21808a881f4530002ab0363deabf7de3321a1356984e88fb316ac165

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
last-modified: Wed, 14 Apr 2021 17:24:57 GMT
server: nginx/1.16.1
age: 283364
etag: "9d3f43da9d0d0679ec0dfea58b2f1d45"
x-cache-status: HIT
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 28949

GET
DATA 200
OK truncated
/ Frame C6F5 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76d5db0937dfb34e137aa34bf381f10e8d0195eed45723363d0fc293c70b085d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK request.php Show response
hal900010.redintelligence.net/ Frame 1442 2 KB
1 KB 74ms
64ms Script
application/x-javascript 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=55085f2441&subid=&uid=f29b665ce5f44a14&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCHQRl1bDKYPC3OZCK3wOm-ZTID7XN-YNXnN-5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE3wFP0IqQzOO7HOmUNdX-tnVtCPquTdJ-PBjlTWSpI-CvrdRyrUc0aoQl2kY14Z-xJ8cufhPlTh8XEqua2w1mRAN30kB3gXJzO5CxtR10QsH0XY6H_pc6g-8LhdXDMiHQc5rb2hcL-zITHY6cWz_8nRKBAfv9TY629r0vC4ZAJL68asqW5VOg5z24E87_y4JezSN2loq49FqArw3gZQuA0l3knK9FrevjGJnDvarS1lWl0BhlS2pnGoMotGVEvW-lae3ymZR0MP1Zzow7EvMCJEu0IMQZKCCzeizXwntTSYrMwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE8Ka2grQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRotxPshQIBejDoXVl0_zFYSjn_8g%26sig%3DAOD64_0fqUTQ_GD4nN_M9od68LpfDfJ4UA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-A4-Zpav8_FInCSQBvor4veaAZPz5YqOoB-QpmuQgWnvCjFROdrabzzOxdm6b647CqP9GkmIPOLgP9mE43lzOKo4tGk2NhPQe5hEVYSM0WhiQ_GLHXlm_D19-090k0W6VT4qPjUBHNpFTOD7HDP-LurChfycw%26cry%3D1%26dbm_d%3DAKAmf-DYV7ZR1KNBYdxP1rqvBxItiZEhChBotTsOMMt8QNEtuQAxjfDZNadBEqApyQIMoKY9BOcBEkiG8xkOugir_6eD2FbNhgYyO_Yt7xDuU_ueSaNHs_hzI5wybBvXqh2LVvSXUulxh5u3alnGsHjNUn8fdhhJI2H7esuxYZFrXuQ8nQ62GTyY51Xs42-_ZQnXkTswSxuqJhNLH6_Or8ggTC3xC1Ggm52Nj79oCYesv3MM25xr0FVTCDCE6GvDShQiMfbKaS9gvvcFrxEF_LWtq-Yez1XX4uxiFT8bYMl1mIn3RMFQxILc8Ohd1KXHC0gioIydO4TdjOrPWVlDmLjWUwoYVpSgagpTowIwUMIF168BTqcFHiwyvGz1m1YbwwkRRK7cchj73Cl-qNmKuP4rtQ3AtJMh6W2fQlXOBPzdeMHNiguww6zJeXlc0DRLCHr2cHEPWPgL8Cn_4FJxVBbiJCpjnbaS1g%26adurl%3D&documentReferer=https%3A%2F%2Fglossy.espreso.co.rs%2F&ancestorOrigins=https%3A%2F%2Fglossy.espreso.co.rs&random=6548657364052&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/ma1tq3l10cm4?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCHQRl1bDKYPC3OZCK3wOm-ZTID7XN-YNXnN-5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE3wFP0IqQzOO7HOmUNdX-tnVtCPquTdJ-PBjlTWSpI-CvrdRyrUc0aoQl2kY14Z-xJ8cufhPlTh8XEqua2w1mRAN30kB3gXJzO5CxtR10QsH0XY6H_pc6g-8LhdXDMiHQc5rb2hcL-zITHY6cWz_8nRKBAfv9TY629r0vC4ZAJL68asqW5VOg5z24E87_y4JezSN2loq49FqArw3gZQuA0l3knK9FrevjGJnDvarS1lWl0BhlS2pnGoMotGVEvW-lae3ymZR0MP1Zzow7EvMCJEu0IMQZKCCzeizXwntTSYrMwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE8Ka2grQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRotxPshQIBejDoXVl0_zFYSjn_8g%26sig%3DAOD64_0fqUTQ_GD4nN_M9od68LpfDfJ4UA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-A4-Zpav8_FInCSQBvor4veaAZPz5YqOoB-QpmuQgWnvCjFROdrabzzOxdm6b647CqP9GkmIPOLgP9mE43lzOKo4tGk2NhPQe5hEVYSM0WhiQ_GLHXlm_D19-090k0W6VT4qPjUBHNpFTOD7HDP-LurChfycw%26cry%3D1%26dbm_d%3DAKAmf-DYV7ZR1KNBYdxP1rqvBxItiZEhChBotTsOMMt8QNEtuQAxjfDZNadBEqApyQIMoKY9BOcBEkiG8xkOugir_6eD2FbNhgYyO_Yt7xDuU_ueSaNHs_hzI5wybBvXqh2LVvSXUulxh5u3alnGsHjNUn8fdhhJI2H7esuxYZFrXuQ8nQ62GTyY51Xs42-_ZQnXkTswSxuqJhNLH6_Or8ggTC3xC1Ggm52Nj79oCYesv3MM25xr0FVTCDCE6GvDShQiMfbKaS9gvvcFrxEF_LWtq-Yez1XX4uxiFT8bYMl1mIn3RMFQxILc8Ohd1KXHC0gioIydO4TdjOrPWVlDmLjWUwoYVpSgagpTowIwUMIF168BTqcFHiwyvGz1m1YbwwkRRK7cchj73Cl-qNmKuP4rtQ3AtJMh6W2fQlXOBPzdeMHNiguww6zJeXlc0DRLCHr2cHEPWPgL8Cn_4FJxVBbiJCpjnbaS1g%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f012733f8000d438c6afc2e784f6ef2c289f5349e6bc0de469e84325dffe2ec5

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jun 2021 02:17:58 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 80906300010186500710624011628010
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 894
Expires: Thu, 17 Jun 2021 03:17:58 +0200

GET
H3-29 200 eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js Show response
pagead2.googlesyndication.com/bg/ Frame E868 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e80319fa9c41e8168c0f2a6e3a858fed6894fedc5229f8b02333f888dca4fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:26:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5797
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:26:08 GMT

GET
H3-29 200 eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js Show response
pagead2.googlesyndication.com/bg/ Frame 658B 14 KB
6 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e80319fa9c41e8168c0f2a6e3a858fed6894fedc5229f8b02333f888dca4fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:26:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5797
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:26:08 GMT

GET
H3-29 200 eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js Show response
pagead2.googlesyndication.com/bg/ Frame 545C 14 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e80319fa9c41e8168c0f2a6e3a858fed6894fedc5229f8b02333f888dca4fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:26:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5797
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:26:08 GMT

GET
H3-29 200 hp_styles.css
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 2 KB
696 B 9ms
7ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01edb070cc5490fa639dbee73675a4cbcbb9abadd6a9c2683a301d05e0cf2b04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 06:26:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 417096
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 669
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 06:26:22 GMT

GET
H3-29 200 tweenmax_2.1.2_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F52B 113 KB
39 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.1.2_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39910
x-xss-protection: 0
last-modified: Mon, 11 Mar 2019 14:29:26 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Jun 2021 02:17:58 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame F52B 110 KB
38 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 09:41:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59772
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Jun 2021 09:41:46 GMT

GET
H3-29 200 poster.jpg
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 15 KB
15 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/poster.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff213cbd4e2dcc4e9aed8dd9ccf19400ee080b08f4b3bc70dc24c65732afdc19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 12:34:50 GMT
x-content-type-options: nosniff
age: 394988
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15279
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 12:34:50 GMT

GET
H3-29 200 hp_main.js Show response
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 4 KB
908 B 7ms
6ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/hp_main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4293d5f70a0cd3488becda4191ac23d1ec2b8e0d79bed365a8f43c9c0e5e7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 06:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 417437
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 881
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
server: sffe
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 06:20:41 GMT

GET
H3-29

200

activityi;dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45 Show response
5994599.fls.doubleclick.net/ Frame 5888
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45?

390 B
344 B

38ms
22ms

Document
text/html

142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45?

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

cafe /

Resource Hash

b46ff96c0823eb221dc3d1dd0cd90e322590c0d6cf4e60f3a8b3c17585ba7475

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5994599.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnHoO29a89lMIqRfYaZuz8KBWM3VH2lbKr4VIZTMunyQnIwY_K9qi_VfxhyKl0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 17 Jun 2021 02:17:58 GMT
expires: Thu, 17 Jun 2021 02:17:58 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 321
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 17 Jun 2021 02:17:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900023.redintelligence.net/ Frame C02C 7 KB
3 KB 6ms
2ms Document
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request_content.php?s=57431900011982200710612011628023&a=0e6cc936
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=48eccfecf9&subid=&uid=e84308adb601522a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGn_L1bDKYO23OZCK3wOm-ZTID7XN-YNX_Ni5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE2wFP0IyUtq1PT4oiFdsb5vDwoKJD4OfbrnXTqzWeB_I-u1lQ9_l1LU3ZV2Mmgz20VtOWUBtMjoW_6Rp2yNzMOMlz6-02HJPI57EARrvCWR1YmSMiiIuvigy-ZZHjOWTY3kZwUEQMRHeEA97vYcQZZJDUugMDhJwhmWma_8VPnOsU9EyCKdfF37pe1UTbHzqgmFm2IUk2KZ6aL1O4GuMLgIG_R_U9hOK97-YDWBTifcADcN1Ns4sepgfpKM9yi-LczJJXLXDC1J2Xq_47JqNjq81t_MR5B3HTRmJiYfbABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRogy17_2Arf5ZsCms96bC0ZhABtA%26sig%3DAOD64_388InHMPJTcON8ryv8sYYaBIDahA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-ChrXtbpL0_1_aFZi_2v-qArI2Y3X1gWYvijUm1C9QGdVB02cCuXPYLeX0YQfAG6mJrusV7xW_ywxzPDwv_0tvjd5rLNItRUr-sZP0wtQBwbL48enH6ps94YwBeXHnqhIiz83i8w2FCpcvQkG4CKLujuLT9cg%26cry%3D1%26dbm_d%3DAKAmf-CY8zEoUBgc2rnxDFrd4IVXYAiJsWs6fnkh1fCXY3IR3MxD12CAgucf1dc1ulQIKH6_PODHQ1aseQTUfFj24ZY8qZapwWb1-r_Gk71b5ww4siyKmr3a7tF0YaOqQk7DPzIXorGawT6degq11XgMDgFxJuQ8HnwhGB8MwOF6AEaKBrZtYLeECh_u9zBTqPPrc1JSeKu6DRemlV4u3zBukc97EHE87kgAzKK7GpDbw_jkC2nO2qldqHKTWVZQXawmxjlQ2lkYCEh83dKhnPxJZfrRAvthcy9WWXYIfCn2K9J0qG_T5_KDtXgiNOjo6V2vXPMsZ41CCV4dL2pfx5uTO2e7iN27QnwvwQ86E2W5UiKnHpvgc8GNLQoDXqXEN53U3MkeDDWwGtwdjukuScHqvNtBg_ZAVu_pO1Gpby3Ux2Y_qf8pG26nFv1xsHlHyZQ90D7kaD137yTCEpHsekJHmd9S90tsyQ%26adurl%3D&documentReferer=https%3A%2F%2Fglossy.espreso.co.rs%2F&ancestorOrigins=https%3A%2F%2Fglossy.espreso.co.rs&random=4957739080086&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 4a73a25af69626a6603914fa6dac8a9651c251c18725586b1d1b4ae79c4fff3c

Request headers

Host: hal900023.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=7e73185ad66abfbf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

Date: Thu, 17 Jun 2021 02:17:58 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 17 Jun 2021 03:17:58 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2302
Connection: close
Content-Type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ Frame E3C1 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9aeb4dbf75ad0288890f36aabb44e55148cf40bb9aa1521c7ecb2fbfd373370a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js Show response
pagead2.googlesyndication.com/bg/ Frame 8CAA 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e80319fa9c41e8168c0f2a6e3a858fed6894fedc5229f8b02333f888dca4fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:26:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5797
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:26:08 GMT

GET
H3-29

200

activityi;dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935 Show response
5994599.fls.doubleclick.net/ Frame E966
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935?

392 B
346 B

40ms
40ms

Document
text/html

142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935?

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

cafe /

Resource Hash

6e7fbf1aa68aaa8b14e1bace5cd83d9b29c89326007e3ab3385091bbdf9d3e88

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5994599.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnHoO29a89lMIqRfYaZuz8KBWM3VH2lbKr4VIZTMunyQnIwY_K9qi_VfxhyKl0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 17 Jun 2021 02:17:59 GMT
expires: Thu, 17 Jun 2021 02:17:59 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 323
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 17 Jun 2021 02:17:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900010.redintelligence.net/ Frame DC09 4 KB
2 KB 3ms
1ms Document
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/request_content.php?s=80906300010186500710624011628010&a=61d6b381
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=55085f2441&subid=&uid=f29b665ce5f44a14&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCHQRl1bDKYPC3OZCK3wOm-ZTID7XN-YNXnN-5q-UM8C4QASDz8KRGYJUCyAEJqQJwLkbrQiW0PqgDAaoE3wFP0IqQzOO7HOmUNdX-tnVtCPquTdJ-PBjlTWSpI-CvrdRyrUc0aoQl2kY14Z-xJ8cufhPlTh8XEqua2w1mRAN30kB3gXJzO5CxtR10QsH0XY6H_pc6g-8LhdXDMiHQc5rb2hcL-zITHY6cWz_8nRKBAfv9TY629r0vC4ZAJL68asqW5VOg5z24E87_y4JezSN2loq49FqArw3gZQuA0l3knK9FrevjGJnDvarS1lWl0BhlS2pnGoMotGVEvW-lae3ymZR0MP1Zzow7EvMCJEu0IMQZKCCzeizXwntTSYrMwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE8Ka2grQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRotxPshQIBejDoXVl0_zFYSjn_8g%26sig%3DAOD64_0fqUTQ_GD4nN_M9od68LpfDfJ4UA%26client%3Dca-pub-6209155781541074%26dbm_c%3DAKAmf-A4-Zpav8_FInCSQBvor4veaAZPz5YqOoB-QpmuQgWnvCjFROdrabzzOxdm6b647CqP9GkmIPOLgP9mE43lzOKo4tGk2NhPQe5hEVYSM0WhiQ_GLHXlm_D19-090k0W6VT4qPjUBHNpFTOD7HDP-LurChfycw%26cry%3D1%26dbm_d%3DAKAmf-DYV7ZR1KNBYdxP1rqvBxItiZEhChBotTsOMMt8QNEtuQAxjfDZNadBEqApyQIMoKY9BOcBEkiG8xkOugir_6eD2FbNhgYyO_Yt7xDuU_ueSaNHs_hzI5wybBvXqh2LVvSXUulxh5u3alnGsHjNUn8fdhhJI2H7esuxYZFrXuQ8nQ62GTyY51Xs42-_ZQnXkTswSxuqJhNLH6_Or8ggTC3xC1Ggm52Nj79oCYesv3MM25xr0FVTCDCE6GvDShQiMfbKaS9gvvcFrxEF_LWtq-Yez1XX4uxiFT8bYMl1mIn3RMFQxILc8Ohd1KXHC0gioIydO4TdjOrPWVlDmLjWUwoYVpSgagpTowIwUMIF168BTqcFHiwyvGz1m1YbwwkRRK7cchj73Cl-qNmKuP4rtQ3AtJMh6W2fQlXOBPzdeMHNiguww6zJeXlc0DRLCHr2cHEPWPgL8Cn_4FJxVBbiJCpjnbaS1g%26adurl%3D&documentReferer=https%3A%2F%2Fglossy.espreso.co.rs%2F&ancestorOrigins=https%3A%2F%2Fglossy.espreso.co.rs&random=6548657364052&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6c965b1ed52b38fe460282d5fbc7da1282d752619de314057686d15926f02860

Request headers

Host: hal900010.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=7e73185ad66abfbf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/

Response headers

Date: Thu, 17 Jun 2021 02:17:59 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 17 Jun 2021 03:17:59 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1411
Connection: close
Content-Type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ Frame 1442 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66eb6a7fdc6f1e20b98d3a661e5489c8ac50a80ead16d38826f5f3d4168e23b6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 404 300x600_LDIV.mp4
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 43 B
63 B 149ms
144ms Media
image/gif 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/300x600_LDIV.mp4

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 17 Jun 2021 02:17:59 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:59 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame C02C 89 KB
32 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=57431900011982200710612011628023&a=0e6cc936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 19:44:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23630
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jun 2022 19:44:09 GMT

GET
H/1.1 200
OK 728x90_OMAC_2016_Launch%20(4).jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame C02C 44 KB
44 KB 201ms
23ms Image
image/jpeg 85.114.131.234
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/728x90_OMAC_2016_Launch%20(4).jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=57431900011982200710612011628023&a=0e6cc936
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.234 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21038.dus4.fastwebserver.de
Software: nginx /
Resource Hash: e8ec2a4d84f51a4860526181c3822b954b3a134dc14446ba753b37708470171d

Request headers

Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 02:17:59 GMT
Last-Modified: Mon, 20 Jun 2016 09:28:47 GMT
Server: nginx
ETag: "5767b74f-af88"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 44936

GET
H3-29 200 eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js Show response
pagead2.googlesyndication.com/bg/ Frame B54F 14 KB
6 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e80319fa9c41e8168c0f2a6e3a858fed6894fedc5229f8b02333f888dca4fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:26:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5797
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:26:08 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C6F5 43 B
215 B 97ms
97ms Image
image/gif 52.207.123.8
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=682666&asId=8158b8cc-dde8-b400-834d-5914204a010f&tv=%7Bc:fLhCmP,pingTime:-10,time:749,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.5.5v220002022000220000022002222000022220200000222200222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222222220022202200022002220222202,sd:MTcuNS41djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNS41dk1vemlsbGF8fE5ldHNjYXBlfHxufHwxNnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,asp:1623896279334%7C%7Ca457220a92a166b6a8309cbb06fce172%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7C30010a0b1335c279a72b68aa01fb69ed%7C%7C8a4837e6d9cb04630eba260a3d52377d%7C%7C1f39f6ac20e0b5bcc0d3fb9c10a57619%7C%7Cd26ffcdc3029dede556bd834c81f61a0%7C%7C8da582fb992dfc8313f5b4543555c529%7C%7C1619710151,ch:eyJiIjpbXSwibSI6ZmFsc2UsImgiOnsiYXJjaGl0ZWN0dXJlIjoiIiwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsInVhRnVsbFZlcnNpb24iOiIifX0-,im:%7Bpci:%7Btdr:560%7D%7D,env:%7Bgcd2:%7Bappl:1,cnst:0%7D%7D%7D
Requested by: Host: bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
URL: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.207.123.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-123-8.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:59 GMT
x-server-name: dt66.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame C02C 0
150 B 4ms
2ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=57431900011982200710612011628023&a=fce28585&vb=m
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=57431900011982200710612011628023&a=0e6cc936
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900023.redintelligence.net/request_content.php?s=57431900011982200710612011628023&a=0e6cc936
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 02:17:59 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame C02C 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45
adservice.google.com/ddm/fls/z/ Frame 5888 42 B
63 B 31ms
16ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMme7YbNnfECFWzauwgdxtUJeA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3328891164832.45?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F52B 5 KB
4 KB 26ms
25ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1880b9d7593123b47d32504fc94590f79101880c8658eade4d9eaf0748dc9fdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Jun 2021 02:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4258
x-xss-protection: 0

GET
H/1.1 200
OK mircosoft-300-600%20(1).jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame DC09 62 KB
62 KB 62ms
22ms Image
image/jpeg 85.114.131.234
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/mircosoft-300-600%20(1).jpg
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=80906300010186500710624011628010&a=61d6b381
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.234 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21038.dus4.fastwebserver.de
Software: nginx /
Resource Hash: 5057f7beaa08450682a5418bdce93e9783bd704527406843fb019ea0a52778d4

Request headers

Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 02:17:59 GMT
Last-Modified: Mon, 20 Jun 2016 09:27:03 GMT
Server: nginx
ETag: "5767b6e7-f6a2"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 63138

GET
H/1.1 200
OK viewability Show response
hal900010.redintelligence.net/ Frame DC09 0
150 B 6ms
2ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/viewability?s=80906300010186500710624011628010&a=8bc462db&vb=m
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=80906300010186500710624011628010&a=61d6b381
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900010.redintelligence.net/request_content.php?s=80906300010186500710624011628010&a=61d6b381
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 02:17:59 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame DC09 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 63 KB
21 KB 16ms
14ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

67e265c261956cde6b66235ba7e3b373fd009396493e810ced9264d937f30397

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "905 / 214 of 1000 / last-modified: 1623882059"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21569
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:59 GMT

GET
H3-29 200 dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935
adservice.google.com/ddm/fls/z/ Frame E966 42 B
63 B 16ms
15ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMXm84bNnfECFbnouwgdg1oF_Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=277921546037.70935?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 prod_studio_01_245_videomodule.js Show response
s0.2mdn.net/879366/ Frame F52B 13 KB
5 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_245_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

236888a9bde0a1cabbd288498b6ba4fb3f4ec7119d2d06666a5a48a82f51f042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/index.html?e=69&leftOffset=0&topOffset=0&c=hPGzJMRyfv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 09:41:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59772
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4849
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Jun 2021 09:41:47 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F52B 17 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 02:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 17 Jun 2021 02:17:59 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6F7F 0
23 B 39ms
24ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: glossy.espreso.co.rs
URL: https://glossy.espreso.co.rs/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 17 Jun 2021 02:17:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Img01_1.jpg
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 38 KB
38 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/Img01_1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e976787a9a289482894670cb65cb05e8f99a8525e6019021b104e2a0c129a1a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 07:01:33 GMT
x-content-type-options: nosniff
age: 414986
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38882
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 07:01:33 GMT

GET
H3-29 200 Img01_2.jpg
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 31 KB
31 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/Img01_2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7cc34f8b7c204239152ba51c8ea2ad8b09de6a2bbc95279fd8a32494451cfc50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 07:00:49 GMT
x-content-type-options: nosniff
age: 415030
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31743
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 07:00:49 GMT

GET
H3-29 200 txt02.png
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 4 KB
4 KB 9ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/txt02.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

051abf0786374b8d1eadc174fabc02c258ce2ab6f697dd5941c16893a2025100

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 15:05:49 GMT
x-content-type-options: nosniff
age: 385930
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3682
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 15:05:49 GMT

GET
H3-29 200 cta.png
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 2 KB
2 KB 12ms
12ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb40ba2435e2e4b96188df4180036947373d94df90e84903c45f381d08f0f10b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 15:32:47 GMT
x-content-type-options: nosniff
age: 384312
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1593
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 15:32:47 GMT

GET
H3-29 200 badge.png
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 6 KB
6 KB 10ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/badge.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c550de5f44cb7f71f3ac55fbfe8d31836742c4d70c20d738fb0781c6fb32b1d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 11:14:28 GMT
x-content-type-options: nosniff
age: 399811
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6312
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 11:14:28 GMT

GET
H3-29 200 logo.svg
s0.2mdn.net/sadbundle/15476815521395201202/ Frame F52B 3 KB
1 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15476815521395201202/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec8b1002e700074d62dd69751c896d1862576ebd06bc5c93529abf8f625a5e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15476815521395201202/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 18:22:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374147
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1395
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 19:57:01 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 18:22:12 GMT

GET
H3-29 200 eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js Show response
pagead2.googlesyndication.com/bg/ Frame 4A76 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eOgDGfqcQegWjA8qbjqFj-1olP7cUin4sCMz-IjcpPs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e80319fa9c41e8168c0f2a6e3a858fed6894fedc5229f8b02333f888dca4fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:26:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5797
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:26:08 GMT

GET
H/1.1

206
Partial Content

file.webm
r6---sn-4g5e6nes.c.2mdn.net/videoplayback/id/1e16a8e083f53fce/itag/43/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3767803046/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame F52B
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/1e16a8e083f53fce/itag/43/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3767803046/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signat...
https://r6---sn-4g5e6nes.c.2mdn.net/videoplayback/id/1e16a8e083f53fce/itag/43/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3767803046/sparams/acao,ctier,expire,id,ip,ipbits,itag...

64 KB
0

48ms
6ms

Media
video/webm

2a00:1450:4001:28::c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r6---sn-4g5e6nes.c.2mdn.net/videoplayback/id/1e16a8e083f53fce/itag/43/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3767803046/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/51F8776FAAB3522BAA149BB5D67A979108DBF69A.0815EC3326EC6B5870A93AD6FD9DCCD5C43A55A4/key/cms1/cms_redirect/yes/mh/zz/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nes/ms/onc/mt/1623895957/mv/m/mvi/6/pl/50/file/file.webm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:28::c Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 02:17:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 19:57:24 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/webm
Content-Range: bytes 0-746713/746714
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 746714
Expires: Thu, 17 Jun 2021 02:17:59 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:59 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r6---sn-4g5e6nes.c.2mdn.net/videoplayback/id/1e16a8e083f53fce/itag/43/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3767803046/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/51F8776FAAB3522BAA149BB5D67A979108DBF69A.0815EC3326EC6B5870A93AD6FD9DCCD5C43A55A4/key/cms1/cms_redirect/yes/mh/zz/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nes/ms/onc/mt/1623895957/mv/m/mvi/6/pl/50/file/file.webm
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 650
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6F7F 42 B
64 B 16ms
16ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvuLc08s3K3gAH1ISJb60t1_zE071UkE5zMZh_IjV7sC-7MXsrCuRLtyeaIKOcWPAES9_LTVvMYECPJSQGNrRXsYKBBYvkIIQKeAHPGikLbHeLFRsdjyugdE3HpzA&sai=AMfl-YSe6LeZfqhcb-3-EZ3D3qRur7dxYgbO4AogMJKEmTmwbFqvOzjXtV5Nvdmeq8afG4WGcpl1VRuycyMk5HrOV967lMU5rXkwyu6fW-e3qsgEG13V9P9L8Mevu8MOMxCN&sig=Cg0ArKJSzMyYqQk_rHdYEAE&cid=CAASFeRoGCzkrRgrjsbp2eC2wco0Cf11aA&id=lidar2&mcvt=1053&p=590,1239,630,1280&mtos=1053,1053,1053,1053,1053&tos=1053,0,0,0,0&v=20210616&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=437793788&rs=4&met=ie&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1623896278330&dlt=35&rpt=441&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C6F5 42 B
64 B 15ms
15ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuCm4XwaE3lK6R9EVTfl5TrVxuT56Pqgjmd5cfI7iSly63Yysx1TFZqAUw3Q9COeX7CHc7sboEJuehfB2xQ5xbAgkIzKE8pkqBWXljRxazxmPmUDvIXybmuP6l8Lw&sai=AMfl-YSaYjSoe5CHTVDWoI18InilT3ddW9XJnBmZLmSJaK2L15MI9uWcsG13gcfsXfN0JK99kGO_-GAaWnC3RCitpDVl1RXt8VnbVsRiiF6at6fzcLzo23ldOspk6OSSLh8s&sig=Cg0ArKJSzHQFilkN63-sEAE&cid=CAASFeRoZo9JRwUDT7Gk4SGfC1Tp2BdbnQ&id=lidar2&mcvt=1027&p=210,320,464,1290&mtos=0,1027,1027,1027,1027&tos=0,1027,0,0,0&v=20210616&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=2049153674&rs=4&met=mue&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1623896278330&dlt=16&rpt=530&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E3C1 42 B
64 B 15ms
15ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvCtOgO_-5eWHVz6QeIlYki0sDkJHlXiHvbLIDJcIPPgPCdNc05lyYsJPrJv5W4tFW7FdkPLvXf8xTIsXj9JcHZ2S-_QHP1CsM62H_Cb-OAF3Ns&sai=AMfl-YRF8QmC0p_irn1BScJWlQ2EsxuX5Ou29P1dzHP06h73AvU4Cxgu-Byr0J42Pmc0rXXLWO15bSEZ6bOENX6LQo-t-8QkPnr03P-9Fh3VtX188okOMt3loqaBJWT9DGtE&sig=Cg0ArKJSzH6Tnm81oEruEAE&cid=CAASFeRogy17_2Arf5ZsCms96bC0ZhABtA&id=lidar2&mcvt=1031&p=15,552,109,1280&mtos=0,1031,1031,1031,1031&tos=0,1031,0,0,0&v=20210616&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=2341537960&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1623896278328&dlt=15&rpt=606&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:17:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 14ms
14ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=223&t=2&li=gpt_2021061502&jk=1673677711425563&bg=!TE-lTwvNAAZktE7iZLQ7ACkAdvg8WnNxAhwc-w3M1Ej0w-Ulv19MYYvHPetBsyVg0tJiqsfQqxN8GAIAAANaUgAAAFRoAQcKAHl7gQpn3ct3_OtVIZPknEWY7o9bjOuiL0ChVu451i4zJdjni6AS5-mBp5qynfP6J6wHajR5qZWdnGCyDkXdFccyp3vf7mwXac35SOwWpwqdCYHDBWB0C41Pjqc53EZQ9XSN991v4beK-fyTVHv9oV2EaeR9jjG6SR-DmQJ4XsbIVlQwDg2MM4p3FGhATuUVJrdCALUZIXTGoElTGsMh4La-1HZABSrkkFk4_YalWjSyH_Z6FqDy8GE3Z2IqAt9ztodxIbt0e4UvfrdGHXfOLRsb9fPianF3hWNZX98J6B2iKPKrytjZ1FHzPTRNY1b5Qd9GjDmWXRchdN9SMMiN2-P96DHZFDs6DTSDJPvHzhJhZMRUSTyZw_U6VQ5mvJrMQGdrp3MN2BCpN0DfuNaCZQET4iOftbHy_LCd5TixxJk7ewsoEYczqsv_3wijROklp-bUEzl7cQiCjJ5Dc3P_MJac5hOCgt78lByVThwsoFgUqdvoKX77LUsw_6qq2eAW49yPvS3HcZtfyzbNHHw-9Gdn2bW4o_0JFe0vLEfoYJQ2TZ1aKlLDN1_8tAMGXjBcACqKNRE_Jt3UuMPjd1_MVxwTbQRE2JqG-Qp1x3Yte2TqdDngxcABmhGz2J9we3uTsFB0P2ffCuhP1oa1xRQuhgedyJIhN1DbphOqxqexyDts1Kuf1Zjvo3pjHMdFalIkoU4-b7vcbbbGcqLcHZaUej3AuxkOSlcG6z9JBN7HC1V9kPwAFsR2lWBgRiG8eOi_bz8WYuei5Wtcd4flfpb9Zx9JBMOrB96N7tFVfkaCUmBoPXj4VbhAxe3vX--HB_cH3aLRnkPVNX9-MpW9tG8Lv16r7tSljtrikuk8nuzjbO_kVSakq4naEPK2UeSf7f-81AZALy0koKBoJO8fat8rXX02Z1V1RbaOY--4fXOFL9v0kz3Yx9CGrO5dRWcxtbPPOu86YyOiBPdMMNqR9s00rp6xd4TPl9vuw9yPSUUD_JezrKcxGu8

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://glossy.espreso.co.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:18:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 545C 0
20 B 15ms
14ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6gRb1rDKYMzpGoHz3wOvka2wBAAAAAA4AeAEAg&bg=!kpGlkdXNAAZktE7iZLQ7ACkAdvg8WvTShhxJSGu-j-0Do9xEnu2Bgl923Qi4g4EklO9zD3KZDm4V8AIAAAMrUgAAAE5oAQcKACwjTlte4HUoD7pnIP7dBOczvh1TcaxE_r7J1oFCTFeAOtIFKJIUwt8rpIOLWJkCtiv5iCLJH46Vxj5snxLlch4sYQs1LJmLApCpCqzg6kiwHrUuDNXFbRcC9TOOQMRbUZum5b7WN_4HZlePiMTI0jiEUzPsrUXpb_uFb9bpP1xthzLbLzUHzw6EXIigjbyndVg399Mebjj3BJDgfk77brOjynLP70QMYdheILPIcNPW7L-oTdUAS9REEmCQ5KyKjwT_AXgCbQeV5pWOqG001SL8fiQBOR-rBGnmcnABz_3xqU4wUtP3VyjbyEKNvo6xvjEQiyn2cEpQBB0nZK9KxZO0CHYNMn0YbhPwfbI7Q9bdqmgiv-gKvtVC8M1aQ0XeErPdRTod6eDoKl0I9wjPiIuXlxXHh_Zjcq79r8RevERZ4KSHGm_LWSWWP7WV1mH98vbqyePOL3-RHB7g0hOigzZVggm8Jw1P-ZSlY_1hHS_KiNwDmWOGss6FcjS6SbrsPBUe_3orM3mt-YiNhlRr4N4aM7PGjE4IMQIDK3uDQr2B19aP4_U9QzSn_-V2b-uEjJUCcobkow_2HVQx72VhBh9nw9RvsDniUBsn3mOfJF4epfjJoxjKn0Ljh8aG9mhzUJBb6V-bvn097OwiQzamhCj91EgquyV3PepHq1Rnh7V7eG7-xjDtdCNzXjCzND3h5zqWaDi7JXHf5vZE8Pm0RSq7hnVSgrNVU7-YzPLHYaOICyar-s_6EfovF7b3qsszScMo1FRnx7v8bQrZg2-PeC3J_NvfPYlfoHp5IPs7wApdBeJqXuCuchY596wcRJBHdJIIobeKFh-pORfYo-gI1el5cSjb2zgYC4w4xGoyYXz2-OrCBD7AR2SsL7ToF1N0ufoVpTqAx_8cTbmrUyCvTTbYJ8RgREE6l8r_E5C6TtNEOlVfugaIOJdCGTVS9CCv2KVc7of2afhmANF1Pm19lQLxEYCf-Vk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:18:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 658B 0
20 B 15ms
14ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3P461rDKYJLXGIzC-gaqxYeQBwAAAAA4AeAEAg&bg=!mJulm9_NAAZktE7iZLQ7ACkAdvg8WqcP1AOTEltNallAJUeShIdMX96Y3qHRWFOCtK9rDvG7vuZjwwIAAAN1UgAAAFJoAQeZAs1DZkwUWVlAp_hjcr27TGkm_Yyeb0tI0tO8GHK2oq6xxbuDTWB-oovs4FiscDdyO9Oy9lBU3SNduiwETxz0r8INClm4PKMcXcx8LVJ_GL5au7_UVx3tOSVY23wWcUE5wQTLDt2uyaKoytAOMzkEFZngF_PlHl5nS5PMhEBbMTS-JEk4QZolItY_pq8RrAOZVYtoM12ZrKv0xJ3nNh8vf9UqkRct0kopIE1ZnfVTO8SxWjycm8YgcUdfMS2mMsMMLPKEoK_y_YtL8yCXS3_hH8kum1TRuvp-SHl0ndRWVdioxashIj6Etdx67IbUpLvulTOYftZQMKq8Ah21jZSg4su3et3yCWoqhl5Qi0q4L_DocBja68oeZUTw82LD44dPFnzNquaOOKJ57SuE6tawNf0dfklBsbUC4Qk43EuuMrW3JTZXv3BKfkZHXui8xz7YOovL5VFi2ZgG3fyqHKuNgJYnebhGHzn591hBI1RlSh7NxZPMj2wJOBwF2mer6dhQqeam-FJbjIWOdbxX1L4LiDXAuMDSU6GOdi6tgYPB3MlPDFNAucFZrKsXJPf562QmeiiGAAHNySTJpD4lll6bHfGQg56kBfKSCBwFfoDeK0bDI4lrRhYSimsyvOOTaDyaYfOD6b2UscTVMWW0CqVY9I4chSk6qzhh4GhRl_BH4Jno9doKYEkgi79YgE70xKq6LiUMM0jV6OkNMDMpjkNV8gLeUwADLBtmOBQPX73V_NBqOQrTdxHQBR7eAibKu7YTei7Qjhm563CvoOKTrh-pWT1lBHle0j-NJjNuIB4sbhlZTC3AzhL4xf2NOnDKk-YWS4mjmFCsGfvJyDKh0KBlpkJ4Trnr3Vnmnp_eUkevHLNromhTijJRvNdIV_gIUjvxuaPRiKA6TmZJMFGMBHabwaqBEe7ZvwF5ThZ8_bBdeZWdARnkJiPJkTfLI6z9Qyg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:18:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8CAA 0
20 B 15ms
14ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BgHFB1rDKYNz5HYe03gOpsb2wBAAAAAA4AeAEAg&bg=!hIelh8PNAAZktE7iZLQ7ACkAdvg8Wom5bhBXyErRv1VfGgF4ErpWKDnvGZvoa14Qu8YoTZ6iq8FxAAIAAAL7UgAAADpoAQcKAIC83EzeVq1YwwDBAv1AIRArurZZKqFCeFJSZusX-SvYh8sCG-eIFlkGDqypgxqkn7IzowQwXn0NH8F_MW8a2OZFZv0JqPQ6Gvt1mhMxBBBDphYjz66JnzgVbbomAA6RPixjP0-AqXB1egg5GsD5oX2DiMpXOPLdjQTblrGQTXWTsJkCz6_eoMnvQnVA1WFCz_t3rMfB3dUmiYbroMsNtuUJEVQ7kvf8ZAMHQG6AL0GJ3JaO6GWhhL4XCNpCWs6fs_ZUjwHV1Xe6AAQ-X8m0KhiyoECpQMkR8k5aFRL7v_TMLEJC3UpMFtD7EGgInKu_KEKpPmVsbr4MbKK0Wx76J6wdFbnSWsdCSvV3bQkgL4gsLTE5N8mjGZbepKpqvo9L2oYug-RzzdcP1ukcRtzUhN6qeNR76Rm8IvsrUH2t6ht-7FGOdR4nWFkqwlg1qf78dTP7NR7C_H1AmjeeZXjyv8ueaFmEOdtA2FCVaaqspNH-QcKPGG9xFStq1C31jwPjkMsnQNfWi4DcTMUynS_uPAtzIV2NAun4Bmpi8DB_Y2V4IHGHz9d2jygap33qNTz6zTIhadPasB10RCNPSWUHTZ0X69Co1xV7hAgGBanSxkyEGG9HbsF5dvHPn7OQ7nfKzhHk_XFTb9zm1uCtPZkxL1lc50qH28zo1TC-TKHT1jN9QvnaCOXFts-d3wWdXARwbhRb-CDs1uneE_5sb51JFUdHsqM-bL2nKw7zSwefqdpJrUWNCmc9YnrX_wg0Jo9sBO8w6SMuSJTIrn215YXYbM-mA8eLo6lfCKWqWMfQ7-ULi-muRCz6aVwEzxn3fnUNU7JLgw0e8ZmL_kbEwVT_WpSvyPSCJO0w-MXNxwJ01HZkII0ayZcJqOhMdk-xTXYiwZLXxVdCis-gQ8D-QLRihhaebfKV5Pq187Q4FKTYx4La4qItpP1g21i3O2dQZI-sEZWmskz-2QhZ4DLUuEWMovy3WXmSGiFdeF75NMb9SmsAp6oyQCcgBIQrT8BThDPvRR9Jd6LKh8JiyeDgP2BKeKs4u-OmqXmBJeRb8opyiiXKLCxRBg1fIUQKeRMPCmDXt2N7vm2lFbUvVFYJ1U0u1swIGhajUFxg8CCWQorAU2xqTLq2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:18:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B54F 0
20 B 15ms
14ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDBlk1rDKYLyVG5PC7_UP06aOSAAAAAA4AeAEAg&bg=!ZmWlZSHNAAZktE7iZLQ7ACkAdvg8WqoUHsNk9_ur1b0NOv3xNisRuRzyjP7C3ZWBsm9A_61Dit8zCwIAAAInUgAAABdoAQeZAsij4uV5i3SqegDFZRBRVLV55pcnj8gtTAbfVYIIsmI-LT9qX-C462tQpEri1bnS7vwF5t6teWlJ4HNvuibPxxJNPlVOH2186Q9kiEB5XJsxr-xA-pbwC-48gnOyHM4ijDd8b92Esa3XgTQaKAf43NKuiAN5zkiT7eTNkgoKkRxkEUS4k0UzX-pEFkp_0Mx_U9dsuamAWGDdFLOlhtv_VQ3hHnpIma_hXpn6Nt0t_5NfpE8PsArTc2g1gTDy0TwEbcFBddzBhiMhRdUzrrVsH7uvgvp4rzY9Ayibzm6EqCuHTmaKCMd4BEfXsfkAe1TYOaBi5lq23qUqSouD90htHQOcBFyFfwDZzmOIyydguvWf1YVgrmWMIb6e0_yALJvzW1f1Un2EXuzkCyFP50N_lyLGWsq92P2-PjeIjmPFQWU4ZauzOFMH6PhJPE92w2ViGxAha-IkvY3-e9JOwSX9vJ2Aknf7k7tueDUZjS-6M1yHNy1dtvJSVMydPi7FFwY0mIpA3W-iwWE_1SoYpG8Vl0FZmAtWQAUUW64g4_s7fT7dUX-kTxCdh7OAzLxEWI-J7JtwjsmneffVgYL0R4ZcWaknS7MEFqBkKIrBO0Vk52GjVLHrmFSn8tJMRhdlaW5uAIR-ni1YBRL6b2f0oAjcWyXLIyEocH7GSyOdjfJlnvq6fyxq-e2lcL085bP6k8esPs4p1t_K0qxIBQGhBJMaS1HvPmery7JuLsV43ke_777DKcb9KtxZvNfphM3_D2ByI60eDZPFtNBySAW9bNWcIKiNfR5rsRRLUNMTWYL6facO7WTgf2YTWhwU3aR6xYg6SfmHLvGgjRDS1KXy8suodbz3Dl1CXQ0rEi3xPouQ1XNSIRS3ZSw8Ugqsz4_eBLbDpfzWY0YwP_MQ6BOwaQ_7Ta773nptwnfKkEEsDhAq3KFpf6Qioq59jE0H

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:18:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame C02C 0
150 B 4ms
2ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=57431900011982200710612011628023&a=fce28585&vb=v
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=57431900011982200710612011628023&a=0e6cc936
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900023.redintelligence.net/request_content.php?s=57431900011982200710612011628023&a=0e6cc936
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 02:18:00 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29 206 file.webm
r6---sn-4g5e6nes.c.2mdn.net/videoplayback/id/1e16a8e083f53fce/itag/43/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3767803046/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame F52B 25 KB
25 KB 18ms
10ms Media
video/webm 2a00:1450:4001:28::c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:28::c Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

ab1cc217fcabdab752230691a85f1a24dbde826ae0d45ae5993f9c582258784a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://s0.2mdn.net/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=720896-

Response headers

date: Thu, 17 Jun 2021 02:18:00 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 19:57:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
Content-Range: bytes 720896-746713/746714
client-protocol: quic
cache-control: private, max-age=86400
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 25818
expires: Thu, 17 Jun 2021 02:18:00 GMT

GET
H2 200 dc_oe=ChMIvNjQhs2d8QIVE-G7CB1TkwMJEAAYACCJ591IQhMIr_axhs2d8QIVEMV3Ch2mPAX5;met=1;&timestamp=1623896280743;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;
ade.googlesyndication.com/ddm/activity/ Frame 6F7F 42 B
251 B 74ms
73ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIvNjQhs2d8QIVE-G7CB1TkwMJEAAYACCJ591IQhMIr_axhs2d8QIVEMV3Ch2mPAX5;met=1;&timestamp=1623896280743;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:18:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 206 file.webm
r6---sn-4g5e6nes.c.2mdn.net/videoplayback/id/1e16a8e083f53fce/itag/43/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3767803046/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame F52B 663 KB
0 7ms
6ms Media
video/webm 2a00:1450:4001:28::c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:28::c Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://s0.2mdn.net/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=65536-

Response headers

date: Thu, 17 Jun 2021 02:18:00 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 19:57:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
Content-Range: bytes 65536-746713/746714
client-protocol: quic
cache-control: private, max-age=86400
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 681178
expires: Thu, 17 Jun 2021 02:18:00 GMT

GET
H2 200 dc_oe=ChMIvNjQhs2d8QIVE-G7CB1TkwMJEAAYACCJ591IQhMIr_axhs2d8QIVEMV3Ch2mPAX5;met=1;&timestamp=1623896289473;eid1=2;ecn1=0;etm1=9;eid2=12;ecn2=0;etm2=8;eid4=14;ecn4=1;etm4=0;eid6=16;ecn6=1;etm6=0;eid8...
ade.googlesyndication.com/ddm/activity/ Frame 6F7F 42 B
107 B 42ms
41ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIvNjQhs2d8QIVE-G7CB1TkwMJEAAYACCJ591IQhMIr_axhs2d8QIVEMV3Ch2mPAX5;met=1;&timestamp=1623896289473;eid1=2;ecn1=0;etm1=9;eid2=12;ecn2=0;etm2=8;eid4=14;ecn4=1;etm4=0;eid6=16;ecn6=1;etm6=0;eid8=960584;ecn8=1;etm8=0;eid10=18;ecn10=1;etm10=0;eid12=960585;ecn12=1;etm12=0;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 02:18:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
glossy.espreso.co.rs/	1970-01-19 19:04:58	Name: _cb_svref Value: null
.espreso.co.rs/	1970-01-20 04:33:44	Name: __gfp_64b Value: kReHJIJx6tlisPhP3aoawjsF15DVqDI9NjBlFKC4ftL.V7\|1623896277
.espreso.co.rs/	1970-01-19 19:06:22	Name: _gid Value: GA1.3.1664425215.1623896277
.espreso.co.rs/	1970-01-19 21:14:32	Name: _fbp Value: fb.2.1623896277660.1366042634
glossy.espreso.co.rs/	1969-12-31 23:59:59	Name: X-Proxy-To Value: glossy-web1
glossy.espreso.co.rs/	1970-01-20 04:33:44	Name: _chartbeat2 Value: .1623896277818.1623896277818.1.2anqyfgnclB_Qle1D9rt2QDcl45V.1
glossy.espreso.co.rs/	1970-01-20 04:33:44	Name: _cb Value: Dg63miB_-cG3Ckr2pL
glossy.espreso.co.rs/	1970-01-20 04:33:44	Name: _cb_ls Value: 1
.espreso.co.rs/	1970-01-19 19:04:56	Name: _gat_tstTracker Value: 1
.espreso.co.rs/	1970-01-19 19:04:56	Name: _gat Value: 1
.espreso.co.rs/	1970-01-20 12:36:08	Name: _ga Value: GA1.3.380280673.1623896277

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://static.cleverpush.com/channel/loader/kTvC4RTe5ySLedKnR.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.espreso.co.rs(Line 1) Message: TypeError: Cannot read property 'getItem' of null
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.5.5.js(Line 32) Message: a: 0.001953125 ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ade.googlesyndication.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
alt.adocean.pl
alt.hudb.pl
bc4f9bde35b28b1843eb8029285f706a.safeframe.googlesyndication.com
cdn.contentspread.net
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gars.hit.gemius.pl
gcdn.2mdn.net
glossy.espreso.co.rs
glossy.espreso.rs
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900010.redintelligence.net
hal900023.redintelligence.net
ib.adnxs.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.quantcount.com
pym.nprapps.org
quantcast.mgr.consensu.org
r6---sn-4g5e6nes.c.2mdn.net
rs.hit.gemius.pl
rules.quantcount.com
s0.2mdn.net
secure.quantserve.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
static.chartbeat.com
static.cleverpush.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.adriamediacontent.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.kurir.rs
13.224.195.50
137.74.0.158
138.201.63.145
138.201.64.38
142.250.185.134
142.250.185.194
142.250.185.66
142.250.186.66
185.33.221.89
185.80.68.11
185.80.68.6
2.18.234.21
2600:9000:20eb:5200:6:44e3:f8c0:93a1
2600:9000:2104:600:9:46dc:4700:93a1
2600:9000:2104:ce00:18:1fcd:34f:cdc1
2606:4700:20::681a:e1f
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:28::c
2a00:1450:4001:800::2002
2a00:1450:4001:802::200a
2a00:1450:4001:803::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::2004
2a00:1450:4001:810::200e
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::2006
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:827::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2001
2a00:1450:4001:831::2002
2a00:1450:400c:c04::9b
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
51.159.89.0
52.18.40.16
52.207.123.8
52.51.10.244
54.208.245.148
78.46.23.46
85.114.131.234
87.237.206.234
01edb070cc5490fa639dbee73675a4cbcbb9abadd6a9c2683a301d05e0cf2b04
041e8df19fca5f476e628e1db9c9851b4334d100f48e9c862a912afe3030eb86
047ed5c1bcaea807f1edb61af9be9d808c474d7ae00dd2577067ad4adbcffd29
051abf0786374b8d1eadc174fabc02c258ce2ab6f697dd5941c16893a2025100
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bacfef26ff1922579b35aedd4f6906354dee8471df00262d03962fd53e54def
0f7d532802612c4f419ca9afc05559a546fac06259f23e5bcd22b2b43f7703ce
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1250cac1df26eff62cb52c6732a01bad753ba6c8299329177da2e43c714564f8
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12ac0f75a9f8b7a564428e2e8eac46da0b50260cc7f6a5a3ec85fd667db60332
1370be8cb4d55008a4edaa4c8df7a0eb1277703fa18dfdb557b98eab0a86b365
1880b9d7593123b47d32504fc94590f79101880c8658eade4d9eaf0748dc9fdf
1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3
22882a69a2cd613b25bc774dded2d9d71c97bf0677d764e8bd270402a6802688
236888a9bde0a1cabbd288498b6ba4fb3f4ec7119d2d06666a5a48a82f51f042
2c3597b696e68fc11727ba93994b398530494b10cfa2423899a6623f20903a6f
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2ddef05ee7b0caa6fd9be281a5b4e53ada42bff7814578d748144f2f9181e476
39e110d013cee5277b6be02ea51c5b08319dd79697aa19bd2a191f47d7ca26fb
3d05476160b2e6ab3b268c139f71dcd960449aae386a6b7c7ba330f22f3a12de
3f27138b8c509198b5d51abc266e37f2961ebf28f8e51508a27a92620345c109
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
476e4ac7143827a9b8c242de1b67d8359661ccadaff81ca252b118898b122ef1
4a73a25af69626a6603914fa6dac8a9651c251c18725586b1d1b4ae79c4fff3c
4b4924b6ea8623395984b522ee4e1fe77f464940d2bb155ae40bce56fbcd3423
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ce256491fa2f9d454090ce3e4d13fd37d44f5657181fd0bb08a5cc499f9ff1a
4ecfa657a94c57109985f7d07882a68936fe311340910a2f592ebd80a1c82906
4f66cfd40407d3fd8f4742e3329e77d088f78bd9f025a8e21c0d9b060f8d07a9
501ab0e4cb15e8fe0073f3e9e58e9d37b0e15139f7f11e5480269f6aa53ed296
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5057f7beaa08450682a5418bdce93e9783bd704527406843fb019ea0a52778d4
517555e17b1360ff89c96cd3416acbd8ff198af435332a62b4ebf951a4a63def
547f226c6e04b6654144617685448d360e2a92d908c6fb646761a1e6d4850004
5b15b644333397d466bbfb81b62195721aa925a3c60d3eafe79749eee8c24a55
5d5e0d3e1cbfadb5c7a63053b5339d06457fe7a66c344a970a762a56123c5ec0
5f04c7a08a1212d8162d1eac49de26fae5ae94258da72aab14590cf3c0c7b342
61778a50493e58b841786c3de1ffe8daa73fbdec205cdf712261c9d50d69bde9
66eb6a7fdc6f1e20b98d3a661e5489c8ac50a80ead16d38826f5f3d4168e23b6
67e265c261956cde6b66235ba7e3b373fd009396493e810ced9264d937f30397
6c965b1ed52b38fe460282d5fbc7da1282d752619de314057686d15926f02860
6e7fbf1aa68aaa8b14e1bace5cd83d9b29c89326007e3ab3385091bbdf9d3e88
70ab00991c0b8d520e1fba9b9964466fc8a5c25974d6402256069ff57d79df04
73543b3da479f12c64d510e6483c68283b8990da5888ac5df4f2cc93c669596b
74474f4c24a435cf43422b6515c2d448b3a3a84385aaa0e4b2d9582797c00f8b
76d5db0937dfb34e137aa34bf381f10e8d0195eed45723363d0fc293c70b085d
78e80319fa9c41e8168c0f2a6e3a858fed6894fedc5229f8b02333f888dca4fb
7be9364f21808a881f4530002ab0363deabf7de3321a1356984e88fb316ac165
7cc34f8b7c204239152ba51c8ea2ad8b09de6a2bbc95279fd8a32494451cfc50
7cc569a18a9dfd7f191b5cf516e335c67255047ffbd4da0f1e8109598665ada8
7e4563071048dd98f7120d73d55aa8f31fef27b1c1cf600eb38306421078153d
7f69a42e8100685904bb22b5ff3ccddeb7b953e3d31ba169bc8e1833c71a561b
7fde8977ecff29929cd4d82f1081a3d3f29874cabd78853259651b5a9762bc7f
81335cbf9ae8c8097d4198053dba2b587fbb9e0fecebe7ddd46d151090017265
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84dbd0a6d03020da002fbbcf233e4113cc4ba90f9dacfbb5bedf1cea4378722b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86ab03a72e25300a317a6a1e722eb5299b33aeac4d2c8c20ba769328bd90180b
89f82e0b8b8919bc50c1770bc92d933823bd668158fd48a21f9869d5a65d4b59
8b476a5b7af347e2173a050d686ab1c14201bf44db7b30b1716ebd022bed534e
8c5a62c74692dd5d707767c763842fa3a199c5d50b526f2a138747af21ba6202
946b641e36084d4db7894790a21f361eed3fe249bb7d2f42bb4f19acede3108f
94f5cc49c8a00bfa0976f542ac6b5c24ff32d00af1dfe581f6ab669558a8dff3
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
9a08c894f6f68684f2faf33015efc32ab719f98551c2bace590635cf122771fe
9aeb4dbf75ad0288890f36aabb44e55148cf40bb9aa1521c7ecb2fbfd373370a
9db3984b51c528a4eb5c9ac0a30d771d0f749ded8d8108456c9992b58606f4f9
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a39d2ec9bcdaae22f3c1e9ce78d608ccb743b7c52d072d01475e69fd4ef32f34
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4
ab1cc217fcabdab752230691a85f1a24dbde826ae0d45ae5993f9c582258784a
abf231b869211c0c55300c8272ef35d405886b5d01ab407ae454f5cf1d0bb0d8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b46ff96c0823eb221dc3d1dd0cd90e322590c0d6cf4e60f3a8b3c17585ba7475
b533a17c2cdc90922af4c3eab68f1f72db64d0b714231e15eecc681a64cd01e3
b7f736144a4c3c86a1e620f94d91b3c0eedcadac33888203e554dc2e7c3cfa66
ba462692b44ec826922965ea262e87e2fa936c82383982380b10b898444cf90f
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
be36bf0f2001beedfdeec85a65ee55b6b610f5466b59ca38c7a427c553f9195c
bf0aac0288eb062621e22a2f984ee8a69b8716df4436fd2a95bf0842007e027d
c550de5f44cb7f71f3ac55fbfe8d31836742c4d70c20d738fb0781c6fb32b1d0
c5e70389c972c7ba533e257af2956ce547209790cafc89e9c0a0ab3b42f8e1a3
c87523df036c51f20ffceb5b53e9c8bb074a052b0d285beb48f3d961b8a1511f
cb40ba2435e2e4b96188df4180036947373d94df90e84903c45f381d08f0f10b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
d3eee9e4ebf3283e4e03867700f591840bb9f2d23ba4b957589b0f88381d28c9
d4293d5f70a0cd3488becda4191ac23d1ec2b8e0d79bed365a8f43c9c0e5e7c1
dbaad3dcbd3af75e09e72dda072b749266241e9efa1026b108cada1fdd8b9151
dcff73cc7b0aa93b6b8ac0bc18cc3f3871ae1f42ecd1c128393c58f44f273155
de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc
e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567
e1fd175ab2f666d230639d413f7bb1f293208cb5bcbf380e6c0dc8b288fd2b9c
e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d2fb5e2edecc03632d4232f8956dfc6cea25557cdd082cab892d00f2769bc4
e548abcd8734bfcf8b4ebbbca1af98f9e8ae1e0ff884c0971f29498a4fc108f4
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
e8ec2a4d84f51a4860526181c3822b954b3a134dc14446ba753b37708470171d
e976787a9a289482894670cb65cb05e8f99a8525e6019021b104e2a0c129a1a2
eb1bc82943d300c448ed1f04ff3e70d029e042f619f52b10f52f7c17eb9c5ad9
ec8b1002e700074d62dd69751c896d1862576ebd06bc5c93529abf8f625a5e83
ec93813683cccb74a7896a34a2ed1b2163288620f6959ae06de3ded30cf518b9
eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef391572f9fbb7bab7fef6ce2c4fc92ad68a8c148889a79cb9f9b1452d851fab
f012733f8000d438c6afc2e784f6ef2c289f5349e6bc0de469e84325dffe2ec5
f256fc754073c6c1c5b1901281680fa7b68804eba4ed62d57a72e4fbd242e896
fceb383956a313eba092f8618ea26600780ae79e85cf7dbe08bba1b50aed2940
ff213cbd4e2dcc4e9aed8dd9ccf19400ee080b08f4b3bc70dc24c65732afdc19
ff3587135389fc0f7399474f84d6bff086059dbcb13d9b4e64b495d72ba4e4c7

glossy.espreso.co.rs Open in urlscan Pro 185.80.68.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

191 Requests

99 %HTTPS

57 %IPv6

30 Domains

49 Subdomains

47 IPs

8 Countries

2537 kBTransfer

6146 kBSize

11 Cookies

20 Outgoing links

Page URL History

Redirected requests

191 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

glossy.espreso.co.rs Open in urlscan Pro
185.80.68.6 Public Scan

Screenshot
Live screenshot

Full Image

191
Requests

99 %
HTTPS

57 %
IPv6

30
Domains

49
Subdomains

47
IPs

8
Countries

2537 kB
Transfer

6146 kB
Size

11
Cookies

191 HTTP transactions
6 data transactions