urlscan.io logo urlscan.io
SecurityTrails logo

www.hawtcelebs.com Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u12097671.ct.sendgrid.net/ls/click?upn=4PC2wo0fWhUBQdJDPL-2Fxerma-2FiNLXrBX17zncJLRZJMQl1lhzVepM9KfwXbLwzG-2FafPMcTGQrJ5rE...
Effective URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Submission: On September 05 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 81 IPs in 12 countries across 61 domains to perform 393 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.hawtcelebs.com. The Cisco Umbrella rank of the primary domain is 245434.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 6th 2022. Valid for: a year.
This is the only time www.hawtcelebs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.115.54 11377 (SENDGRID)
2 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 70.39.246.51 30366 (AS-RHYTHM...)
15 2a06:98c1:312... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
28 2606:4700::68... 13335 (CLOUDFLAR...)
5 68.71.249.118 20093 (ZEROLAG)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
3 2600:9000:214... 16509 (AMAZON-02)
1 7 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
13 32 142.250.184.226 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
6 2606:4700::68... 13335 (CLOUDFLAR...)
19 2a00:1450:400... 15169 (GOOGLE)
2 151.101.193.194 54113 (FASTLY)
5 2620:116:800d... 16509 (AMAZON-02)
2 2 37.252.173.62 29990 (ASN-APPNEX)
1 198.47.127.18 3257 (GTT-BACKB...)
1 129.158.42.199 31898 (ORACLE-BM...)
2 2 104.18.19.126 13335 (CLOUDFLAR...)
3 2600:9000:223... 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
3 2600:9000:206... 16509 (AMAZON-02)
29 2a00:1450:400... 15169 (GOOGLE)
38 2a00:1450:400... 15169 (GOOGLE)
1 9 2a00:1450:400... 15169 (GOOGLE)
1 141.95.98.69 16276 (OVH)
3 2a00:1450:400... 15169 (GOOGLE)
23 2a00:1450:400... 15169 (GOOGLE)
3 9 104.18.18.126 13335 (CLOUDFLAR...)
2 4 37.252.172.37 29990 (ASN-APPNEX)
2 2001:678:cb4:... 56396 (AMOBEE)
2 34.98.64.218 15169 (GOOGLE)
2 4 52.17.139.148 16509 (AMAZON-02)
6 142.250.186.66 15169 (GOOGLE)
1 2 37.157.4.40 198622 (ADFORM)
4 94.130.102.164 24940 (HETZNER-AS)
1 4 46.4.10.47 24940 (HETZNER-AS)
4 2600:9000:214... 16509 (AMAZON-02)
17 2600:1f13:800... 16509 (AMAZON-02)
1 108.177.15.157 15169 (GOOGLE)
2 2 145.239.193.130 16276 (OVH)
1 88.198.250.30 24940 (HETZNER-AS)
1 2 2a01:4f8:d0a:... 24940 (HETZNER-AS)
1 49.12.16.151 24940 (HETZNER-AS)
1 1 94.23.99.218 16276 (OVH)
1 54.76.176.197 16509 (AMAZON-02)
1 104.111.239.217 16625 (AKAMAI-AS)
1 2 2001:678:cb4:... 56396 (AMOBEE)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 169.50.137.184 36351 (SOFTLAYER)
1 1 54.76.147.17 16509 (AMAZON-02)
1 185.86.139.102 201081 (SMARTADSE...)
1 3.71.169.66 16509 (AMAZON-02)
2 3 64.202.112.63 22075 (AS-OUTBRAIN)
2 2600:9000:206... 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
1 46.105.201.240 16276 (OVH)
2 167.114.209.61 16276 (OVH)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
6 2606:4700:303... 13335 (CLOUDFLAR...)
1 198.27.80.143 16276 (OVH)
1 2600:9000:225... 16509 (AMAZON-02)
1 104.18.36.173 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2600:9000:206... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
5 108.138.4.10 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 18.193.0.23 16509 (AMAZON-02)
7 67.202.105.33 32748 (STEADFAST)
1 2a04:4e42::485 54113 (FASTLY)
3 2606:4700:303... 13335 (CLOUDFLAR...)
6 2606:4700:10:... 13335 (CLOUDFLAR...)
17 151.139.128.11 20446 (STACKPATH...)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 67.202.105.32 32748 (STEADFAST)
1 2.18.68.199 16625 (AKAMAI-AS)
8 34.251.249.27 16509 (AMAZON-02)
6 52.51.126.33 16509 (AMAZON-02)
1 2 2406:2600:4::b 55569 (CRITEO-AS...)
2 178.250.0.157 44788 (ASN-CRITE...)
1 54.77.31.182 16509 (AMAZON-02)
1 3.33.220.150 16509 (AMAZON-02)
393 81
1    167.89.115.54 (Herndon, United States)

ASN11377 (SENDGRID, US)
PTR: o16789115x54.outbound-mail.sendgrid.net
u12097671.ct.sendgrid.net
2    2606:4700::6812:5f3c (United States)

ASN13335 (CLOUDFLARENET, US)
app2.cision.com
1    70.39.246.51 (United States)

ASN30366 (AS-RHYTHMIC-NY, US)
PTR: clickthru.moreover.com
ct.moreover.com
15    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
www.hawtcelebs.com
4    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
28    2606:4700::6810:8616 (United States)

ASN13335 (CLOUDFLARENET, US)
live.demand.supply
5    68.71.249.118 (Toronto, Canada)

ASN20093 (ZEROLAG, US)
udmserve.net
1    2606:4700:20::ac43:4739 (United States)

ASN13335 (CLOUDFLARENET, US)
waust.at
4    2606:4700:3033::6815:3c4d (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.whizzco.com
api.whizzco.com
3    2600:9000:214f:e000:5:c4ab:c3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
bid.underdog.media
7    2606:4700:10::ac43:15e3 (United States)

ASN13335 (CLOUDFLARENET, US)
services.vlitag.com
assets.vlitag.com
media.vlitag.com
1    2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
5    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
32    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
securepubads.g.doubleclick.net
cm.g.doubleclick.net
1    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
3    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
7    2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
6    2606:4700::6810:8516 (United States)

ASN13335 (CLOUDFLARENET, US)
api.demand.supply
19    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
googleads.g.doubleclick.net
www.googletagservices.com
2    151.101.193.194 (United States)

ASN54113 (FASTLY, US)
confiant-integrations.global.ssl.fastly.net
5    2620:116:800d:21:ef75:8280:f209:5ba1 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
2    37.252.173.62 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
1    198.47.127.18 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image8.pubmatic.com
1    129.158.42.199 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
2    104.18.19.126 (None, )

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
3    2600:9000:223c:c800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
3    2600:9000:206f:600:11:615:7240:93a1 (United States)

ASN16509 (AMAZON-02, US)
pxl.qccerttest.com
29    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
38    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
9    2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    141.95.98.69 (France)

ASN16276 (OVH, FR)
PTR: ns3216534.ip-141-95-98.eu
id5-sync.com
3    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
23    2a00:1450:4001:800::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
9    104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
4    37.252.172.37 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
2    2001:678:cb4:bbbb::13 (United Kingdom)

ASN56396 (AMOBEE, GB)
d.turn.com
2    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
4    52.17.139.148 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-139-148.eu-west-1.compute.amazonaws.com
fw.adsafeprotected.com
6    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
googleads4.g.doubleclick.net
2    37.157.4.40 (Denmark)

ASN198622 (ADFORM, DK)
track.adform.net
4    94.130.102.164 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de
hal9000.redintelligence.net
4    46.4.10.47 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de
hal90002.redintelligence.net
4    2600:9000:214f:dc00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
17    2600:1f13:800:7782:2ffd:4913:b6c3:d37a (Boardman, United States)

ASN16509 (AMAZON-02, US)
dt.adsafeprotected.com
1    108.177.15.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wr-in-f157.1e100.net
bid.g.doubleclick.net
2    145.239.193.130 (France)

ASN16276 (OVH, FR)
pv.medialead.de
1    88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de
pb.media01.eu
2    2a01:4f8:d0a:2321::2 (Germany)

ASN24940 (HETZNER-AS, DE)
cdn.retailads.net
1    49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de
futalis.de
1    94.23.99.218 (France)

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu
medialead.de
1    54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
ad-server.eu
1    104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com
www.awin1.com
2    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
r.turn.com
1    2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)
dclk-match.dotomi.com
1    169.50.137.184 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com
um.simpli.fi
1    54.76.147.17 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-147-17.eu-west-1.compute.amazonaws.com
ads.yieldmo.com
1    185.86.139.102 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
1    3.71.169.66 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-169-66.eu-central-1.compute.amazonaws.com
cs.emxdgt.com
3    64.202.112.63 (Lovettsville, United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
2    2600:9000:206f:ac00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
quantcast.mgr.consensu.org
2    2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    46.105.201.240 (France)

ASN16276 (OVH, FR)
s10.histats.com
2    167.114.209.61 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns515688.ip-167-114-209.net
t.dtscout.com
1    2606:4700:10::6816:4aab (United States)

ASN13335 (CLOUDFLARENET, US)
whos.amung.us
6    2606:4700:3036::ac43:c1dd (United States)

ASN13335 (CLOUDFLARENET, US)
api.whizzco.com
1    198.27.80.143 (Canada)

ASN16276 (OVH, FR)
PTR: ns558056.ip-198-27-80.net
s4.histats.com
1    2600:9000:225e:8200:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)
test.cmp.quantcast.com
1    104.18.36.173 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.tynt.com
1    2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    2600:9000:206f:f400:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
cmp.quantcast.com
1    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
5    108.138.4.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-4-10.fra56.r.cloudfront.net
c.amazon-adsystem.com
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    18.193.0.23 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-0-23.eu-central-1.compute.amazonaws.com
audit-tcfv2.cmp.quantcast.com
7    67.202.105.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net
ic.tynt.com
1    2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
3    2606:4700:3037::ac43:9e3b (United States)

ASN13335 (CLOUDFLARENET, US)
px.vliplatform.com
6    2606:4700:10::6816:3ac7 (United States)

ASN13335 (CLOUDFLARENET, US)
assets.vlitag.com
17    151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)
assets.revcontent.com
img.revcontent.com
cdn.revcontent.com
images.revcontent.com
1    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
redirector.googlevideo.com
1    2a00:1450:4001:11::8 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
r3---sn-4g5lznez.googlevideo.com
1    67.202.105.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net
de.tynt.com
1    2.18.68.199 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-68-199.deploy.static.akamaitechnologies.com
ads.pubmatic.com
8    34.251.249.27 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-249-27.eu-west-1.compute.amazonaws.com
trends.revcontent.com
6    52.51.126.33 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
yeet.revcontent.com
2    2406:2600:4::b (Japan)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)
gum.criteo.com
2    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
1    54.77.31.182 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-31-182.eu-west-1.compute.amazonaws.com
id.crwdcntrl.net
1    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
Apex Domain
Subdomains		 Transfer
74 googlesyndication.com
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 129
tpc.googlesyndication.com — Cisco Umbrella Rank: 174
436 KB
51 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 226
googleads.g.doubleclick.net — Cisco Umbrella Rank: 73
cm.g.doubleclick.net — Cisco Umbrella Rank: 303
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 373
bid.g.doubleclick.net — Cisco Umbrella Rank: 622
stats.g.doubleclick.net — Cisco Umbrella Rank: 188
414 KB
34 demand.supply
live.demand.supply — Cisco Umbrella Rank: 36544
api.demand.supply — Cisco Umbrella Rank: 63875
38 KB
31 revcontent.com
assets.revcontent.com — Cisco Umbrella Rank: 7850
trends.revcontent.com — Cisco Umbrella Rank: 2673
img.revcontent.com — Cisco Umbrella Rank: 11467
cdn.revcontent.com — Cisco Umbrella Rank: 8877
images.revcontent.com — Cisco Umbrella Rank: 8178
yeet.revcontent.com — Cisco Umbrella Rank: 9862
142 KB
25 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 1021
static.adsafeprotected.com — Cisco Umbrella Rank: 791
dt.adsafeprotected.com — Cisco Umbrella Rank: 735
195 KB
23 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 350
1 MB
15 hawtcelebs.com
www.hawtcelebs.com — Cisco Umbrella Rank: 245434
203 KB
13 vlitag.com
services.vlitag.com — Cisco Umbrella Rank: 17655
assets.vlitag.com — Cisco Umbrella Rank: 23851
media.vlitag.com — Cisco Umbrella Rank: 25862
1 MB
12 google.com
adservice.google.com — Cisco Umbrella Rank: 142
www.google.com — Cisco Umbrella Rank: 19
1 KB
11 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 709
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 904
8 KB
10 whizzco.com
cdn.whizzco.com — Cisco Umbrella Rank: 61778
api.whizzco.com — Cisco Umbrella Rank: 61386
8 KB
9 tynt.com
cdn.tynt.com — Cisco Umbrella Rank: 11440
ic.tynt.com — Cisco Umbrella Rank: 5291
de.tynt.com — Cisco Umbrella Rank: 2459
9 KB
8 redintelligence.net
hal9000.redintelligence.net — Cisco Umbrella Rank: 35377
hal90002.redintelligence.net — Cisco Umbrella Rank: 319130
57 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
116 KB
6 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 234 Failed
248 KB
6 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 725
ib.adnxs.com — Cisco Umbrella Rank: 329
6 KB
5 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 362
47 KB
5 quantcast.com
test.cmp.quantcast.com — Cisco Umbrella Rank: 9826
cmp.quantcast.com — Cisco Umbrella Rank: 3426
audit-tcfv2.cmp.quantcast.com — Cisco Umbrella Rank: 10749
141 KB
5 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1405
pixel.quantserve.com — Cisco Umbrella Rank: 691
21 KB
5 udmserve.net
udmserve.net — Cisco Umbrella Rank: 5021
7 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 120
imasdk.googleapis.com — Cisco Umbrella Rank: 456
129 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 458
mug.criteo.com — Cisco Umbrella Rank: 1814
1 KB
4 turn.com
d.turn.com — Cisco Umbrella Rank: 1620
ad.turn.com — Cisco Umbrella Rank: 1268
r.turn.com — Cisco Umbrella Rank: 5065
2 KB
4 google.de
adservice.google.de — Cisco Umbrella Rank: 5202
www.google.de — Cisco Umbrella Rank: 3469
2 KB
3 vliplatform.com
px.vliplatform.com — Cisco Umbrella Rank: 17351
1 KB
3 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 845
1 KB
3 medialead.de
pv.medialead.de — Cisco Umbrella Rank: 36991
medialead.de — Cisco Umbrella Rank: 36713
1 KB
3 qccerttest.com
pxl.qccerttest.com — Cisco Umbrella Rank: 1351
2 KB
3 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1180
2 KB
3 underdog.media
bid.underdog.media — Cisco Umbrella Rank: 16932
167 KB
2 googlevideo.com
redirector.googlevideo.com — Cisco Umbrella Rank: 382
r3---sn-4g5lznez.googlevideo.com — Cisco Umbrella Rank: 171050
1 KB
2 dtscout.com
t.dtscout.com — Cisco Umbrella Rank: 9418
3 KB
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 10848
s4.histats.com — Cisco Umbrella Rank: 8721
5 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 94
20 KB
2 consensu.org
quantcast.mgr.consensu.org — Cisco Umbrella Rank: 2806
45 KB
2 retailads.net
cdn.retailads.net — Cisco Umbrella Rank: 177154
6 KB
2 adform.net
track.adform.net — Cisco Umbrella Rank: 3442
941 B
2 openx.net
us-u.openx.net — Cisco Umbrella Rank: 708
418 B
2 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1490
id5-sync.com — Cisco Umbrella Rank: 636
14 KB
2 pubmatic.com
image8.pubmatic.com — Cisco Umbrella Rank: 928
ads.pubmatic.com — Cisco Umbrella Rank: 713
61 KB
2 fastly.net
confiant-integrations.global.ssl.fastly.net — Cisco Umbrella Rank: 1815
59 KB
2 cision.com
app2.cision.com
1006 B
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 486
392 B
1 crwdcntrl.net
id.crwdcntrl.net — Cisco Umbrella Rank: 2151
340 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 493
1 KB
1 amung.us
whos.amung.us — Cisco Umbrella Rank: 9037
184 B
1 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 1371
55 B
1 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1267
75 B
1 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 985
466 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 1468
709 B
1 dotomi.com
dclk-match.dotomi.com — Cisco Umbrella Rank: 5005
104 B
1 awin1.com
www.awin1.com — Cisco Umbrella Rank: 15259
702 B
1 ad-server.eu
ad-server.eu — Cisco Umbrella Rank: 72820
312 B
1 futalis.de
futalis.de — Cisco Umbrella Rank: 215403
409 B
1 media01.eu
pb.media01.eu — Cisco Umbrella Rank: 36358
629 B
1 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1710
297 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 141
41 KB
1 waust.at
waust.at — Cisco Umbrella Rank: 26947
7 KB
1 moreover.com
ct.moreover.com — Cisco Umbrella Rank: 419087
182 B
1 sendgrid.net
u12097671.ct.sendgrid.net
250 B
0 rlcdn.com Failed
api.rlcdn.com Failed
393 61
Domain Requested by
38 tpc.googlesyndication.com 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
www.hawtcelebs.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
securepubads.g.doubleclick.net
29 pagead2.googlesyndication.com 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
www.hawtcelebs.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
fw.adsafeprotected.com
www.googletagservices.com
securepubads.g.doubleclick.net
28 live.demand.supply www.hawtcelebs.com
live.demand.supply
client
23 s0.2mdn.net tpc.googlesyndication.com
www.hawtcelebs.com
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
s0.2mdn.net
18 cm.g.doubleclick.net 13 redirects googleads.g.doubleclick.net
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
17 dt.adsafeprotected.com www.hawtcelebs.com
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
15 www.hawtcelebs.com www.hawtcelebs.com
14 securepubads.g.doubleclick.net live.demand.supply
securepubads.g.doubleclick.net
www.hawtcelebs.com
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
11 googleads.g.doubleclick.net 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
www.hawtcelebs.com
9 images.revcontent.com assets.revcontent.com
9 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
9 www.google.com 1 redirects 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
www.hawtcelebs.com
tpc.googlesyndication.com
8 trends.revcontent.com assets.revcontent.com
8 assets.vlitag.com services.vlitag.com
8 api.whizzco.com cdn.whizzco.com
7 ic.tynt.com
7 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com securepubads.g.doubleclick.net
6 yeet.revcontent.com assets.revcontent.com
6 googleads4.g.doubleclick.net googleads.g.doubleclick.net
www.hawtcelebs.com
fw.adsafeprotected.com
6 www.googletagservices.com securepubads.g.doubleclick.net
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
www.hawtcelebs.com
services.vlitag.com
6 api.demand.supply live.demand.supply
5 c.amazon-adsystem.com services.vlitag.com
c.amazon-adsystem.com
5 fonts.gstatic.com fonts.googleapis.com
5 udmserve.net www.hawtcelebs.com
bid.underdog.media
4 assets.revcontent.com cdn.whizzco.com
assets.revcontent.com
4 static.adsafeprotected.com fw.adsafeprotected.com
www.hawtcelebs.com
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
4 hal90002.redintelligence.net 1 redirects 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
hal90002.redintelligence.net
4 hal9000.redintelligence.net 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
hal90002.redintelligence.net
4 fw.adsafeprotected.com 2 redirects googleads.g.doubleclick.net
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
4 ib.adnxs.com 2 redirects googleads.g.doubleclick.net
4 services.vlitag.com www.hawtcelebs.com
services.vlitag.com
4 fonts.googleapis.com www.hawtcelebs.com
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
tpc.googlesyndication.com
hal90002.redintelligence.net
3 px.vliplatform.com
3 cmp.quantcast.com quantcast.mgr.consensu.org
3 b1sync.zemanta.com 2 redirects
3 www.gstatic.com 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
3 pixel.quantserve.com www.hawtcelebs.com
3 pxl.qccerttest.com www.hawtcelebs.com
3 rules.quantcount.com secure.quantserve.com
3 adservice.google.com securepubads.g.doubleclick.net
3 adservice.google.de securepubads.g.doubleclick.net
3 bid.underdog.media www.hawtcelebs.com
udmserve.net
bid.underdog.media
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 cdn.revcontent.com assets.revcontent.com
2 img.revcontent.com assets.revcontent.com
2 t.dtscout.com waust.at
t.dtscout.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 quantcast.mgr.consensu.org www.hawtcelebs.com
quantcast.mgr.consensu.org
2 cdn.retailads.net 1 redirects futalis.de
2 pv.medialead.de 2 redirects
2 track.adform.net 1 redirects 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
2 us-u.openx.net googleads.g.doubleclick.net
2 d.turn.com googleads.g.doubleclick.net
2 ssum-sec.casalemedia.com 2 redirects
2 secure.adnxs.com 2 redirects
2 secure.quantserve.com udmserve.net
quantcast.mgr.consensu.org
2 confiant-integrations.global.ssl.fastly.net udmserve.net
confiant-integrations.global.ssl.fastly.net
2 cdn.whizzco.com www.hawtcelebs.com
2 app2.cision.com 2 redirects
1 match.adsrvr.org ads.pubmatic.com
1 id.crwdcntrl.net ads.pubmatic.com
1 ads.pubmatic.com assets.revcontent.com
1 de.tynt.com cdn.tynt.com
1 r3---sn-4g5lznez.googlevideo.com
1 redirector.googlevideo.com 1 redirects
1 media.vlitag.com 1 redirects
1 cdn.jsdelivr.net assets.vlitag.com
1 audit-tcfv2.cmp.quantcast.com cmp.quantcast.com
1 www.google.de
1 imasdk.googleapis.com services.vlitag.com
1 stats.g.doubleclick.net www.google-analytics.com
1 cdn.tynt.com waust.at
1 test.cmp.quantcast.com quantcast.mgr.consensu.org
1 s4.histats.com s10.histats.com
1 whos.amung.us waust.at
1 s10.histats.com www.hawtcelebs.com
1 cs.emxdgt.com 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
1 ssbsync.smartadserver.com 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
1 ads.yieldmo.com 1 redirects
1 um.simpli.fi 1 redirects
1 dclk-match.dotomi.com 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
1 r.turn.com 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
1 ad.turn.com 1 redirects
1 www.awin1.com 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
1 ad-server.eu 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
1 medialead.de 1 redirects
1 futalis.de hal90002.redintelligence.net
1 pb.media01.eu hal90002.redintelligence.net
1 bid.g.doubleclick.net 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
1 id5-sync.com cdn.id5-sync.com
1 cdn.id5-sync.com securepubads.g.doubleclick.net
1 sync.technoratimedia.com www.hawtcelebs.com
1 image8.pubmatic.com www.hawtcelebs.com
1 www.googletagmanager.com www.hawtcelebs.com
1 waust.at www.hawtcelebs.com
1 ct.moreover.com 1 redirects
1 u12097671.ct.sendgrid.net 1 redirects
0 api.rlcdn.com Failed ads.pubmatic.com
393 99

This site contains links to these domains. Also see Links.

Domain
undefined
trends.revcontent.com
help.revcontent.com
www.revcontent.com
akismet.com
sulvo.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-06 -
2023-06-05		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
demand.supply
Cloudflare Inc ECC CA-3		 2022-03-21 -
2023-03-21		 a year crt.sh
udmserve.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-25 -
2023-06-25		 a year crt.sh
whizzco.com
Cloudflare Inc ECC CA-3		 2022-04-30 -
2023-04-30		 a year crt.sh
underdog.media
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-25 -
2023-06-25		 a year crt.sh
*.vlitag.com
GTS CA 1P5		 2022-08-11 -
2022-11-09		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.freetls.fastly.net
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-05-04 -
2023-06-05		 a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-14		 a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-17 -
2022-10-05		 a year crt.sh
qccerttest.com
Amazon		 2022-04-04 -
2023-05-03		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.id5-sync.com
R3		 2022-08-18 -
2022-11-16		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
fw.adsafeprotected.com
Amazon		 2022-04-28 -
2023-05-27		 a year crt.sh
redintelligence.net
R3		 2022-08-02 -
2022-10-31		 3 months crt.sh
static.adsafeprotected.com
Amazon		 2022-08-06 -
2023-09-04		 a year crt.sh
dt.adsafeprotected.com
Amazon		 2021-11-19 -
2022-12-18		 a year crt.sh
*.media01.eu
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-05-20 -
2023-05-21		 a year crt.sh
*.futalis.de
R3		 2022-08-20 -
2022-11-18		 3 months crt.sh
www.awin1.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-18 -
2023-04-19		 a year crt.sh
cdn.retailads.net
Encryption Everywhere DV TLS CA - G1		 2022-06-17 -
2023-06-18		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2022-08-09 -
2023-09-10		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2022-05-18 -
2023-06-19		 a year crt.sh
*.cmp.quantcast.com
R3		 2022-08-22 -
2022-11-20		 3 months crt.sh
histats.com
R3		 2022-07-11 -
2022-10-09		 3 months crt.sh
*.dtscout.com
Sectigo RSA Domain Validation Secure Server CA		 2021-10-28 -
2022-11-27		 a year crt.sh
*.amung.us
Sectigo RSA Domain Validation Secure Server CA		 2022-05-18 -
2023-06-17		 a year crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2022-05-09 -
2023-04-18		 a year crt.sh
www.google.de
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-03-21 -
2023-04-22		 a year crt.sh
assets.revcontent.com
R3		 2022-07-16 -
2022-10-14		 3 months crt.sh
revcontent.com
Amazon		 2022-07-25 -
2023-08-23		 a year crt.sh
img.revcontent.com
R3		 2022-07-16 -
2022-10-14		 3 months crt.sh
cdn.revcontent.com
R3		 2022-07-12 -
2022-10-10		 3 months crt.sh
images.revcontent.com
R3		 2022-07-09 -
2022-10-07		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-08-27 -
2022-11-22		 3 months crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2022-05-01 -
2023-06-02		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh

This page contains 29 frames:

Primary Page: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Frame ID: 51E7E6B4BCB21DE6C573AB917BEBB463
Requests: 191 HTTP requests in this frame

Frame: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9CB09AD3DC9F8B008115ABBB1A5A8E85
Requests: 1 HTTP requests in this frame

Frame: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 12D824601485B8E21E950BFE9657ADE4
Requests: 15 HTTP requests in this frame

Frame: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 34688EAAC9ED53DF16866A81C5CF1852
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuCsquFFpWpP_Wkg6miEN3JU7Wks1TyB0VaNSv4U7bEYFhjTVkUKwbez2F63ntykDe5Qt6H-IEJaoUtq5jmzWangp5ctL5GzImi6rziKIy9GBX-4BG8hGYgORyLvFESi517h1L6PxN20FBnJPXDJ2E2EmJUNmbGXW-9zJ1p4I7XL2DShyV3A2DAFcsP8zGHvJnwKksa7XisULSk2d87xrnDZ5vo9hY9DYgOVSHCtQAoZT03d6K2PyKYKgV5uNfsnyKLI5A-M0DoaJ1xDORjzXThrfPgFh5w4xtQG7VCbrrcKYnTIcGL0OaoGrVUErLFIY7yofZf6qtZGSoJJ90GOewY8tWgz53F941k7ypNiEw4AJDfSj9VPy37YAy31neQRwFPOie1PaNH33q-HA&sai=AMfl-YSaM57xwypGOrInY2HmooMOC1qr5YsWTaI9lw7EVLqFs-xuVYEWPD07ixLRYW9RcDo7AaZgzmdGeHf6p3QuYX12TftIWgY4AaL2gp5SA5gceMKXgPjCC-HYqU-SL3j1Jcs&sig=Cg0ArKJSzAGmmTFGBn-pEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 2FF64F9739FF8B5D96517E81CA14477D
Requests: 2 HTTP requests in this frame

Frame: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D60B7693B48A364E938514781BCC79B3
Requests: 1 HTTP requests in this frame

Frame: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2F186691F42600BF611C3B4934466F5C
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhj-9fnQATAB&v=APEucNWhCaOPEY0QwZT591KNaBUdGb3lcFaFlpxHoYHFkGz8xrhbTcP0Q7qzCfA4BFbLvFaxcKKtPzUCmaCzQTqt7WPQMYMt4moqMQ8vxhkzYw4X_tk0UYy7eeHaK7qMaPvZkpoF3hLnFe7GNrwrT-25KhkmgotLSl-QCHspTkobJsQJWfXZToBlRtA8iXijz35LwYf0RMq8l0_zFNCHYQunnndHlrcHvg
Frame ID: 0F12FAF8A85E81DCAB96C52F26E1F4C6
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Frame ID: 4E622B4CDB340727FB9CF5CF2BB6D0EA
Requests: 16 HTTP requests in this frame

Frame: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E29C87EEA838277D2164385E5F95233A
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYuKK9lQEwAQ&v=APEucNUkGFums6LWP53OQvnWPQj1bWuf4_rl-lAoLQP3iKrx36FAzMAt9kEzrFWGSoMqmkSuKTSo8ddN0AlJ6DvpU5rwPQRQs9iGXqWqL9TddYp_gJNEljTq7ZxgXbEMc1gL9yjnw4tyQa1k_AJoBTLxdA4LWmuVeNnu-bASmVPXwkT9RyVKtvWcYxs_ZhbN7Q7OAPrxfV80gqZ7nYR0u3d35fPB7nZe0w
Frame ID: 8B84225A51CE0582125AE4203DCD9CA7
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B7PgFIPFgw9W4O_JcoPlfiJf-lX0yZUwe2Avqdc92QVbUl3sSwk9GC6KDS_STmTybl9Ts5U8SZkpei6gYfieZ5YPIMzaY9Nafk9frW-ROvnJ_u4iT_TJ8SkqBNXxWqQjWvCpUI74Ofoh29IVB_hjlC6c-9Pw&cry=1&dbm_d=AKAmf-A6q-nzE4uQGRv1wfJzuqV2r7JREABIICedbuVz7RQHX1TJIe7FilPgJcnQ5B3E9zzzEG9mWsiY4_aerGoz0tOxKblF0bczmQH-GtdqHI8mG6hhY2JhbHebr37ekshOClmanGx3mU_bK5ngfnmO-2UvWMU4j4yverlAseedzMHckzIZ8kEvNfN6EcqN3uSwPCSygrstHsraCVz4uuNG6CNjEx2FRS5WAZhdX2quqj681mwCCMmbaakuwWXDS-YIcp1wScN8NtSsGYMbInsd6W-pq9m-HZINksThA8zfezKajvG85i9mNIFzdNmqrx2uiUi5IOgRcelU6mrLzq_AyN0bVC5Ia7fCvgPPfyLT1TgQvXwP4o-cMF4xgqfEOGAX1x53iJx_g3nPfRj702Uj4BLzTcwC3wfAqxEuiqin4iZBe4FNZWFVJCzQsnojDfiFMekZmriqkhvpLW9LH22_YIT1AUY-x0z_QN_53Oe1cOJd1gSXVX-T0rDItg-UzjXhSQkDv_QuTy4nBvO8kHSHpZV-0jnMjyUPgBLX_9YC43eu4aR71YxkRohuLKzWJHyvIwJLZgyo6L-oQsMln3ttKwCzjjBa97qhmKOgrjXPIwjxxhnkZkIdGZVzkIhTm_iZrLrMW0DnuNCQVL465WJ-qbywQ7X7rQacT_1MSLEvVBCWIvdIb9Pe7P2mfPyas3DdchtVWSoYVWI8-TSAVTAOMaFnFTJlCncSvnHZ8vwZQ0kcudJu7iD6Q6HgzlJMItaJ_E_Fi2MlzBLkz36VcTb9psxNm39Iw_oS7NXuvyEDSX-FRYd-cLAIcPqPriLQXVo0KGxiPdRH1n5HCgQ4ta6dTILNZ9Bhddr5UmjunvrlwKi9DcOM3Dn4f_bUOSJ0d_wa8ygZV0JuD-oC7KymVnKXsmXaPOAu7m8QDy7zvEqSI9f045O3arxpyIeVSKSWoBB2McC4D2WQAh0nzBgyRPasdAyfR6rYlkq2ox8HpClOABypJCYIVyuARaU5Bx1w5DdhTugxlbvrgkuO0nV_xDjhvBrFdwUkRQENCY9y_pWhvOudtdGWoGBHCV2DDZ3iIPV59dPedPQgAmwV89VLvMyfTCj1XIsZ6cPlaGbfVbjnpG20RceBViC2h-nbvL2TsBSnm5GqBLLRnMN5n5zvJA3KR-OyjtmQokhCQf5NlWUjFYSOS_6JnwEgX-XFCH8ENCi6yxWSsbKsstlqB3KDA4Q317kgnfnhRLZko5IM0ub8QMbfBzqzjkPeuRUnO37WdJZy0YYAPcz_dBEcWK-RR8g3qGS7g98opTNGxHPmePUouDjXCt40XPB-9L1mjSEfn-0V2SbiAWAWW7xr-l4NpNvTflu3bAN7cPw-andHSXe_kzXarb6cndDA1i_QZe5BZNWOcXCaP9_WZUmScgorxtxfc_0kWFuTSvWDFQ7nKADhAojYT6eMOANfaCobrMz4KFEhuaDWndEIGb-m0vNGsNOJ8GGvXkBWYXrSkNYtzxAh9_RrzhvTano6imLW2j-1I0RFofPkbb84G8EZmB7d_JDzxfDOZNtZ1WQ4UxesJ0A7ls_zg85SRymTnMKFL6v0Fp4AWaheKgTfdK1qXV-JBVbGOANUSjGD3bhNO-5fkcSIF2C96pl3YpIFTiiWj7AyZC_x9bkdF82tz-5VuhjmLRWEzV-EPVvef8B4lxwQU7AyxwFbFx8ts0yoLaF0-Avbo9mcHP43HjpopdUd6zohPN_fp9iPhdS-D2rPB6Ag2AziF4gBZAWFmJr3Xj9hYCEqSzm4JIqWW9fO1BOZcUjeIixfNlW7221aUVKDSdqPqQsJEuuC7vxwoX_KOJjANdddPKagE_7lNNJJWRFcu8TjcAGTdc997G53YCBCIUxhlH0DUCMlhKOBNalXVAbnRSZNoBKwhWaCyQrPSwa10wG4ZcYm5ewnzlqZwveUu-QAzEq7Dp2-DUD33On1bmt6OeERKOS5OpTGucZbOMxU9YU6UF0Ld8Hjl2k7E1jSaylLK4t6sqj8l1NhJ-8Pr-lTf571lf9P1rzrEcXLo0yWQ4YXRqk0lxEpfvjQYPvVSXTPETrpgqkjIOEqWgu-egdbJr5K0yglw6lNe0OZyg5HjTrhJQtFyXKbvQWcxi1vKYnQlJdOmrDpqfd1RY2YnJZVIGzLfMWW6od2qzUwZaM_t1Ak4R_GOP26Y3hMOlONGhHDj_flfGi656dV06ZUd26lTDemBl0EYERgG-gVQfRtpKyWWTc1FFpRBJ1IB-aKVqorYbHsGdgrOgeVVqqGrMI33Yk0C0gU_u8KswsyzpWdJ3r6Ccd0Z4ORnBV4FxL1YIpwOwWWwVslrhnSrFCYs91cR7uDc4UajLX8aWu8PDQXR1jm1saCjZF0np4fmQjWk4sEWA-I-fewTBg0yzbMtPS0mXeZPuGsYHJQfAQZ6YWhBy2cH9Nl1V9Qon4ZGFtGRj5xjBqeABszWl9B4tgfsQ7u7mY2w8t3mBSfTwyCvsLACRPVFGStoVqVSTGKi8FEA7YLneFN-em7WU0SReyeS5263MzT9hTtSSVwvdSAuekVTW9XSGpps4UxH_RQSmrBQkzKxsamYRGf-5jZhPLESRfWit1tBgr-E_sB7rUId36mEtuTXOLdJHEkXxPBDllssN-cao5sjDGx_Ii2iosY935fRA1pHJjC6ptMZkM_xtfGNgTnMPbeN4ZMs4gAnKBVCowDjsjsSYbwQBGW7aUuPn24dVoyhGO8BK6ASMw8rO1QHLJAvB2FAt2mvowc5B7BcmfLahmAAmGjNc5xTz834YYaY1KfbVZJl0pGnZ3U0Uvb6dtdlD6XZ61fH67d4cCRbgsewbkqlxPcRiwflc-wakIcxg5NNwOjsKzh6TzryYH_27P3Gu0shFRyDawWBhjyDVWgneyGYy1Zl7708Ol2elu4sMzOLPc2kpFb4r0ICLR71UkDasJ8QhnJFFyaCpn_yeXF-nwcN-X9UxM9vNGieS-8N1Nx7D6Jz6YHuXbSLu-B1_vWxf8lwJ3-H7-A2z55EgrPqkApYWRVRIIL6stQuSRmCWrWwpvDUFUMY3phfvbfThdcPrdLBRJADl3SFO0BH9ZxanimIpFEnJt8W4xxh1SX0EEdjynd3fk3LmGq3NAjZxt1-YO9zeNIvJG7hGc1KAh7F_WWYcJWhOXy0jMDD3lqvy2vnsbgtFxznblHIDJvdf_EBssCH8b35RqI138I9MmhCZ6j6FJYdm5hcryO9b9blh4-9J3DLs_QkQWGjAeEdJMEo8C9QAPEXOjEAuoYNEPMe2tGVjRh3am2aVwpl_uE079cKRDINrCSxsYtPEkcI03whRmziW6-68Dp2xL3nfp6MNSx6qIJXyMcR-77zyZeTe6ugqQzJqQBDBQlIerkkZNnpGh3Sz8HfVhDHd1a9vMLdvVW7FcFcBDIdEuNxL_tot4ckV9wwluq8sWbQEgL08gcxYRVj1pF8I-rwo3pfTMC-rZHpfeYMPHO-2KGQj7mhG20-n_0gi44VIdycvTuVGVXPbODhdbJpLCHeA&cid=CAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g&rfl=2%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Frame ID: A677FAF7A18ED9454DA34EE554DC9AA8
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD-jfH6ARjNgsKtATAB&v=APEucNVP-IsSxp6MeiImuCGff0BNVQeUrCJU-1oCyCr4WR2WhH_MXxQ3Pcy2kAw9RIkIt0L2n4eUXaWDl1T-jSIQpK7PjRN3Us3sIBzOItRTX8xjsCuwXrvyPBEl9pEHQJ84nOhc3AqBINaN33dQBRCxtUa6JjViYOMBIxIp8lDYVph_NAOHyVkvtkf84H3JoonqQLdqVKWhl1QHZ-QzFaluKD_FGJxqMw
Frame ID: 5111DAF33758E109C4BC58659DB24369
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 64E85000904A8745375E3F5E0F34CE45
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A0AE5ED102F4C80E7990C1D1B00B3995
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 59657FD8A755B0D92E18B0A29D33545F
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
Frame ID: 9E2BB31F5795C2B3F3B61477D7035A9B
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5EBCED5AABF7463E257739294DF55121
Requests: 3 HTTP requests in this frame

Frame: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A8DDBB102D6B2E87F609D4D916EA0B53
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD5_-oBGMaErZkBMAE&v=APEucNUhX6lIqcRzgt9NjS2CvtaEaqxnBmcVQmC4-tyD59AeKA8uoNI8t059uiPYW6wQ4UYDHT93vmiK17WbaRTNLMxXmM5YEv_K0DPYkQmOiy-6QZuvLWz9H7B4Eks-_J3HSX6pmXMg0GH-HyOFoiVsv9I0oCruuapTWp9EvI_hBfqGPKbf8mp50G-nqn4QHyS-5OThGDCOnUqCNwl6fByyw_v2yKHezQ
Frame ID: 740A69A84070186EE51592BBCB1FD81D
Requests: 4 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 324FFD2211EEFE50EBFCAD4C657A3158
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: F71527B8D5715A191BD773BAD23E7113
Requests: 1 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=78794700131074401084714012073002&actionid=981741&produktid=&dt_url=
Frame ID: B56245BE78CBCA27852AB941794A6FF0
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1578472959
Frame ID: F279EDF0BACCE44B8895570E86179342
Requests: 2 HTTP requests in this frame

Frame: https://hal90002.redintelligence.net/request_content.php?s=78794700131074401084714012073002&a=869ad90c
Frame ID: 27BFCFD222C03B3847E28A735E796841
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B57D29E0267CA0EFB650A36B8458D50D
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 18F9BE7F9F5225A2CD2F8F728DF85FF2
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C9130CC7935A6B1B91EF0718BB3554B9
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 764DA3E285E34A552128E3E5F68CFEDE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

LORI HARVEY Arrives at Kylie’s Cosmetic Event at Ulta Beauty in Westwood 08/24/2022 – HawtCelebs

Page URL History Show full URLs

  1. https://u12097671.ct.sendgrid.net/ls/click?upn=4PC2wo0fWhUBQdJDPL-2Fxerma-2FiNLXrBX17zncJLRZJMQl1lhzVepM9KfwXb... HTTP 302
    http://app2.cision.com/redir?s=8600002772484388 HTTP 302
    https://app2.cision.com/redir?s=8600002772484388 HTTP 302
    https://ct.moreover.com/?a=48574602403&p=8vr&v=1&x=lQP2e3qTCeLBo7yWdOV7fg HTTP 302
    https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-2... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

393
Requests

93 %
HTTPS

50 %
IPv6

61
Domains

99
Subdomains

81
IPs

12
Countries

5329 kB
Transfer

10944 kB
Size

56
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u12097671.ct.sendgrid.net/ls/click?upn=4PC2wo0fWhUBQdJDPL-2Fxerma-2FiNLXrBX17zncJLRZJMQl1lhzVepM9KfwXbLwzG-2FafPMcTGQrJ5rEf8ghachaQ-3D-3DIZOb_vab-2BQUqbE5KA1x32hdOJqkXuLngSFWu9m7eUduXhvjYoQJEbYNJpKYoT5cWykD8omzkGq-2FCIeXRjZOy8oJlng51NsC757-2FOLz3w1FvOwePrvZLiT0z-2FJ9yaaK2-2FH9oLp7yncAamlrhEyLV3EACN9ivXk8t-2FmxedZUWGQIPjj5p2NSUhsk5ZlqUwGYBHtwKwdnm9qasqLlVAEdcgI3slOnDIkNHPiAv4ayhd37RyR66hHqivnk3jlSG4475ptB-2Bv3 HTTP 302
    http://app2.cision.com/redir?s=8600002772484388 HTTP 302
    https://app2.cision.com/redir?s=8600002772484388 HTTP 302
    https://ct.moreover.com/?a=48574602403&p=8vr&v=1&x=lQP2e3qTCeLBo7yWdOV7fg HTTP 302
    https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 66
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.57632774 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fdt%253D1%253Bapnid%253D%2524UID%253Bcb%253D0.57632774 HTTP 302
  • https://udmserve.net/udm/fetch.pix?dt=1;apnid=5007904726464245340;cb=0.57632774
Request Chain 69
  • https://ssum-sec.casalemedia.com/usermatchredir?s=199174&cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.57632774%3Bindx%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.57632774%3Bindx%3D&s=199174&C=1 HTTP 302
  • https://udmserve.net/udm/fetch.pix?dt=1;cb=0.57632774;indx=YxY3oOwda2xciwnHsx5sKwAABF8AAAAB
Request Chain 137
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
Request Chain 138
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxY3oOwda2xciwnHsx5sKwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
Request Chain 139
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEM4OlECGQ-JDRPVWbAkksBw&google_cver=1
Request Chain 140
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTAwNzkwNDcyNjQ2NDI0NTM0MA%3D%3D
Request Chain 144
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
Request Chain 145
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxY3oOwda2xciwnHsx5sKwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
Request Chain 146
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEM4OlECGQ-JDRPVWbAkksBw&google_cver=1
Request Chain 147
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTAwNzkwNDcyNjQ2NDI0NTM0MA%3D%3D
Request Chain 152
  • https://cm.g.doubleclick.net/pixel?google_nid=turn_dmp&google_cm HTTP 302
  • https://d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/?mpuid=CAESEIPrYTCr1TaNSsKRecc9Hns&google_cver=1
Request Chain 153
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFlfihLHZc4jhHzq-3nhvE4&google_cver=1
Request Chain 162
  • https://track.adform.net/Serving/TrackPoint/?pm=2488958&ADFPageName=DAN_Valentino_Tracking_Campaign_Impression&ADFdivider=|&itm={sv91:%278468260%27,sv92:%2726085996%27,sv93:%271374101%27,sv94:%27306358049%27,sv95:%27177023086%27,sv90:%27IMPRESSION%E2%80%99} HTTP 302
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=2488958&ADFPageName=DAN_Valentino_Tracking_Campaign_Impression&ADFdivider=|&itm={sv91:%278468260%27,sv92:%2726085996%27,sv93:%271374101%27,sv94:%27306358049%27,sv95:%27177023086%27,sv90:%27IMPRESSION%E2%80%99}
Request Chain 170
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 179
  • https://hal90002.redintelligence.net/request.php?zone=xhwrmj44o767&nw=20&renderingType=javascript&namespace=94d1c6f0ef&subid=&uid=a66399ec8c9c8825&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=980x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNTQ3nzcWY6mnN6mxgAeSsozYD7XN-YNXvNu5q-UM8C4QASCVm8ohYJXKkYKgB8gBCakCO4LHDD-ksD6oAwGqBPcBT9DNUaFsZoyFcwor6BXIeV_bfSuxMOSDUHOQMIjw8aX5us5iEHhI9WEZC0LJFh4EY4p7gURTNq90q6_Q0KB8hwdz5fzquWtkJzW_taBBTPUSF9IBqhxSkn9Mxm_txmYmLXlJZlw2SOWBuDnIYl-PTkIkv24JkwAuwyjwxbpLAjlOReJ8b1TZ4GGbwDZqQRBNcdiqP2iK_T851__KQgFyhYAO0X2qgOYcWEjLjwp_UvYdf5qI7GBkUWNd2rZUmJIdb19Ul4QJ-N5tj7WZx3A7O7paYH8RQVErZv3DNbDGHqK0mHVpT2siWe6OQ9dI3JwjKRaD59rNQ8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tOTkzODU2NTgyMjAzNDY4MIAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g%26sig%3DAOD64_2SJJnOk3TlLJZyhOvZ7mmfWkwMlw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CBUoRSY4W3DKUg8HTru_ZFbHcsGTkbCuhfsJ-Gf6Yq2Y-5bgWn4rCJQZs9VMbRa7zcGQ22oZCQeMSHH_LqOBUJ3wLackIwH7_8hXQ7U5sSvQ9ulKQRjl_AoeZ1jnr_oX9W_VuPW4E0OIxSvirHfNb57KE8nw%26cry%3D1%26dbm_d%3DAKAmf-DYNuD88jcOhSR0kjngTTcloYxQheKZfCmhNEwEyewIHhz5J52MLlQpdRhgZJ24TsqFJblxUrVMnpiaf8mtqwqsHSriJIC0cVIFRru2m4RAcYjw8GsQK1lD5bR9OexjHVqdKFhvJZd85Tn7PSmQyhy5HiZMpdC9mbVqalMAIz17UWMWxhOlHZJJkW_XKyhrBa_Ff8AnHKhLPIj93mwANsG202bQ_DogiikUk45qULIb7moBUKveXKCArKgslv_NRuBOLhQ28mDieKopSsh_6r_IZGThkwmqXdLkf4cPezO29Ry5mAns4zoP9UgVX95PX2Dg6unHWn6CnONmuNXqraQeGb6hC5dsLp5l_kBHla-ycvSzTb7kZ-NDMTLpfn0oXzd0HiPs7FYzjkVTkF8feSPY94kGHQR1dN0TJIaq2sh6jCUrqTKnCpKbd_0O6dlPqJ-ZAFwvukItim0bXounP8d3YudZnrcs6Q9Ak0u4gIdngyGKOkVxZxRJP7Ai-Aam2Yt-Rou9ZgvWFiqz22lmhYqrYyTvDTTgM362WqR9vGfki8nA8QbFJM_taDwuH0mg8a_enV13_C9pXbLWUipjDH0KoqbnL9eDvwLahNKPqVBZypUatOdoDKOFPkq9mkura67QLg0t%26adurl%3D&documentReferer=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.hawtcelebs.com&random=1631178079905&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal90002.redintelligence.net/request.php?zone=xhwrmj44o767&nw=20&renderingType=javascript&namespace=94d1c6f0ef&subid=&uid=a66399ec8c9c8825&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=980x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNTQ3nzcWY6mnN6mxgAeSsozYD7XN-YNXvNu5q-UM8C4QASCVm8ohYJXKkYKgB8gBCakCO4LHDD-ksD6oAwGqBPcBT9DNUaFsZoyFcwor6BXIeV_bfSuxMOSDUHOQMIjw8aX5us5iEHhI9WEZC0LJFh4EY4p7gURTNq90q6_Q0KB8hwdz5fzquWtkJzW_taBBTPUSF9IBqhxSkn9Mxm_txmYmLXlJZlw2SOWBuDnIYl-PTkIkv24JkwAuwyjwxbpLAjlOReJ8b1TZ4GGbwDZqQRBNcdiqP2iK_T851__KQgFyhYAO0X2qgOYcWEjLjwp_UvYdf5qI7GBkUWNd2rZUmJIdb19Ul4QJ-N5tj7WZx3A7O7paYH8RQVErZv3DNbDGHqK0mHVpT2siWe6OQ9dI3JwjKRaD59rNQ8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tOTkzODU2NTgyMjAzNDY4MIAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g%26sig%3DAOD64_2SJJnOk3TlLJZyhOvZ7mmfWkwMlw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CBUoRSY4W3DKUg8HTru_ZFbHcsGTkbCuhfsJ-Gf6Yq2Y-5bgWn4rCJQZs9VMbRa7zcGQ22oZCQeMSHH_LqOBUJ3wLackIwH7_8hXQ7U5sSvQ9ulKQRjl_AoeZ1jnr_oX9W_VuPW4E0OIxSvirHfNb57KE8nw%26cry%3D1%26dbm_d%3DAKAmf-DYNuD88jcOhSR0kjngTTcloYxQheKZfCmhNEwEyewIHhz5J52MLlQpdRhgZJ24TsqFJblxUrVMnpiaf8mtqwqsHSriJIC0cVIFRru2m4RAcYjw8GsQK1lD5bR9OexjHVqdKFhvJZd85Tn7PSmQyhy5HiZMpdC9mbVqalMAIz17UWMWxhOlHZJJkW_XKyhrBa_Ff8AnHKhLPIj93mwANsG202bQ_DogiikUk45qULIb7moBUKveXKCArKgslv_NRuBOLhQ28mDieKopSsh_6r_IZGThkwmqXdLkf4cPezO29Ry5mAns4zoP9UgVX95PX2Dg6unHWn6CnONmuNXqraQeGb6hC5dsLp5l_kBHla-ycvSzTb7kZ-NDMTLpfn0oXzd0HiPs7FYzjkVTkF8feSPY94kGHQR1dN0TJIaq2sh6jCUrqTKnCpKbd_0O6dlPqJ-ZAFwvukItim0bXounP8d3YudZnrcs6Q9Ak0u4gIdngyGKOkVxZxRJP7Ai-Aam2Yt-Rou9ZgvWFiqz22lmhYqrYyTvDTTgM362WqR9vGfki8nA8QbFJM_taDwuH0mg8a_enV13_C9pXbLWUipjDH0KoqbnL9eDvwLahNKPqVBZypUatOdoDKOFPkq9mkura67QLg0t%26adurl%3D&documentReferer=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.hawtcelebs.com&random=1631178079905&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 204
  • https://fw.adsafeprotected.com/rfw/st/747557/55375942/skeleton.js?adsafe_url=https%3A%2F%2Fwww.hawtcelebs.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:41a422a5-cf3e-e596-caf8-963a01ab86d2,c:nmC6L2,sl:na,em:true,fr:false,thd:1,mn:jsserver-experiment-primary-7db66464c7-wwwkl,rg:ie,pt:1-5-15,mu:10000,br:c,an:n,oam:0,mtim:198,mot:0,app:0,maw:0,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15*.747557-55375942%7C151%7C1521%7C16%7C171,idMap:15*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:217,oid:aa9b5aaa-2d43-11ed-ba5f-e2bbb4fde3db,v:19.8.346,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/skeleton.js
Request Chain 209
  • https://cm.g.doubleclick.net/pixel?google_nid=turn_dmp&google_cm HTTP 302
  • https://d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/?mpuid=CAESEKgbcBaDpP1KoF7syjQhQPQ&google_cver=1
Request Chain 210
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELuyIHG8n7H_nO2kAFsLzoU&google_cver=1
Request Chain 211
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxY3oOwda2xciwnHsx5sKwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELuyIHG8n7H_nO2kAFsLzoU&google_cver=1
Request Chain 212
  • https://fw.adsafeprotected.com/rfw/bgd/266706/51196687/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPoAOEfWSQRb1FS8g5QshTSMp-Glay2oFYHNqniZ0AC8Gok_db-ZH6z-zY1fnkdWkALY0Yqq2qvEzsN08i9mhq5cezI2yo6sX02rES-RMAoCZ_4PFyrcROs2mnLxbbfLlxl5dzpijP1T7DqlQVD3Wn6uD6n6kz4PPZnCk4ttEyFUSfrT1-HRFfzTiIjWAN_BRL_sFDpoUibHp1fSUYD4UTyR3ezd0iOuM_emesnde2D6ol3E58gxXZRNaLRrQGGkLkH3ClqZ9Gsc7L_sfj1yU9FTQJnTY4Qm_XMDcHQQ35hQ1_7B1u--vdtfHwClAaDzgZjXVolr2aKDA_4HNK9sOXcFaum5D2xlGt8wpMOdqPz7LT7QX6n-1wiemGwjkJ1g1DjSoYOT6BJaS9rnF-vxB5QLbqn8PAxizjb0byjkLE80m16Jbpvoy1rovD7RkPehwyNP_jEgicD9vxUO_bzGUGCmBy8reJEK8qqz12xNB4gQwtx3ceYvVY-fydR7GCVdLMVu0r4F2uk2guiqab7xANaOf1A5FSDieqkeLcC9AtdoTC3RbWOywy8PBacU_CaOEo4XZ5puvapW-1vQZHSHIPqcuXxszJ_y-ZcJP9REFEOTzrDhPXSfSpv73EQVw9pFnwKRMroNPwUSSzJgMXU2CNoqf-ArEDyqy9M0KOpoCrZgO_9fu3z4yx-QF-e_66xkTkykbTHjQJ3ONAIuyHmqrLajj-QYH-OICYshQIvUpzE-1l5JpYYQUJb6jyJC9PggAjZ2ObL8GwrUoP95mJfwBI19dmyOOZlAnmnG5v_0gfyrMNFcOSgyWBbpOtWKkM1meAYe8UdPm1Hi89earDGKKiJ7ZFzSIMwvSEt2vF9pskMIRAwUv9itVQCJwHYNenYECnh96t5b2KN3rFSbWTV0nb5RPiD4LpV3WudCLQiu_DfsT2JhzsH33OQR58Ef9hnc-il127ln0-C4XpMmu1BtsGNi-Jas8gxODoLngZ5lTQBC9d3uin5kVpgUx-dj4O7idZsh9TnwPmTwza1euHNY1XJ6mkNcx9Aks-vMGNp4Nw2i-rbOHfpjTict1O3mtGulkhwOHIpxXVoUKrhCLjGGDLrMTDd3AnI5G9AgIgPzm2cCjdaEGV0PwAg2PYg41eVQMMF3bn107EYlA-epZcQEssKXYjrtCrHf7Qb4uL8gNzzz2-vebW6k2G9MMSP_Hi9BRJn-i07i_Edc7yamhs6JPc2fdBbahQ2M5YV5GuvdjccCMLSk9NAbD2kApQUWOZPgVukXkCYssqqeMZcKwAeVntKEnxIRuEdycaa2lL9mhHL1_ABi8SF-xaVZrS3gbN0RDy5Z-J6JzLeYsbXlaxiRBQD5elWL7s3x1l6i9Dy9ytV-s6j9M61Flbs3W4HKItUskbiag_dK8oBxcOPhR3V4ye5qjTPyRqwGUGmDjd4eXz5uASUBTadBXgnc2L42mcuGxM-0KUX-VJiUF46cKdtwSdPjHQoxP4r70uEViyaQ2OMd3cgZUdGTAdixIf8IKobAOjbOO34Qi1RUGeQiKKACutnnOX0cYCdEnpiRxLeHUOOUVFif-9C8DfNVee3IpE7X8hldZVchkBHE0j3BpJfjm3vBD3r0uYEJCvpiXu2k1OJRCSFrX312lGPEvUpLF98ZyjHuq6WIIb6kMzTQuai_78BZajdhwQoHd9Tl1uNTzIlKRup_7eAV_oLeuGy7XjcvfJFfu3h2O20y68bMpiN4cBPEKxLOt9JS8mrERuakI--DTLtkkFPNBoPtz0rhvgC1ArIBFSZBdTusZubUM2VkaZS5beo-e6ZyHdhUGqu4071_eYbc_TxCYxnxESGH86EQA_SXvoGts97bRaUKnQxxQ3fQmQ7P3UwORKGybz48R9MQo90yAyjziCfN9l0nCwjyDfJE9jY0ldJX-ckUikkkfQZKA3MYdrjHnmSQSyRn_tdG7YhmQZR0aPrKQTlqU5C3aHeFICo9LlyZcFGncTPW1AESrWIEPtPQ7PciHtJRsIJNFrrtI36galk57Kzdku-pmLoJNYCvRZok09TvjcUCO--mr2WxwJGJWnwP-umGMEx-881jLeLG_O0Qi7MDk5AIkI62LVdV5BsJsvpxZbqIjoa25380kqHclc_nI5VXrlEslQplKDyaNDL4oquGo-CH05sHAttN1mQ143f8s_ofa7-f6wMSSsaJIFCyYeH59k62jluugJDj9BNpv6WUDjaQ1IkYM7YZqrDS22m5s3D9HxMwKatMYtVVcPwO-gnx9vkxY63K3sPCAURSAT_SNSeJJJHQ9k1JGo4PtB7y9_wZZWNcNBXTPXriW5vi-zq-RipPRXDAYnHLifiQT-AGyC_pxm8iJaWL0FQYxp6YHGM7ob20tU7whB8SBfWo3wkeUhMxcoeUXtHdazoHQzyFGzhl30tcs6LOFr3jLrsdAlC2uy8YWVAFPNd4IVjjpjMABAOGHyfTZ8FIILCWMiKHkTIIirzg0Px8cmMDUc-SpDMlxnDXZht2SwVEwtRXE1hBa0_u818YWcBgRbWr6uQx5q9fIOhx7S9okDGp0Hk7icVMkgVGbgZn8vycnHicHgUroxKEOMi_L6JcZ8BSe8LQNl7kV1zbr5pEUDzKN3DIKTEQ4fkjIhXxWq0BSRwpaW2UObpaKDHgLcEuXr10t7roCwQs_7wV2Ntz-1WRweD1zDdTIwkMJi-_QIilTD095UHrujAHnh97BJIbfe7hiYB4ix8EnjKVunw-xtu64-4bYbr0uXzjlwfLMqCa3H53RLoFpKiPOvZl6FnwwnaLjlof1N9pubOZAar2Dc9tJ7vdOWUhLYUJ4qPMRvUZ63puguD-1ik63rOyT1QX-bJxQ2Wjx3ItAaNkhZMLtdI0QjER2GDBkNoKbWfN4JWSSbfnyeNAJpp9tKRbD5dRc4RjwDI1PrJ5AHdn3IPv0HuBoRsuwdvZLmpAip1yqpxczR6rT4sSCt52-Aur4WnbiXk4p3IzVJw-i1YKcXpcikxYSBG_SjS_zPkSqGM47d6rk8DZD7HCjAOVSAQqCyLliPf_OAOz9_7fFLyF2RCHBn1Omszypkokk2E-6l7y0q_VdF9vHrRBcZFLa5VHT6Kz7AD2ZwC-dMpZehKvU4Y7rOt_MnbpswUT-_WU9dFXR91vPnNCJntHHrDqv8tkBMcx9AWQCtkEEfetqD1tvdSKYG6jUYYKwRfz1EFQcnKBv1qCkzkYLaiGtIBDS0MVYP5qzibGIhiFE_Yv0OnFEpPMpP-eyVFRiq4lTTVhS9aUKC2s0xWyvvq3jv0NTZLtsE44F0Ns3lHAU6Koz7Bn8TMl2pDAIOvbG-ziR8ddZQZZ7eozt4srRXnrwzb3YC5gVdGAwwWaC2gSdcB6KimZ1t2f_rIjpMbzVfh_CQccxMkYcawuKy02mjnkHyAYCY7-dhaa4z_3RIwumPFzxyCL0ZGFFbCSxBPYM8JWsASUTdAtmT5WeNUToY0uhGQU8IInS9uxEaKQgAEiXkaINwNPmrn__LxcCkCONoq9w312OkGFJcfKjNu1IXMYRlFV0KYAE&cry=1&adsafe_url=https%3A%2F%2Fwww.hawtcelebs.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:25860387-9ce7-c6ec-2a96-56ce88f843cc,c:nmC6MA,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-b5678d7-4b7lh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:23,oid:aabf362c-2d43-11ed-9feb-6ac3184d5c1c,v:19.8.346,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPoAOEfWSQRb1FS8g5QshTSMp-Glay2oFYHNqniZ0AC8Gok_db-ZH6z-zY1fnkdWkALY0Yqq2qvEzsN08i9mhq5cezI2yo6sX02rES-RMAoCZ_4PFyrcROs2mnLxbbfLlxl5dzpijP1T7DqlQVD3Wn6uD6n6kz4PPZnCk4ttEyFUSfrT1-HRFfzTiIjWAN_BRL_sFDpoUibHp1fSUYD4UTyR3ezd0iOuM_emesnde2D6ol3E58gxXZRNaLRrQGGkLkH3ClqZ9Gsc7L_sfj1yU9FTQJnTY4Qm_XMDcHQQ35hQ1_7B1u--vdtfHwClAaDzgZjXVolr2aKDA_4HNK9sOXcFaum5D2xlGt8wpMOdqPz7LT7QX6n-1wiemGwjkJ1g1DjSoYOT6BJaS9rnF-vxB5QLbqn8PAxizjb0byjkLE80m16Jbpvoy1rovD7RkPehwyNP_jEgicD9vxUO_bzGUGCmBy8reJEK8qqz12xNB4gQwtx3ceYvVY-fydR7GCVdLMVu0r4F2uk2guiqab7xANaOf1A5FSDieqkeLcC9AtdoTC3RbWOywy8PBacU_CaOEo4XZ5puvapW-1vQZHSHIPqcuXxszJ_y-ZcJP9REFEOTzrDhPXSfSpv73EQVw9pFnwKRMroNPwUSSzJgMXU2CNoqf-ArEDyqy9M0KOpoCrZgO_9fu3z4yx-QF-e_66xkTkykbTHjQJ3ONAIuyHmqrLajj-QYH-OICYshQIvUpzE-1l5JpYYQUJb6jyJC9PggAjZ2ObL8GwrUoP95mJfwBI19dmyOOZlAnmnG5v_0gfyrMNFcOSgyWBbpOtWKkM1meAYe8UdPm1Hi89earDGKKiJ7ZFzSIMwvSEt2vF9pskMIRAwUv9itVQCJwHYNenYECnh96t5b2KN3rFSbWTV0nb5RPiD4LpV3WudCLQiu_DfsT2JhzsH33OQR58Ef9hnc-il127ln0-C4XpMmu1BtsGNi-Jas8gxODoLngZ5lTQBC9d3uin5kVpgUx-dj4O7idZsh9TnwPmTwza1euHNY1XJ6mkNcx9Aks-vMGNp4Nw2i-rbOHfpjTict1O3mtGulkhwOHIpxXVoUKrhCLjGGDLrMTDd3AnI5G9AgIgPzm2cCjdaEGV0PwAg2PYg41eVQMMF3bn107EYlA-epZcQEssKXYjrtCrHf7Qb4uL8gNzzz2-vebW6k2G9MMSP_Hi9BRJn-i07i_Edc7yamhs6JPc2fdBbahQ2M5YV5GuvdjccCMLSk9NAbD2kApQUWOZPgVukXkCYssqqeMZcKwAeVntKEnxIRuEdycaa2lL9mhHL1_ABi8SF-xaVZrS3gbN0RDy5Z-J6JzLeYsbXlaxiRBQD5elWL7s3x1l6i9Dy9ytV-s6j9M61Flbs3W4HKItUskbiag_dK8oBxcOPhR3V4ye5qjTPyRqwGUGmDjd4eXz5uASUBTadBXgnc2L42mcuGxM-0KUX-VJiUF46cKdtwSdPjHQoxP4r70uEViyaQ2OMd3cgZUdGTAdixIf8IKobAOjbOO34Qi1RUGeQiKKACutnnOX0cYCdEnpiRxLeHUOOUVFif-9C8DfNVee3IpE7X8hldZVchkBHE0j3BpJfjm3vBD3r0uYEJCvpiXu2k1OJRCSFrX312lGPEvUpLF98ZyjHuq6WIIb6kMzTQuai_78BZajdhwQoHd9Tl1uNTzIlKRup_7eAV_oLeuGy7XjcvfJFfu3h2O20y68bMpiN4cBPEKxLOt9JS8mrERuakI--DTLtkkFPNBoPtz0rhvgC1ArIBFSZBdTusZubUM2VkaZS5beo-e6ZyHdhUGqu4071_eYbc_TxCYxnxESGH86EQA_SXvoGts97bRaUKnQxxQ3fQmQ7P3UwORKGybz48R9MQo90yAyjziCfN9l0nCwjyDfJE9jY0ldJX-ckUikkkfQZKA3MYdrjHnmSQSyRn_tdG7YhmQZR0aPrKQTlqU5C3aHeFICo9LlyZcFGncTPW1AESrWIEPtPQ7PciHtJRsIJNFrrtI36galk57Kzdku-pmLoJNYCvRZok09TvjcUCO--mr2WxwJGJWnwP-umGMEx-881jLeLG_O0Qi7MDk5AIkI62LVdV5BsJsvpxZbqIjoa25380kqHclc_nI5VXrlEslQplKDyaNDL4oquGo-CH05sHAttN1mQ143f8s_ofa7-f6wMSSsaJIFCyYeH59k62jluugJDj9BNpv6WUDjaQ1IkYM7YZqrDS22m5s3D9HxMwKatMYtVVcPwO-gnx9vkxY63K3sPCAURSAT_SNSeJJJHQ9k1JGo4PtB7y9_wZZWNcNBXTPXriW5vi-zq-RipPRXDAYnHLifiQT-AGyC_pxm8iJaWL0FQYxp6YHGM7ob20tU7whB8SBfWo3wkeUhMxcoeUXtHdazoHQzyFGzhl30tcs6LOFr3jLrsdAlC2uy8YWVAFPNd4IVjjpjMABAOGHyfTZ8FIILCWMiKHkTIIirzg0Px8cmMDUc-SpDMlxnDXZht2SwVEwtRXE1hBa0_u818YWcBgRbWr6uQx5q9fIOhx7S9okDGp0Hk7icVMkgVGbgZn8vycnHicHgUroxKEOMi_L6JcZ8BSe8LQNl7kV1zbr5pEUDzKN3DIKTEQ4fkjIhXxWq0BSRwpaW2UObpaKDHgLcEuXr10t7roCwQs_7wV2Ntz-1WRweD1zDdTIwkMJi-_QIilTD095UHrujAHnh97BJIbfe7hiYB4ix8EnjKVunw-xtu64-4bYbr0uXzjlwfLMqCa3H53RLoFpKiPOvZl6FnwwnaLjlof1N9pubOZAar2Dc9tJ7vdOWUhLYUJ4qPMRvUZ63puguD-1ik63rOyT1QX-bJxQ2Wjx3ItAaNkhZMLtdI0QjER2GDBkNoKbWfN4JWSSbfnyeNAJpp9tKRbD5dRc4RjwDI1PrJ5AHdn3IPv0HuBoRsuwdvZLmpAip1yqpxczR6rT4sSCt52-Aur4WnbiXk4p3IzVJw-i1YKcXpcikxYSBG_SjS_zPkSqGM47d6rk8DZD7HCjAOVSAQqCyLliPf_OAOz9_7fFLyF2RCHBn1Omszypkokk2E-6l7y0q_VdF9vHrRBcZFLa5VHT6Kz7AD2ZwC-dMpZehKvU4Y7rOt_MnbpswUT-_WU9dFXR91vPnNCJntHHrDqv8tkBMcx9AWQCtkEEfetqD1tvdSKYG6jUYYKwRfz1EFQcnKBv1qCkzkYLaiGtIBDS0MVYP5qzibGIhiFE_Yv0OnFEpPMpP-eyVFRiq4lTTVhS9aUKC2s0xWyvvq3jv0NTZLtsE44F0Ns3lHAU6Koz7Bn8TMl2pDAIOvbG-ziR8ddZQZZ7eozt4srRXnrwzb3YC5gVdGAwwWaC2gSdcB6KimZ1t2f_rIjpMbzVfh_CQccxMkYcawuKy02mjnkHyAYCY7-dhaa4z_3RIwumPFzxyCL0ZGFFbCSxBPYM8JWsASUTdAtmT5WeNUToY0uhGQU8IInS9uxEaKQgAEiXkaINwNPmrn__LxcCkCONoq9w312OkGFJcfKjNu1IXMYRlFV0KYAE&cry=1
Request Chain 215
  • https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=78794700131074401084714012073002&t=htlp HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=78794700131074401084714012073002&actionid=981741&produktid=&dt_url=
Request Chain 216
  • https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=78794700131074401084714012073002&ra_cnt_active=1&ra_cnt=1 HTTP 302
  • https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1578472959
Request Chain 218
  • https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=78794700131074401084714012073002 HTTP 302
  • https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=78794700131074401084714012073002 HTTP 302
  • https://ad-server.eu/wm/pb/native.png
Request Chain 256
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBK5Un_ixY1Ues2gFNxZ_hY&google_cver=1&google_push=AehlK4BlRC3kJ4QDNwftADAUdoq7h2aiJRWmtGAgxhTSm5mCfO02oEpXYLQk5RDdaJbHY5sQuMC3XlCYpT1cQkDcy7-2wQ2y5g HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=OTEyMzQ5MDUwOTE0MjAyMjcyNg==&gdpr=&gdpr_consent= HTTP 302
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBK5Un_ixY1Ues2gFNxZ_hY&google_cver=1
Request Chain 258
  • https://um.simpli.fi/gp_match?google_gid=CAESEIcX5iS83gRMf-_y0R6QzzE&google_cver=1&google_push=AehlK4AL56_RsjbBOFI3QPnkUSmN-yeQV8Z7Vn-NY_973AB0SxdpajRVMgA3YFUmX2qE7IOF_3UclL0VWhUQCqbmwMSFnDPlXVM HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5D9933849A804BA5AAB6492B629A2880&google_push=AehlK4AL56_RsjbBOFI3QPnkUSmN-yeQV8Z7Vn-NY_973AB0SxdpajRVMgA3YFUmX2qE7IOF_3UclL0VWhUQCqbmwMSFnDPlXVM
Request Chain 259
  • https://ads.yieldmo.com/exptsync?google_gid=CAESEISw_C7TK7orspKMwQW7GY8&google_cver=1&google_push=AehlK4Ax1goZsNZOaTeHtdHxo_Mf7Es0jUp8MlPxsASD793TcVo9dtkZIfZ1SEefc2z3A_m1pLnFohsq94aZuGYSizQhhVPpgrE HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AehlK4Ax1goZsNZOaTeHtdHxo_Mf7Es0jUp8MlPxsASD793TcVo9dtkZIfZ1SEefc2z3A_m1pLnFohsq94aZuGYSizQhhVPpgrE&google_hm=ZzRmMTJmYWRlYThjNGQ5ZWUzNzY=
Request Chain 262
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEHS_dmz2JkYF92pkPd9zIw8&google_cver=1&google_push=AehlK4Cekq608RvqsGXjEz7XLQJDWnSrVhL29N9-JzbtxazFSouYOzjI_WOIrY1fROps6r5RSur7_FF9ufz7fMyKGIZlHFy3TY2W HTTP 302
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEHS_dmz2JkYF92pkPd9zIw8&google_push=AehlK4Cekq608RvqsGXjEz7XLQJDWnSrVhL29N9-JzbtxazFSouYOzjI_WOIrY1fROps6r5RSur7_FF9ufz7fMyKGIZlHFy3TY2W&s=2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AehlK4Cekq608RvqsGXjEz7XLQJDWnSrVhL29N9-JzbtxazFSouYOzjI_WOIrY1fROps6r5RSur7_FF9ufz7fMyKGIZlHFy3TY2W&google_hm=cjItS3VPMnFXQS1MTFRPenZQLXU= HTTP 302
  • https://b1sync.zemanta.com/usersync/googleadx/?google_error=5
Request Chain 347
  • https://media.vlitag.com/vid/?id=aOSRX0RXaas&t=y HTTP 302
  • https://redirector.googlevideo.com/videoplayback?expire=1662418848&ei=QCsWY5apE5GBkgbrwq6gDQ&ip=184.164.141.146&id=o-AHRWBYn6oK3uOJEhzcIifR3DigPimH90ZsZuEDlr016A&itag=134&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=3a&mm=31%2C26&mn=sn-5hneknes%2Csn-5goeenez&ms=au%2Conr&mv=u&mvi=3&pl=23&vprv=1&mime=video%2Fmp4&ns=5wnH4RtFQOvgqu3Rdfcb5_MH&gir=yes&clen=10427993&otfp=1&dur=207.340&lmt=1600678288117961&mt=1662396685&fvip=5&keepalive=yes&fexp=24001373%2C24007246&c=WEB&rbqsm=fr&n=9eX46HM8bAvQda6&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRAIgFivQbyWI-95lSHYxm1T-RzdZICZCMfQKOu4I_BnvxsgCICOGQUmuiSFzwyQQB-1HOaaECUheEZZmhChtsztVRx8B&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRgIhAPPt6peAUmfFUp0G0Rqkq2_fwxY_wGpV7qLdrMsFkUFvAiEA9-uYl7VIdCy38xpRlrJhUIXtj67QEZH37ZjThcU7FZQ%3D HTTP 302
  • https://r3---sn-4g5lznez.googlevideo.com/videoplayback?expire=1662418848&ei=QCsWY5apE5GBkgbrwq6gDQ&ip=184.164.141.146&id=o-AHRWBYn6oK3uOJEhzcIifR3DigPimH90ZsZuEDlr016A&itag=134&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=5wnH4RtFQOvgqu3Rdfcb5_MH&gir=yes&clen=10427993&otfp=1&dur=207.340&lmt=1600678288117961&keepalive=yes&fexp=24001373%2C24007246&c=WEB&rbqsm=fr&n=9eX46HM8bAvQda6&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRAIgFivQbyWI-95lSHYxm1T-RzdZICZCMfQKOu4I_BnvxsgCICOGQUmuiSFzwyQQB-1HOaaECUheEZZmhChtsztVRx8B&cms_redirect=yes&mh=3a&mip=2001:1b60:1010:2:1012:fe7:53ba:ee61&mm=31&mn=sn-4g5lznez&ms=au&mt=1662400165&mv=m&mvi=3&pl=29&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAL4q3XewwcP2cXquwnApg4eaWByTnuCWn1DA4oeByUBrAiB9BPW4OJE9BJRThya5U-O7AGTOhUpREICxlhMdCp5hGw%3D%3D
Request Chain 393
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.hawtcelebs.com%2F&domain=www.hawtcelebs.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=AEAUv3x4aWtFQXRpTWVzaGVyNDVNRC9HeGhHMlhNQzgzbUREaU9rTXZhNW9CZlp5SHROK2V3aXh0d2U1ZTVCVFBoQzN6TXJaUk9Gd2QxY0FKYmJwSS8ybUhZTW54R2J5UEQyMjVJOTZEZHd6YjgwTHczbTZpSWJqSThRT2ozZUM4M3FTN0ljQWZjdGIwY1ZranRmLy9KekxucWwrREgxYW5aWFFwekJ0ak1ocGZDR2xUZ0lGVlJTZEVqR3ExWlJvQ2VDUVVyQ29ta3hyaHY3MTV2R3dsa0Z2R21sUlB1ZlVKMjdyOTYwd3huaU1sY0JUYmF3NmYyMUZRWk9UenlOMXRCeVFxfA&cppv=2

393 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Redirect Chain
  • https://u12097671.ct.sendgrid.net/ls/click?upn=4PC2wo0fWhUBQdJDPL-2Fxerma-2FiNLXrBX17zncJLRZJMQl1lhzVepM9KfwXbLwzG-2FafPMcTGQrJ5rEf8ghachaQ-3D-3DIZOb_vab-2BQUqbE5KA1x32hdOJqkXuLngSFWu9m7eUduXhvjYoQ...
  • http://app2.cision.com/redir?s=8600002772484388
  • https://app2.cision.com/redir?s=8600002772484388
  • https://ct.moreover.com/?a=48574602403&p=8vr&v=1&x=lQP2e3qTCeLBo7yWdOV7fg
  • https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
35 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5829d82ed988f4e49c6abc7a4d9cd803567c81ab1f1a20f5a0b9d19778a61f8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7460d3413be1bb91-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 05 Sep 2022 17:53:35 GMT
link
<https://www.hawtcelebs.com/wp-json/>; rel="https://api.w.org/" <https://www.hawtcelebs.com/wp-json/wp/v2/posts/5315417>; rel="alternate"; type="application/json" <https://www.hawtcelebs.com/?p=5315417>; rel=shortlink
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWVy3hgr43gKnaIxsvhtUnRScmpRJ%2FS5D%2BtNpwqUoZkUuys7CGjGtyy6xMZ2o5gQjOKRKyX38AXE1xmdGdRSx9xzLONtmlpzcb48DCcpb5Ci6Y9ZkEBNO7wCd%2BFFhtpc4EFgUPVHog9DtKE10D4yNDM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-pingback
https://www.hawtcelebs.com/xmlrpc.php

Redirect headers

Connection
close
Content-Length
0
Location
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
style.css
www.hawtcelebs.com/wp-content/themes/hawtceleb/ 		15 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hawtcelebs.com/wp-content/themes/hawtceleb/style.css?ver=6.0.2
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af0d6570462dee3c3937e8694b2ee98ea78313219976105080e94680c29769ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
476308
cf-polished
status=cannot_optimize
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 26 Aug 2019 09:10:58 GMT
server
cloudflare
etag
W/"5d63a222-3db1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GF6BYZbu%2F5v3%2FpMtkOgEmO2Aw%2BLLNcuZDt6ndVz1LoRf7mrLwOAKJujvtAgFETq9UIfv5H6YDodrpi3pzCT9a8MAW5zAZ%2FcG9OZMWgT9e6lPrfYgvIRM%2FJbzB8FHXifaYQymYoTw8A2KBTSrkntZd7A%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
7460d343787abb91-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
css
fonts.googleapis.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat%3A400%2C400i%2C700%2C700i&ver=6.0.2
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
56392a97bf35956d4a099fbf3c764a01ee1f2cf2e070a0d8aacf458dbecca0a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 17:19:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 05 Sep 2022 17:53:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 05 Sep 2022 17:53:35 GMT
dd-multi-col-cats.css
www.hawtcelebs.com/wp-content/themes/hawtceleb/ 		238 B
484 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hawtcelebs.com/wp-content/themes/hawtceleb/dd-multi-col-cats.css
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a40dcd59c23d9ed6f0fbaeefeb57c78543b487ad93c49f5f74b89dd85b0ea278

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6427786
cf-polished
origSize=313
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 10 Jun 2019 10:27:20 GMT
server
cloudflare
etag
W/"5cfe3088-139"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XCnecBXuv7a9fm7W5PxArop790NSVN8s56p7hgRLacoQsyDK41OZwEWtvmxv3YTep2rLn0WpLwiDFXUVz7DyXptprOJJk7Z%2FPUZhY4jc64GUQ3nyuk2mYgekCDSwz%2BUNE624jgzt9sUJ3HO2DAk2Hu8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
7460d3437881bb91-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
up.js
live.demand.supply/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/up.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
414540643fb9606b8d3b0a573a20742eaf9749f98a0d78bbd5709f63f5f54353

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01GBSZ6N2ST6RPGQV44RPB4FF6
date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
age
953
cf-polished
origSize=3869
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
cf-bgj
minify
server
cloudflare
etag
W/"b90fa8fd6fa4777d8531139c1a3d65a0-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray
7460d343dbb79180-FRA
link
<https://live.demand.supply/impl.v16.0.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v14-3-0/d3d3Lmhhd3RjZWxlYnMuY29tLw==>; rel=preload; as=script
img.fetch
udmserve.net/udm/ 		29 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
68.71.249.118 Toronto, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software
/
Resource Hash
35f59a300caf8b1f096bb1a57ed1f3ae65ed934d161be08e2141d46a350c1f17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 17:53:35 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3p
NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Content-Type
application/x-javascript
Expires
0
lori-harvey-arrives-at-kylie-s-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022-2_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/08/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hawtcelebs.com/wp-content/uploads/2022/08/lori-harvey-arrives-at-kylie-s-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022-2_thumbnail.jpg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b108b811d4d1cafaa6240bd1ededc57abcbf44ee3b19506450ec59ae49450b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
MISS
last-modified
Thu, 25 Aug 2022 12:40:29 GMT
server
cloudflare
etag
"63076dbd-122a2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gi6Ozouz8hVyftJEsmVDKKQscXYixxRVQNTP2qA%2FjhvB6gwcdrLXgPmiEdufGsf0V4MHpu3wOulXXp6P6DnH13V3fZz93jqCdaRbXfWgy3DCcWtEX9kgQSw2sl70yhMSkBjV653KHpRcxCZmNpA6qc0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d343bf216904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
74402
expires
Thu, 31 Dec 2037 23:55:55 GMT
lori-harvey-arrives-at-kylie-s-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022-0_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/08/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hawtcelebs.com/wp-content/uploads/2022/08/lori-harvey-arrives-at-kylie-s-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022-0_thumbnail.jpg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66847cea31d0d63ee5f3f9f2a55f6f97e7e6114c1f69656575cb1be343f7e60f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
MISS
last-modified
Thu, 25 Aug 2022 12:40:26 GMT
server
cloudflare
etag
"63076dba-24fd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXq2cw%2BVBON8ME%2FF5D92oSSxC2Vb%2Fg%2Fa2B9%2BSoG04rG%2FL73OXlkkP7DeEks0BGqqUHnKb%2F5O9cz2Rqbe5ptEyK%2FW4xX1vg8w7QS%2BN4KAXi9eXuc3lwlfEDPg9GNNJVrPEaUt2fBHEqHlm1OKR2GP%2FXI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d343bf246904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9469
expires
Thu, 31 Dec 2037 23:55:55 GMT
lori-harvey-arrives-at-kylie-s-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022-1_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/08/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hawtcelebs.com/wp-content/uploads/2022/08/lori-harvey-arrives-at-kylie-s-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022-1_thumbnail.jpg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0971cbfbc807c2cd835cb3604db9d3e391967543fac606e7cb422a484f6c4ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
MISS
last-modified
Thu, 25 Aug 2022 12:40:28 GMT
server
cloudflare
etag
"63076dbc-218a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kg3WsgRocpn7PFYgkWYZkasQdAM%2FhfCbDYr6VoRVeExdiGcXBHaNGZrWLi7oJ9aRS339BmUS2RuyEwjLvAar1sfcl5Czc3ikpUUGga2Gu%2FxPEM9TCzzOzXwgSmbdpOZcZ4WmRERz5x7jAYo1OXD5tps%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d343bf266904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8586
expires
Thu, 31 Dec 2037 23:55:55 GMT
rocket-loader.min.js
www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 31 Aug 2022 13:16:51 GMT
server
cloudflare
etag
W/"630f5f43-302c"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qvLZbV%2B5cVWDWKUHzM4qPLLlie707qskZJAqGo5jtYkfqDVpNJ8kwRvVQdLIOmH0pA9V4zBTdl3uiTtjrZdCeU8lYZ0TvhIdljlUa%2BAA9XT4G1vdK22rSrBKwWcDc9V0kUzcBM2xJb2KmyBssZqdNYI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
7460d343bf286904-FRA
vary
Accept-Encoding
expires
Wed, 07 Sep 2022 17:53:35 GMT
akismet-frontend.js
www.hawtcelebs.com/wp-content/plugins/akismet/_inc/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hawtcelebs.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1658913600
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6efeb220d581a73a92a8ca58f187ddf0c0a0b835b34b89bce6dcd5e1b348465a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3486768
cf-polished
origSize=9166
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 27 Jul 2022 09:20:00 GMT
server
cloudflare
etag
W/"62e10340-23ce"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcPk7VqzCgWpJQMrTu4cUK5Egp9l9exF%2FCSkXNz5nvo31KHo7aMwOwIjYzOoseV%2Fm28tCOYhsJw9ABvVCPg2hU%2Fpb6DXHkH%2BhgMYb8N7swc%2BJ9hdyZXFd9DSp6iw%2FPrcz%2BVhHGoFqVKSiMI79aaIzZc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=315360000
cf-ray
7460d3440f826904-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
c.js
waust.at/ 		13 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://waust.at/c.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4739 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da89bf5cdeaed1c080057dff7314a4803b9a076bc851efbc032a7ff9cedb94cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 29 Aug 2022 18:12:33 GMT
server
cloudflare
age
2065
etag
W/"630d0191-329b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4lFp%2Bkg%2FJVvrZrBtU%2FYWflKadUhzY4ZsdRhJEN%2BKfmwxdBPjcOtsd7VXJzStiuDFyeHYupqyO7L9ROLxkAIJbOeOtjezSeFWIHBy7EjaqpCgDSRq4e23OUcIkz%2BzcK229JDRkCaV"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
7460d3445a819bf4-FRA
expires
Tue, 06 Sep 2022 17:19:10 GMT
widget_v3.js
cdn.whizzco.com/scripts/widget/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.whizzco.com/scripts/widget/widget_v3.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:3c4d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f31ed4edda66b286ae5e18c8a4e87d66bd6e87869a0ed339788cd5b97ba65c28

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
via
1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4451
x-cache
Hit from cloudfront
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 29 Jun 2022 11:01:29 GMT
server
cloudflare
etag
W/"25c382bb07747b1cf6e92ca18709afe2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUURmVBDdxes7dgHKwq0Cmpkc%2BKiBUCwolu4uMBOHjoRzgjagQauNZJS%2FPdrpzqixl5T3GpYE6122nyfGmgUcutsDzEd6v%2BtMNIugeMct4qknde0NlDeC2NBj5U0DRvZw9mmXB6%2BKYbW2oPMSzs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
x-amz-cf-pop
FRA56-P4
cf-ray
7460d3446fa79b2b-FRA
x-amz-cf-id
wYXvEc8A7KCeDZXt3uLCEBcHf8BoeI9Lnbma_Ce7FIC-5Q9RgnIvVg==
inpageLoader.js
bid.underdog.media/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bid.underdog.media/inpageLoader.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:e000:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
34a1720a3f19d793dbcf82fbe955fc906d26009b9f3a1fc461a31bf77d3c8c3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 19:17:21 GMT
via
1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
last-modified
Wed, 20 Apr 2022 17:18:58 GMT
server
AmazonS3
age
599786
etag
"0ab1ad1503ce27584475428c21ed7d47"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
2047
x-amz-cf-id
lpfv3wpXN6K9mFumXm62hXKKveZ5Qzg2t9RcOmJPEyPzkjyHRd9umQ==
/
services.vlitag.com/adv1/ 		528 KB
137 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9d7ebc7eb8a48fc8f79ca5df1513ceb47b59fbaf2b8a1054dffd375f0cdf1ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
server
cloudflare
age
229
etag
W/"036e05035cbef88431e89138f2969605 2022-08-26T05:51:47 v1 default"
x-robots-tag
noindex, nofollow, noarchive, nosnippet
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-polished
origSize=540799
cf-ray
7460d3445e3f6993-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
js
www.googletagmanager.com/gtag/ 		105 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-10995097-8
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
99cf5718b6a2e73ff40f480d226059477d841e0f94a098796fa7f21dea789c06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41857
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Sep 2022 17:53:35 GMT
jquery.js
www.hawtcelebs.com/wp-content/themes/hawtceleb/js/ 		95 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hawtcelebs.com/wp-content/themes/hawtceleb/js/jquery.js?ver=1.0.0
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
8847824
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 10 Jun 2019 11:28:48 GMT
server
cloudflare
etag
W/"5cfe3ef0-17a62"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bOzD0e6zVvH0AGEqqQ%2BJAyV9LRYTd%2B0%2Bz6O9GMJqqov2xvlS%2BjfWETVYhheFFLvgqzMf5ffVja%2FkyJjMIHxoXUU9II8ZsDljLKQpHNK8v%2FS1CFJSato93Qmot4BkhS%2BWApcG39hGmU3RDmAEqwkQPRs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=315360000
cf-ray
7460d3440f836904-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
icon.ttf
www.hawtcelebs.com/wp-content/themes/hawtceleb/fonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hawtcelebs.com/wp-content/themes/hawtceleb/fonts/icon.ttf?zf3xc5
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/wp-content/themes/hawtceleb/style.css?ver=6.0.2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bee4c3ddceefb6558b86e3d6bbe40326f6d67e1b0b535eb6949d570e7630d82d

Request headers

Referer
https://www.hawtcelebs.com/wp-content/themes/hawtceleb/style.css?ver=6.0.2
Origin
https://www.hawtcelebs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
HIT
last-modified
Mon, 10 Jun 2019 08:38:45 GMT
server
cloudflare
age
4662
etag
"5cfe1715-3790"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wNtP9ithlWYAdgMrfvU0wIpkYlq%2FbiInYjrEDMDG83oUwgmf25N5FDtIubvr9QgreCHvZMIw8UVjK8p9goSRs3NjyMe75EHqMcM%2FkOSotF%2FfHzwoxR0f%2B4FuOjWIz57xlcHfoKf34iZdOPak%2BTgTxZI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d3440f866904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
14224
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C400i%2C700%2C700i&ver=6.0.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hawtcelebs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Thu, 01 Sep 2022 03:24:20 GMT
x-content-type-options
nosniff
age
397755
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30928
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:57:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 01 Sep 2023 03:24:20 GMT
lori-harvey-arrives-at-morning-pilates-class-in-west-hollywood-09-02-2022-6_thumbnail-150x230.jpg
www.hawtcelebs.com/wp-content/uploads/2022/09/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hawtcelebs.com/wp-content/uploads/2022/09/lori-harvey-arrives-at-morning-pilates-class-in-west-hollywood-09-02-2022-6_thumbnail-150x230.jpg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c77d8c859b3571965ec6dde4c65e8f2bedee063ad273faa6a765c400ddaded4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
MISS
last-modified
Sat, 03 Sep 2022 09:47:49 GMT
server
cloudflare
etag
"631322c5-26a5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QOgKb%2BufRCMTqlxAaEQ%2FqYNGs8PEF8CrfCnQJzVLgtV6%2BXdUlHNTnBr2431KXzj599X8dU00t4n9IYIZWKUUvlOsbr7UW5fDU5FsR6sqKMttnuHK7IaDgPt539268IUwyYjwjhDhXIjBxT9c0in4rec%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d3442fcb6904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9893
expires
Thu, 31 Dec 2037 23:55:55 GMT
lori-harvey-at-kylie-jenners-kylie-cosmetics-launch-at-ulta-beauty-in-west-wood-08-24-2022-6_thumbnail-150x230.jpg
www.hawtcelebs.com/wp-content/uploads/2022/08/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hawtcelebs.com/wp-content/uploads/2022/08/lori-harvey-at-kylie-jenners-kylie-cosmetics-launch-at-ulta-beauty-in-west-wood-08-24-2022-6_thumbnail-150x230.jpg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82941f09999379977b48d89c9468cda36fa6d184ef24984243cf85123b38e0ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
198285
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7698
last-modified
Sun, 28 Aug 2022 17:23:35 GMT
server
cloudflare
etag
"630ba497-1e12"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hxuGBlv9rQ47AAEuUTib6Yuo5Zj1tTogjV7OglyYvORe7nlO7IXXzihWgGlQ%2FYgPF8LKhhL%2Fk64s9aOC0xz1V3JKNmd9B8B3Tl8KMh05QkB%2F6PuhSeOtPn4jCtQOrqUfHBtf11K3Y9yqWggqX47iErk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7460d3442fcf6904-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
lori-harvey-at-me-time-premiere-at-regency-village-theatre-in-los-angeles-08-23-2022-9_thumbnail-150x230.jpg
www.hawtcelebs.com/wp-content/uploads/2022/08/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hawtcelebs.com/wp-content/uploads/2022/08/lori-harvey-at-me-time-premiere-at-regency-village-theatre-in-los-angeles-08-23-2022-9_thumbnail-150x230.jpg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81c2b1963d021c340cf129b30355da4be319a1ae4ed4d7c6bf63a3c182c72517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
MISS
last-modified
Thu, 25 Aug 2022 09:59:17 GMT
server
cloudflare
etag
"630747f5-1c10"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Z32zWti0POCZ9cB3CpNaIvXZV5CiiJ%2BASJ4MpXL3pjYzzXUELeepaGH57ub79XuH2vY9QtRvOQMsW7bwHaOZGq%2BRB%2F4BIEMBL5I3hQnX%2BTAsv9L4xEupf5YFKkDKXVFTEPrQT8JvP1xurCE1z36DYg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d3442fd06904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7184
expires
Thu, 31 Dec 2037 23:55:55 GMT
pirelli-calendar-2023-love-letters-to-the-muse-14_thumbnail-150x240.jpg
www.hawtcelebs.com/wp-content/uploads/2022/08/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hawtcelebs.com/wp-content/uploads/2022/08/pirelli-calendar-2023-love-letters-to-the-muse-14_thumbnail-150x240.jpg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
723fbc6614369854aad3d28f4f27fa2f68c2fafbc100f5851bb1595669bdf2ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
MISS
last-modified
Thu, 25 Aug 2022 12:21:37 GMT
server
cloudflare
etag
"63076951-1c67"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BJKw1eljUZuoKV%2FUAHLr6P5VH21D1CMz0O%2Bubek9lg5f6isGYFgS%2F5kDyRuDLNahpJ6lgdByC7QzV0WIpXdqhBN1yotZ9suWOtchIrNIp3XS%2FSD828aUh7VMgtj5Wol7OJDcfn%2Fz16GD4OrvZHchbwY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d3442fd26904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7271
expires
Thu, 31 Dec 2037 23:55:55 GMT
fina-strazza-at-imdboat-at-2022-san-diego-comic-con-07-21-2022-5_thumbnail-150x240.jpg
www.hawtcelebs.com/wp-content/uploads/2022/08/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hawtcelebs.com/wp-content/uploads/2022/08/fina-strazza-at-imdboat-at-2022-san-diego-comic-con-07-21-2022-5_thumbnail-150x240.jpg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90ab895fd58766d043681385fe835c136d464d0740fb8ba7412ba5b6b624323f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
MISS
last-modified
Thu, 25 Aug 2022 16:02:54 GMT
server
cloudflare
etag
"63079d2e-2105"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xzwH4SnrwjlBCa8La9gzGKU6xY2pKa9yQg169Q1q%2B5PKezdLcUVj8zqBSH3cH9%2Fd14TiCRfGDmvNYzaGqFYstdp6X5YYOL38hdGROBuDb58PVUaZPOs%2FrQfPqzFImc0vjPzB6j4iR0PGAJ8F7QtKvU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d3442fd96904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8453
expires
Thu, 31 Dec 2037 23:55:55 GMT
impl.v16.0.0.js
live.demand.supply/ 		73 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/impl.v16.0.0.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8668645a9b609cadf436a4e11f1835110c3fd00475535f92df42e6000414b546

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01GBSZ6B9TSBY9M11EGBX4VJSV
date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
age
450235
cf-polished
origSize=74489
cf-ray
7460d344d9049143-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
server
cloudflare
etag
W/"be78d9a980de96613c20ad8880a0292c-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin
*
d3d3Lmhhd3RjZWxlYnMuY29tLw==
live.demand.supply/p4/v14-3-0/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/p4/v14-3-0/d3d3Lmhhd3RjZWxlYnMuY29tLw==
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0513fe35f8c7693dcd6d87a301058b2e0af9a36bb44ea18591153b80aba4272d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray
7460d344d9099143-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
e.js
live.demand.supply/e/ 		0
335 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?e=ll&d=176&cs=c&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
HIT
age
2234652
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d344d9469945-FRA
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
d5cbbeb4972b3717ac08103b4ad7902368d349c0aa0523882bd1524cb7c58185
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28503
x-xss-protection
0
server
sffe
etag
"1324 / 808 of 1000 / last-modified: 1662156516"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Mon, 05 Sep 2022 17:53:35 GMT
d3d3Lmhhd3RjZWxlYnMuY29tL2xvcmktaGFydmV5LWFycml2ZXMtYXQta3lsaWVzLWNvc21ldGljLWV2ZW50LWF0LXVsdGEtYmVhdXR5LWluLXdlc3R3b29kLTA4LTI0LTIwMjIv
live.demand.supply/p4/v14-3-0/ 		543 B
527 B 		Script
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/p4/v14-3-0/d3d3Lmhhd3RjZWxlYnMuY29tL2xvcmktaGFydmV5LWFycml2ZXMtYXQta3lsaWVzLWNvc21ldGljLWV2ZW50LWF0LXVsdGEtYmVhdXR5LWluLXdlc3R3b29kLTA4LTI0LTIwMjIv
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d01b2424d1becb990ea64a5c51159b045cb68bc1dbd136c8509d3fe8f30f4280

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray
7460d344d9059143-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ds.2.html
live.demand.supply/ 		413 B
406 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/ds.2.html
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01GANTWRD73MP14YSDKC1WN53Z
date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
timing-allow-origin
*
age
1512140
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=2592000,immutable,stale-if-error=604800
cf-ray
7460d344d94b9945-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
hawtcelebs.com_native_multi_endpostnative
live.demand.supply/cp/ 		29 B
191 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/cp/hawtcelebs.com_native_multi_endpostnative?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d196e8bd0042755a59d4ffdefd3dd45d3db5173ede587bdb84d26d0ef44e942

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
private,max-age=3600
cf-ray
7460d34539e69945-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
29
hawtcelebs.com_300x250_desno300x250
live.demand.supply/cp/ 		29 B
191 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/cp/hawtcelebs.com_300x250_desno300x250?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2544e71310c27e2c92f8720259da4c68bc66b45dd99cff090525e545644fab87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
private,max-age=3600
cf-ray
7460d34539e79945-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
29
hawtcelebs.com_300x600_hawt600
live.demand.supply/cp/ 		30 B
192 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/cp/hawtcelebs.com_300x600_hawt600?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
098e6c054d062f5ed9be3ae0937fbaab756c0b9b52624778e8b332ea7c802f27

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
private,max-age=3600
cf-ray
7460d34539e89945-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
30
hawtcelebs.com_160x600_hawt160
live.demand.supply/cp/ 		30 B
192 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/cp/hawtcelebs.com_160x600_hawt160?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d530733bad93f02c6d727dd07d476e85acc7d850eebe6ba3895468ba0ab6689

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
private,max-age=3600
cf-ray
7460d34539eb9945-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
30
hawtcelebs.com_responsive_h_hawtfuterreshor
live.demand.supply/cp/ 		30 B
192 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/cp/hawtcelebs.com_responsive_h_hawtfuterreshor?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e420666fcd61fd1ca0c9954c909c50f08035cd70bdbc01f5e19de767dfe5c396

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
private,max-age=3600
cf-ray
7460d34539ec9945-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
30
hawtcelebs.com_728x90_sticky_display_bottom_stickybot
live.demand.supply/cp/ 		29 B
191 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/cp/hawtcelebs.com_728x90_sticky_display_bottom_stickybot?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1427e34002bd5ade9f44dd2573a026cea941a80748021128d4119c861ea83273

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
private,max-age=3600
cf-ray
7460d34539ef9945-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
29
pubads_impl_2022083101.js
securepubads.g.doubleclick.net/gpt/ 		379 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
6f5d18b1769507b97d8718a598fcecd3bc9e270bc11a520d769b2d06452418f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 15:23:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9001
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131962
x-xss-protection
0
last-modified
Wed, 31 Aug 2022 08:36:29 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 05 Sep 2023 15:23:34 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		446 B
218 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.hawtcelebs.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
47ecec0312b98dc3f4b5977fa38fc06d8f7e60f22901b852860f6006bd0e6def
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
193
x-xss-protection
0
expires
Mon, 05 Sep 2022 17:53:35 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.hawtcelebs.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.hawtcelebs.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		1 KB
819 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2233394363979607&correlator=462954298704343&eid=31068928%2C31069203%2C31069227%2C31069312&output=ldjh&gdfp_req=1&vrg=2022083101&ptt=17&impl=fif&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C42d64542-ad30-45c9-9859-6b93dc8b1e0c&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&adks=1978351858&sfv=1-0-38&ists=1&fas=8&fsapi=false&prev_scp=ti%3D9e9274f6-62d5-43fe-8541-f880697213e0%26pof%3D0%26interstitials-bid%3D0.2%26bid-p%3Dgoogle%26bsc%3D81&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1662400415733&lmt=1662400415&dlt=1662400415259&idt=448&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=2047397849.1662400416&ga_sid=1662400416&ga_hid=1150634113&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
40eba42ba503b9446c0e6f6f2c01fe7ac3b9924fe7d10528e06fd7ee7cc42a2b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
789
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9CB0 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hawtcelebs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:35 GMT
expires
Tue, 05 Sep 2023 17:53:35 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pubads_impl_page_level_ads_2022083101.js
securepubads.g.doubleclick.net/gpt/ 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022083101.js?cb=31069312
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
2c961539bdea05629dbcd160e681e5b4490386aeb13c22bd36d905dbf3c545bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Thu, 01 Sep 2022 11:11:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
369699
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13594
x-xss-protection
0
last-modified
Wed, 31 Aug 2022 08:36:29 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 01 Sep 2023 11:11:56 GMT
e.js
live.demand.supply/e/ 		0
299 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?r=hawtcelebs.com_native_multi_endpostnative&pdc=0.6211025689216345&ucv=null&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
HIT
age
2234652
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d3467bf69945-FRA
hawtcelebs.com_native_multi_endpostnative
api.demand.supply/v14-3-0/a/ 		318 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.demand.supply/v14-3-0/a/hawtcelebs.com_native_multi_endpostnative?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ec77b6656290e6fff0b28e5070c9abdd6dff9af534db21835771921c9b58dcd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
1157
etag
W/"13e-U0Z1hZrSSkBz2ziipvB7H8eSrQg"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray
7460d346de4e9036-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?r=hawtcelebs.com_728x90_sticky_display_bottom_stickybot&pdc=0.4098520367003767&ucv=null&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
HIT
age
2234652
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d3467bfc9945-FRA
hawtcelebs.com_728x90_sticky_display_bottom_stickybot
api.demand.supply/v14-3-0/a/ 		316 B
503 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.demand.supply/v14-3-0/a/hawtcelebs.com_728x90_sticky_display_bottom_stickybot?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c267c66ac6f9e7b20a95d03a227071440e3ffe37ed5ee85e06d38fec1c6ac888

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
1346
etag
W/"13c-YONOmTrHXtEGp7u+321OQxxurK8"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray
7460d346de529036-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?r=hawtcelebs.com_300x250_desno300x250&pdc=0.3848159578119901&ucv=null&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
HIT
age
2234652
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d3467bfe9945-FRA
hawtcelebs.com_300x250_desno300x250
api.demand.supply/v14-3-0/a/ 		310 B
304 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.demand.supply/v14-3-0/a/hawtcelebs.com_300x250_desno300x250?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d505de3f752bcf1019f9878efbea8403e9ca4ecaf4bb6f80f477fba1eb694d2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
4020
etag
W/"136-1CnAbMd+9XDMyeNEaBKIGE8uUAI"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray
7460d346de549036-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?r=hawtcelebs.com_160x600_hawt160&pdc=0.05237183527183092&ucv=null&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
HIT
age
2234652
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d3467c009945-FRA
hawtcelebs.com_160x600_hawt160
api.demand.supply/v14-3-0/a/ 		310 B
303 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.demand.supply/v14-3-0/a/hawtcelebs.com_160x600_hawt160?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d36927e9404935042a1677981d9cf95b6021094c1756b2e43aadbdc9dc1d3afc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
3123
etag
W/"136-mpGUARObwfQuTHwVfy2rUaqYbhU"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray
7460d346de559036-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?r=hawtcelebs.com_responsive_h_hawtfuterreshor&pdc=0.06128005877694834&ucv=null&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
HIT
age
2234652
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d3467c029945-FRA
hawtcelebs.com_responsive_h_hawtfuterreshor
api.demand.supply/v14-3-0/a/ 		305 B
296 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.demand.supply/v14-3-0/a/hawtcelebs.com_responsive_h_hawtfuterreshor?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed0cae5ad52d4611f26645da5d8a66ef4a8c7117b7ae88c958094262999f952f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
3122
etag
W/"131-ZFw11vk5SfxYubPmypaNWRx93c4"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray
7460d346de569036-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?r=hawtcelebs.com_300x600_hawt600&pdc=0.41951890171723355&ucv=null&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:35 GMT
cf-cache-status
HIT
age
2234652
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d3467c079945-FRA
hawtcelebs.com_300x600_hawt600
api.demand.supply/v14-3-0/a/ 		318 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.demand.supply/v14-3-0/a/hawtcelebs.com_300x600_hawt600?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b44ff76502980d269c8db4fc08a639693d756cecf542ef00e0b2e5a1655a997b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
2775
etag
W/"13e-0Zrx60J6wwE66zOAormtUzfOPgE"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray
7460d346de579036-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
sdb.css
live.demand.supply/css/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/css/sdb.css
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99456b3711ac205efcbdbc08ae9dae0124aa6a94d0edf9701a80caa6fc38b5db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01GAQSK6JGBDZYXVV1HXCNYCS1
date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
server
cloudflare
age
1159068
etag
W/"91240b29909c982324bc6fb4ed39ed30-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
max-age=2592000,immutable,stale-if-error=604800
cf-ray
7460d3470ccb9143-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.hawtcelebs.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.hawtcelebs.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		112 KB
41 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2233394363979607&correlator=2812928028966788&eid=31068928%2C31069203%2C31069227%2C31069312&output=ldjh&gdfp_req=1&vrg=2022083101&ptt=17&impl=fif&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2Ca44052de-e723-4b54-80cc-5e902e453a12&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=2&adks=3331030943&sfv=1-0-38&fsapi=false&prev_scp=ti%3D9e9274f6-62d5-43fe-8541-f880697213e0%26pof%3D0%26bid%3D0.19%26bid-p%3Dgoogle%26bsc%3D81&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1662400415840&lmt=1662400415&dlt=1662400415259&idt=448&adxs=436&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=512&ohw=0&ga_vid=2047397849.1662400416&ga_sid=1662400416&ga_hid=1150634113&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
fc648a228e1fd71757669ff86f3f42e2790d5e33bb3ceed5ca62d9c7f662499c
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM6yjpKc_vkCFdQq4AodyZ8I-g&gqi=&layout=/sadbundle/%24csp%253Der3%24/8020352921880749886/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM6yjpKc_vkCFdQq4AodyZ8I-g&gqi=&layout=/sadbundle/%24csp%253Der3%24/8020352921880749886/index.html
content-encoding
br
x-content-type-options
nosniff
google-creative-id
-1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42329
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
date
Mon, 05 Sep 2022 17:53:36 GMT
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		15 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2233394363979607&correlator=2541810279538866&eid=31068928%2C31069203%2C31069227%2C31069312&output=ldjh&gdfp_req=1&vrg=2022083101&ptt=17&impl=fif&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C6d45db18-88d7-43aa-be47-7fd2da06cb7e&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600&ifi=3&adks=977961488&sfv=1-0-38&fsapi=false&prev_scp=ti%3D9e9274f6-62d5-43fe-8541-f880697213e0%26pof%3D0%26bid%3D0.13%26bid-p%3Dgoogle%26bsc%3D81&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1662400415848&lmt=1662400415&dlt=1662400415259&idt=448&adxs=1029&adys=510&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&frm=20&vis=1&psz=300x-1&msz=300x-1&fws=512&ohw=0&ga_vid=2047397849.1662400416&ga_sid=1662400416&ga_hid=1150634113&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
3964b1baa62d3b1426c5b4a746d67e9fa2446f4e44b5bff3d81a5dd409863b19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8637
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		21 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2233394363979607&correlator=3918907351652241&eid=31068928%2C31069203%2C31069227%2C31069312&output=ldjh&gdfp_req=1&vrg=2022083101&ptt=17&impl=fif&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2Ccfb16f52-ed40-46d3-bac4-bae57a2a1668&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x100&ifi=4&adks=1239399180&sfv=1-0-38&fsapi=false&prev_scp=ti%3D9e9274f6-62d5-43fe-8541-f880697213e0%26pof%3D0%26bid%3D0.03%26bid-p%3Dgoogle%26bsc%3D81&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1662400415854&lmt=1662400415&dlt=1662400415259&idt=448&adxs=252&adys=3285&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&frm=20&vis=1&psz=1097x0&msz=1097x0&fws=0&ohw=0&ga_vid=2047397849.1662400416&ga_sid=1662400416&ga_hid=1150634113&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
69164c2f89b59234047976910758f59fbda7401576695346065b4ff67c233a22
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10213
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		15 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2233394363979607&correlator=375697740087899&eid=31068928%2C31069203%2C31069227%2C31069312&output=ldjh&gdfp_req=1&vrg=2022083101&ptt=17&impl=fif&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C0ab12ccf-1c79-4c31-a189-91e8fff1193d&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&ifi=5&adks=933870500&sfv=1-0-38&fsapi=false&prev_scp=ti%3D9e9274f6-62d5-43fe-8541-f880697213e0%26pof%3D0%26bid%3D0.05%26bid-p%3Dgoogle%26bsc%3D81&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1662400415861&lmt=1662400415&dlt=1662400415259&idt=448&adxs=272&adys=400&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&frm=20&vis=1&psz=160x-1&msz=160x-1&fws=512&ohw=0&ga_vid=2047397849.1662400416&ga_sid=1662400416&ga_hid=1150634113&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
7895f19f9770dce4f076a9cc63e8e331843876aca25d55bb5907220df0f5b5e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8645
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		82 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2233394363979607&correlator=1746785922513357&eid=31068928%2C31069203%2C31069227%2C31069312&output=ldjh&gdfp_req=1&vrg=2022083101&ptt=17&impl=fif&iu_parts=44890869%3A3968751%2Cnative-multi%2Cf6d159cd-001a-479d-a9ed-fdee82498580&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&ifi=6&adks=2044783396&sfv=1-0-38&fsapi=false&prev_scp=ti%3D9e9274f6-62d5-43fe-8541-f880697213e0%26pof%3D0%26bid%3D0.03%26bid-p%3Dgoogle%26bsc%3D81%26format%3Dmulti-native&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1662400415868&lmt=1662400415&dlt=1662400415259&idt=448&adxs=452&adys=2266&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&frm=20&vis=1&psz=537x0&msz=537x0&fws=0&ohw=0&ga_vid=2047397849.1662400416&ga_sid=1662400416&ga_hid=1150634113&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
538ff4da79fec8ba0e9fe57dc4706fb57187f7bf37a26bd51fc6a82e27e72a45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28685
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		20 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2233394363979607&correlator=4249441138939555&eid=31068928%2C31069203%2C31069227%2C31069312&output=ldjh&gdfp_req=1&vrg=2022083101&ptt=17&impl=fif&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C6fba91e9-d020-48d4-9f2a-c80c3ac58704&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=7&adks=754983456&sfv=1-0-38&fsapi=false&prev_scp=ti%3D9e9274f6-62d5-43fe-8541-f880697213e0%26pof%3D0%26bid%3D0.16%26bid-p%3Dgoogle%26bsc%3D81&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1662400415880&lmt=1662400415&dlt=1662400415259&idt=448&adxs=1029&adys=380&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&frm=20&vis=1&psz=300x-1&msz=300x-1&fws=512&ohw=0&ga_vid=2047397849.1662400416&ga_sid=1662400416&ga_hid=1150634113&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
42e4cce501b7a3de5b3c5a4e1d6672652e780b8d4cd45f8e6e16e4db81e7df29
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9841
x-xss-protection
0
google-lineitem-id
5564063651
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138332681208
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
config.js
confiant-integrations.global.ssl.fastly.net/UZYxC75kqDLRiEd9GoEYOmovVVM/prebid/ 		99 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/UZYxC75kqDLRiEd9GoEYOmovVVM/prebid/config.js
Requested by
Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f9022424a5e4ddbaadf4e20d5f29ea301d098c7a057b2a3be9f4dd3ad514313

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:36 GMT
Content-Encoding
gzip
Age
424
X-Cache
HIT
Connection
keep-alive
Content-Length
24249
x-amz-id-2
xVJGTmxiKExJYYnxXnB5/46MxoysxDTNNRNBVVHOiJD8Qv4THfWw8ZlKmO7fmyCTrWHbRbQ5nn4=
X-Served-By
cache-hhn4072-HHN
Last-Modified
Mon, 05 Sep 2022 17:00:00 GMT
Server
AmazonS3
X-Timer
S1662400416.155770,VS0,VE0
ETag
"2563cb1aa56f4c2c8da424bcc6343a9f"
x-amz-request-id
7BAZZX1ZA93M2FV0
Via
1.1 varnish
Cache-Control
public, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Content-Type
text/javascript
X-Cache-Hits
40
udm-r3_v2.13.11.js
bid.underdog.media/ 		522 KB
162 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bid.underdog.media/udm-r3_v2.13.11.js
Requested by
Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:e000:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c1220c3411924b38b46c29959590ed77fcda4bec4ed71907db27bef41ac42cbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 16:24:21 GMT
content-encoding
gzip
last-modified
Tue, 30 Aug 2022 21:27:26 GMT
server
AmazonS3
age
437356
etag
"d276d3da2ff19ce09c9c63baf7f68dab"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
cache-control
max-age=2592000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
165299
x-amz-cf-id
lJPJ1YfOp7GHtK0e4LLx0HYvnMFwkV1dPE8mWOmfJTQdfxmUJiX40Q==
quant.js
secure.quantserve.com/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
32cf0a8fe53899cf276cb12df8c8f5f1558bfb49a803502eda8296818dafef6f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
etag
"3K3nn1ChiYCKxJYFUmbsHw=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 12 Sep 2022 17:53:36 GMT
fetch.pix
udmserve.net/udm/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.57632774
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fdt%253D1%253Bapnid%253D%2524UID%253Bcb%253D0.57632774
  • https://udmserve.net/udm/fetch.pix?dt=1;apnid=5007904726464245340;cb=0.57632774
43 B
612 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://udmserve.net/udm/fetch.pix?dt=1;apnid=5007904726464245340;cb=0.57632774
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
HTTP/1.1
Server
68.71.249.118 Toronto, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:36 GMT
Cache-Control
max-age=43200
Connection
Keep-Alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 17:53:36 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
52ca7a79-7b10-478e-ad24-d81c70441a5e
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://udmserve.net/udm/fetch.pix?dt=1;apnid=5007904726464245340;cb=0.57632774
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ImgSync
image8.pubmatic.com/AdServer/ 		0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fpmid%253D%2523PMUID%3Bcb%3D0.57632774
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.18 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:35 GMT
content-length
0
services
sync.technoratimedia.com/ 		0
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=54&cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bsncr%3D[USER_ID]%3Bcb%3D0.57632774
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
129.158.42.199 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
427113787
access-control-allow-origin
https://www.hawtcelebs.com/
access-control-allow-credentials
true
fetch.pix
udmserve.net/udm/
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=199174&cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.57632774%3Bindx%3D
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.57632774%3Bindx%3D&s=199174&C=1
  • https://udmserve.net/udm/fetch.pix?dt=1;cb=0.57632774;indx=YxY3oOwda2xciwnHsx5sKwAABF8AAAAB
43 B
624 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://udmserve.net/udm/fetch.pix?dt=1;cb=0.57632774;indx=YxY3oOwda2xciwnHsx5sKwAABF8AAAAB
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
HTTP/1.1
Server
68.71.249.118 Toronto, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:36 GMT
Cache-Control
max-age=43200
Connection
Keep-Alive
Content-Length
43
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rpxqf2Yb6SX%2F9G3kQeveojJ%2FUxlssB13UU6WQ5klk2M17nwHXcKYqx7JyJ0BiwHG2OwKzzI5Y5G8ym81i3c8vsm%2Fkpm4zgb%2BpQDClo1%2F6CRPUpxXAeRHYYRQ4ICD%2B8UR67EktaMi7F1rug%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
https://udmserve.net/udm/fetch.pix?dt=1;cb=0.57632774;indx=YxY3oOwda2xciwnHsx5sKwAABF8AAAAB
cache-control
no-cache
cf-ray
7460d3494c4d9a35-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?r=hawtcelebs.com_auto_interstitial_desktop&e=nai&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
HIT
age
2234653
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d348e8869945-FRA
wrap.js
confiant-integrations.global.ssl.fastly.net/prebid/202208101343/ 		105 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/prebid/202208101343/wrap.js
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/UZYxC75kqDLRiEd9GoEYOmovVVM/prebid/config.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4363de3692c4a74fc169fe532159fc97103dc6bd4d8efda8ff32952de1fdd996

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:36 GMT
Content-Encoding
gzip
Age
867
X-Cache
HIT
Connection
keep-alive
Content-Length
34427
x-amz-id-2
BCYZIn5poFGMxCOTP4fYrMIVoqltCKkDVw33iN9GJcPIB3Ffx3D0OY3vZKQWEDiSdrGMTxFlfP4=
X-Served-By
cache-hhn4072-HHN
Last-Modified
Thu, 11 Aug 2022 17:11:25 GMT
Server
AmazonS3
X-Timer
S1662400416.188255,VS0,VE0
ETag
"1c354cd32f984e250996b8af95ccf77b"
x-amz-request-id
3W5VB7D05P3HVSST
Via
1.1 varnish
Cache-Control
public, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Content-Type
application/javascript; charset=utf-8
X-Cache-Hits
487
rules-p-effSsmMYCbAck.js
rules.quantcount.com/ 		209 B
681 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-effSsmMYCbAck.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:c800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
afe970e8b124a779bd6e2a96d3e030eb1ca042d81b4466617e20d120de74c9e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:08:26 GMT
via
1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront)
age
2711
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
209
last-modified
Mon, 22 Aug 2022 11:05:54 GMT
server
AmazonS3
etag
"c4508fcb851e70af11a11d4077b6c4d3"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-pop
FRA56-P2
accept-ranges
bytes
x-amz-cf-id
rgGeGsH6hh1VeIt_HdvqtfzXFCdyuflMF0ONSMB-I6Em9ltUv7ntMg==
rules-p-Pz67dCqdsHfxh.js
rules.quantcount.com/ 		209 B
663 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-Pz67dCqdsHfxh.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:c800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
11ed90c92297e46261775eab42fc43c1c7781556fd790d05f916e991b29f0396

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:45:02 GMT
via
1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront)
age
515
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
209
last-modified
Wed, 24 Aug 2022 05:00:59 GMT
server
AmazonS3
etag
"e1fe5415063c7779c40311583a06ad42"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-pop
FRA56-P2
accept-ranges
bytes
x-amz-cf-id
IZroi7RnCPbNO8sjOVs-k5Z_KIcmbPVG9qi-tuZjfwsVO42f8W8z8A==
esp.js
cdn.id5-sync.com/api/1.0/ 		48 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9468203d1a374c57d8f34c2df0229524b0b930bd43ed137a2a9bbbb21c1606e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 31 Aug 2022 11:00:45 GMT
server
cloudflare
age
3425
etag
W/"c7c919b353e8ba2ee51dc077f03d29d1"
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-ray
7460d349c9489293-FRA
x-amz-request-id
A849S3HH41P7WXGD
x-amz-id-2
DsHOdudm9IwjEsU8t68jLguJoAg98R4GRc9D/09zuPTOyfO9GTqstQmho8ehLeFDeAuUvW9kqp2rcTEDACzeGw==
container.html
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 12D8 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hawtcelebs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:35 GMT
expires
Tue, 05 Sep 2023 17:53:35 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?gl=0.13&b=1&r=hawtcelebs.com_300x600_hawt600&sy=b58ce294-2ec9-453d-88a7-f81d116b95e0&ts=81&cd=2&pud=176&pus=c&pue=2107&pid=80&pis=c&pie=2205&ppd=91&pps=a&ppe=2216&pcl=2014&ttc=2508&tti=2898&ttif=0&lca=2216&lcak=ppe&lct=2216&lctk=ppe&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=300x600&mlbw=4g&mlcs=NaN&mltp=9e9274f6-62d5-43fe-8541-f880697213e0&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
HIT
age
2234653
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d34989c99945-FRA
container.html
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3468 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hawtcelebs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:35 GMT
expires
Tue, 05 Sep 2023 17:53:35 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ 		182 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
476d8d8a5ee6c842a16e5ae6a58cec35ff7649729b77de0319644cdc128340eb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		834 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ea842ad92b2cb342a00d74293e6036981ec07854e082223080525efa9c88528

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/svg+xml
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?gl=0.19&b=1&r=hawtcelebs.com_728x90_sticky_display_bottom_stickybot&sy=b58ce294-2ec9-453d-88a7-f81d116b95e0&ts=81&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=728x90&mlbw=4g&mlcs=NaN&mltp=9e9274f6-62d5-43fe-8541-f880697213e0&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
HIT
age
2234653
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d349a9f09945-FRA
view
securepubads.g.doubleclick.net/pcs/ Frame 2FF6 		0
0
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 2FF6 		0
0
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.hawtcelebs.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.hawtcelebs.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		28 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2233394363979607&correlator=4117011263345600&eid=31068928%2C31069203%2C31069227%2C31069312&output=ldjh&gdfp_req=1&vrg=2022083101&ptt=17&impl=fif&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C2148127f-9c02-432e-9b21-e56dcc3821fc&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=8&adks=2371207207&sfv=1-0-38&fsapi=false&prev_scp=ti%3D9e9274f6-62d5-43fe-8541-f880697213e0%26pof%3D0%26bid%3D0.05%26bid-p%3Dgoogle%26bsc%3D81&eri=1&sc=1&cookie=ID%3D8365aa15c33bd7e3-2259694314ce0078%3AT%3D1662400415%3AS%3DALNI_MYhm0DgxmRj-WBHkW8Go6jEY3UrPg&abxe=1&dt=1662400416273&lmt=1662400416&dlt=1662400415259&idt=448&adxs=1029&adys=380&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&frm=20&vis=1&psz=300x-1&msz=300x-1&fws=512&ohw=0&ga_vid=2047397849.1662400416&ga_sid=1662400416&ga_hid=1150634113&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
be237b6f2a146c310c3d991fbdb4ec8d560b2f1e1b69031951d519b32764e783
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12744
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D60B 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hawtcelebs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:35 GMT
expires
Tue, 05 Sep 2023 17:53:35 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?gl=0.03&b=2&r=hawtcelebs.com_responsive_h_hawtfuterreshor&sy=b58ce294-2ec9-453d-88a7-f81d116b95e0&ts=81&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=1024x100&mlbw=4g&mlcs=NaN&mltp=9e9274f6-62d5-43fe-8541-f880697213e0&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
HIT
age
2234653
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d34a0afa9945-FRA
container.html
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2F18 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hawtcelebs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:35 GMT
expires
Tue, 05 Sep 2023 17:53:35 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?gl=0.05&b=2&r=hawtcelebs.com_160x600_hawt160&sy=b58ce294-2ec9-453d-88a7-f81d116b95e0&ts=81&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=160x600&mlbw=4g&mlcs=NaN&mltp=9e9274f6-62d5-43fe-8541-f880697213e0&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
HIT
age
2234653
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d34a2b479945-FRA
pixel
pxl.qccerttest.com/ 		35 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pxl.qccerttest.com/pixel?r=1931784362;fpan=1;fpa=P0-1939739575-1662400416343;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;ref=;cm=;gdpr=0;d=hawtcelebs.com;dst=0;et=1662400416343;tzo=0;url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F;ogl=
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:600:11:615:7240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 02:29:19 GMT
via
1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
55458
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000
content-length
35
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Aug 2022 16:01:04 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"55d25e9dc950d5db4d53a3b195c046c6"
vary
Accept-Encoding, Origin
content-type
image/gif
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
x-amz-cf-id
kYVSv4FCWMibt3oY5VSNQyb28DAbGvBX2iue6i7i_1YeIucDWWZQIw==
pixel
googleads.g.doubleclick.net/xbbe/ Frame 0F12 		624 B
733 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhj-9fnQATAB&v=APEucNWhCaOPEY0QwZT591KNaBUdGb3lcFaFlpxHoYHFkGz8xrhbTcP0Q7qzCfA4BFbLvFaxcKKtPzUCmaCzQTqt7WPQMYMt4moqMQ8vxhkzYw4X_tk0UYy7eeHaK7qMaPvZkpoF3hLnFe7GNrwrT-25KhkmgotLSl-QCHspTkobJsQJWfXZToBlRtA8iXijz35LwYf0RMq8l0_zFNCHYQunnndHlrcHvg
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 12D8 		82 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AcLxBzxt5aqOvr1lP2tz5g1iPaeR0VQUh2xQUo4FzKvJ7SWFiI_DRa2RbQ6aqPjUqLVq5nzVHRpYV_GeSVNCv4BDaj4g&cry=1&dbm_d=AKAmf-AW6VRoRkjtP6oHxaEOaqkTfV3TAv81vMLTqUhR4uCaq1UrytYxa-9QtEemRJCDA6fWY2JlOXSWGeyXWeKE4L1mUBcRQj77GnLTxEp3nekc2Z1f8gToGFRHYYO20cYGyRhSZX8fO40X5E7O_fT8OCxyH6oMSe5otvsKcS6q8fML6qRgLCB7XlLkUeZ3OzmCYjzjqGRX9IL3q9BlwBbmj8m2Jja-Pxma0lJKMc44rLPIlo3MEnLzo9ldYIbxwCtjCixVkgZIuQM44fFpPZIGfvExLUZ32BF0cK0Ty_-SCs6TdTA5vZMJ-oJL-ubTgX4mKbWevU-k_LKnefWVv6vvke3xp8_Ssp8zwTX6pkEIvmZZqANjLuaMGqGgpm6u1LNTPMGVQrOGuMqo5Kd4VkInB_DHYgLulzjVFiOYbyfbwn1Fz-pwWYNILFLTkD-JM2eVJw62IYQVa2i-VHWhHFtYDuuqAWgX4GKzAePl2ELi6a_Ejfpjgg9H_07YNQKaoHHAJkSN30rabxtnucK4z6cbZT_2Q_YVFtb_A15dISOFbSAqsjglQhGAa6Jrect7ATdkOMJ78xtMWe0neS6_dFQ8i4BNa97Ipx6VRsVlWx6oLaPwVbc9LebiWilIRd2rRfs9ZRJzq7vJt2V8mW8w7VVeJNt7e9kxArrJvLIHgY262-BSrEvGPNjGJs6X5KCm0uUgLV5rrVym0N6GzUmEjI_xGFI4nR7YtLASUaFocKX2LsAfWuqpUPmL9KRlT1lHCXfwxNCJG-VK30ewObqgpZJulTfrGL6nmwXzuRKznXefyptLw5mhot8dSxq01J8JRzGKeVbD7guPv7t1Kx9XT59-p9ETdSrnCzkIOWGwmVvqmOBtonmnDDt5xWcA8-1HuKjuQoxR_5LB7T_Zv83t51QR3k4634mlbT-bgjZQTWHSVZTSsntvHEk-y9Mec3CMRnh_C5VdSpkAStzaJ4waxqXhPbxzWC7Zi8WOSoL127ph-X2wuvL4XxQjeCMQp5ysl44bnzYZrVOuophjLZyr1CwPYbzn9hrzV51468WBOgaiVI9QNHD8XaDas8CZB95YUCddhGuqg1pVEfTrGFElrDRQ4IL8fQPSP4jLMwh1ltq9X9daVweSvn3aOnI8wKIKSovkeavDi3T9NrvCgm45djDUPk-Eog00fG8tPVuI7UmXMZg1mXxrtBI7l0vSRPBK7F8y8CSixuzerydagnv3nhhWF85gmUTZhUAP69BhNmYdYYIE99XMkT5ajukecu3oc7u6-3ozRFDqaXUs4w4f11H0mAKCiZkLQquFAQi5R6VRx0sD2mF9iRwwUUDUUCJWuBTLdruF75RlcMpsspzQKcqeIsdPXtFGN7F2hlJtEyZKH92NGSFcsDw4clNae3cQ4ylXUarr6evw6SseK4e_dOfUHZeKOFa4L22FZSr1RaRxGaDxbWRkbnhQywarTmHjmESGP5VQsZODDIZc3G5vQkwkjvKo94LQZOlLq7PqEKKaulS33OaPDvrp3m5iPA72smuXoOL8yPauy6Djs51UBPuWoS9YJGMwPBXWNIlc1mnBpBtHbdoFoV8Qb9nDxQShWfXwEOdoMs24f7ZyqM3i89luJytUc9hh9SYokG4F2RvWNf7HNVyr4KJh5kOS-4uReaWOIhMLn81-win4HF1iEERzng43S2LFFJjQ9TgA24ZkuUu_GSY_uIUrz9KK05pakJzsrOlq_uvtAP1cEkhC-tGWeV2tAadDnshNkhqPB6wg3jnxbC1pCLQzWwuUw9gwGFHj22T9mIdzZPiC1lTp5aEUFz1wGY-xiS47jVILTDAFuQJYUP2uonbuM4ftWIWVNmxJ91tKTb20yNu9Mja7i5QgxZa5-rQPVa92SHVNUZ04YPVpUNnzOBq3jdXRz0kNFNswT-kaTiICM8R2PHkSZblSs3s7oRVH5wbYcenweboeRWwQLYjPhFCXZ83V81uHkscf6HpK4P4cxJQAsAuy-MNyBA3MzdkLuST01nphuzfG124LjydzagZvBQ-D1AqF6RhzFTzDuSHNh8tl_Mya4f-y3h2Kt4wXTtt_VOvevk_M-0e-8qHDmEfaNur_62cOQyZT3WzoADHu2awA0XqCeomVnPFmFzuyEs1PNiE5d7_k-1t59xzxvoQ4RBdRpjZjFCtH6suSqg9FPpFGvo4D65P1qiXBmOTqWbJmmx9jaJYn0rDmWJ_QNgpaRscdSUqXBtLfLMu5oNSWs0MwwrFbfGtTWohR5tQX57JCR4TV3z1XQgaQVXVxgGh1Xx9yEWwhx3NtE62RFGkgMGQPEAmpsO6YB6mLEcdfvrmig6IYYV4J69b3UlIdXUeT6AxIDd2u_czaMJeBguJNQtX78GfAAO_wX7n97tJuWFy1lwzE3wzKmV0w8sHmbZUS03yf_w_iDOjGTS4ZgGmCZRkiOdrgMQY_j-o-zbKwoIbTfl1T0pQ9HZucK4sxr2g0shEDdeb8ZPrQ7voyCmDDZY7XZXd4FgeFYv7EZXv6W2xIzo7ExXvJTUXqkdtyVGskXnnW8rQzokeh0hPqCgV_Wv-JfZoaLCkUS9fxxNG_XpcUD9YIAgKzZ96GWpZfiS6ZCfq7zvZCsJ5Rct4X97RzGpDerTEhHys9-z9RppxbjOVEAW0nKbdiPkYtQSKudgDiZZs0ZZigt9NeBgqn0OPM1EG4phJ4hiN4eS3hoTVTPPG0gjABA7c5oYoNzzKXFTNHkNfvwh_jFd451kHUkAvYtL1XxRCbknEDjCKJrJ5cJJoCkaaiDxXQBwXs-hODdMMB7P5lEYb5qWNPWB8xXGmspWNYVZuSINRrEVNF30B-_HCXjc25A_3z-DdJFsguhBGsWC_Jv_gUedWo4ANc0yjjr4avd4lvK_8LCYGRQ3aAcYktwDR4JWFHnMUPrRkFc1JiGI_r-Y2YB70qfIbP5GygQKBcR_DsgDFEZ76GRQwTopOseI4mfCzYGybSfxbFYAKc_aQYgmcUEb0QUmH3sr5X7UKaDCJG3qplI1XMbmkwu2n9LZeYpr36mRlcvFqLS7susTgK4Pbw05bn8W7mbv3nIs8GCO8QlZH6M4bKWl7d0kkvLjPnMk_z_t52_qu21zd2iD2EGFhlCSHNt6f6OMIIR_zxy2TQ02bvEEUyYjSsf2x39txGu-ylVo47MZ0y8a33IU3Jez4OAW7qB7Bzd7Rax4Ik9PjOvfNf14M4HTVmUdFxWKWYFInqRHXlLCCYqbyAESic99yC6VQYpA9F-34hpY6n0ReBU8NFr_hTrGxl-8sIIGXGo-lFe7Ru9qUV9uHCjDzs108OYFP9x_SYHYNZAeIpH4-yxm5kE2LTYuCOkontSdZYe1UujpXkDefeOWz5nVEzdsyNYHRQVjMndhexLFYecT1_cgjCjwNH81Wm1n2lg3_cL2GBOI2Uy3NFTmpMjbwE35Sdd9cO6r1d_anXks5SL1XDmrGIVGkSUY_Ouw&cid=CAASJ-RoZvhQxpian2Jp3-jrJ6DrLe_V6YtINQemI5aFIL6Kai9JExuH4w&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d7bd674dcbb446d8e8a5df6cdf814fb6777534d7e06ed83f841d2ba8928ddd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34429
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 12D8 		42 B
494 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CffOXXSYENe2vLvJsXG_yzQ07XpYhsHLWscpyeZyoKs4_lnQPfV2RaKjJiYsa3UP_JuPqPH-KHyfMzXr68bEuJ-qDIgRN2Xx38lPOyjLHnXu46SYI
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame 12D8 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/window_focus_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:53:14 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 12D8 		142 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44792
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1661945761880069"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 05 Sep 2022 17:53:36 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame 12D8 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:52:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
63
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:52:33 GMT
l
www.google.com/ads/measurement/ Frame 12D8 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRal1AQVXBNbvPHtcWb6qgHqjY_TWE7ECWVdWWfXYft6ERpJOT1wZRH6MuHa0Etj6MCTZvGo0LUIcMqTUlOAtkKBjMihQ
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
pixel
pxl.qccerttest.com/ 		35 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pxl.qccerttest.com/pixel?r=1007633062;fpan=0;fpa=P0-1939739575-1662400416343;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;ref=;cm=;gdpr=0;d=hawtcelebs.com;dst=0;et=1662400416359;tzo=0;url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F;ogl=
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:600:11:615:7240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 02:29:19 GMT
via
1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
55458
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000
content-length
35
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Aug 2022 16:01:04 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"55d25e9dc950d5db4d53a3b195c046c6"
vary
Accept-Encoding, Origin
content-type
image/gif
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
x-amz-cf-id
MI5PA2aQnkxzfGc4JIZ-ZmkfREevogXRrg_8Uki79jFlieeH1wN_ew==
pixel;r=1667415827;rf=0;a=p-Pz67dCqdsHfxh;url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F;uht=2;fpan=0;fpa=P0-1939739575...
pixel.quantserve.com/ 		35 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1667415827;rf=0;a=p-Pz67dCqdsHfxh;url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F;uht=2;fpan=0;fpa=P0-1939739575-1662400416343;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;cm=;gdpr=0;ref=;d=hawtcelebs.com;dst=0;et=1662400416360;tzo=0;ogl=;ses=1ba60270-749b-4fd1-a543-7a7ab2cb6d83
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel;r=1235052589;labels=edge.1%2Csid.14863;rf=0;a=p-effSsmMYCbAck;url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F;uht=...
pixel.quantserve.com/ 		35 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1235052589;labels=edge.1%2Csid.14863;rf=0;a=p-effSsmMYCbAck;url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F;uht=2;fpan=0;fpa=P0-1939739575-1662400416343;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;cm=;gdpr=0;ref=;d=hawtcelebs.com;dst=0;et=1662400416361;tzo=0;ogl=;ses=1ba60270-749b-4fd1-a543-7a7ab2cb6d83
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		25 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1427b00f4747d51662c89f684cb9c8a06cda376d69865eadcd7e90069f8f05b4
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
19237
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
4747
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 12:32:59 GMT
expires
Tue, 05 Sep 2023 12:32:59 GMT
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
adview
securepubads.g.doubleclick.net/pagead/ Frame 3468 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CTjjPnzcWY47nNtTVgAfJv6LQD-L77-Nrr9K8qaoQxObflcIuEAEglZvKIWCVypGCoAegAZ_dpqgByAEJqQI7gscMP6SwPuACAKgDAcgDSKoEzgJP0D5tc2KfNQNsT-6L7CgibDwkP7AW2xtP-76WrRvYrfAwWavWMT2TTIBE33D1wwysLfNKpk0ic3yNb20ijWAg0xG1vEB0MmOOB3qM5aGuRJ_ctC37H0o8i870bYemCdLNLjXeOUiz2vK61BjMx-q6vIItbAVZlqJ2_KFskqRV_QAAXCIfb-JQ03hU78TruA7M0dhahElL3BzxoDnU_BQiwk7Z459qyQV7GzctblBYz9ZqlwLYVft67ZQY_BY5AIebuCgMLUz7ude5r64fW2JZc6BX0EXUi1sCVCb_-foV5sQw55a_EpgzW7_fAQx0FaCcDH7MrHcajyem3cemxzuv76sbSVgVu1iXjmGnvoqRR4BkM8smGPvWBkzI9g8mq3WjJoCFZNlCqFs9y8ihaPqO9W9zcIDK52bkuLbdov6Vf7C8cwJXvLT8dobh7p1cwATknNOqqQTgBAGSBQQIBBgBkgUECAUYBKAGLoAHyaLZ1wKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCG5xjSCBIIiOGAEBABGB0yA6qCAToCgEDyCBthZHgtc3Vic3luLTk5Mzg1NjU4MjIwMzQ2ODCACgPICwHYEwqIFAHQFQGAFwGyFx4KHAgAEhRwdWItMzgzMTg5NDU1OTAxNDYxNBj9-RM&sigh=OW0SrfzMYfk&uach_m=[UACH]&template_id=419
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/ Frame 3468 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/abg_lite_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0e39772fd4ab2ea007f5b93277960107e5a96696c53eef90c6e694e556ff5c26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:51:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
146
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9632
x-xss-protection
0
server
cafe
etag
2755732409155645664
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:51:10 GMT
increment
id5-sync.com/api/esp/ 		0
327 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.69 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216534.ip-141-95-98.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.hawtcelebs.com
date
Mon, 05 Sep 2022 17:53:36 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
container.html
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E29C 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hawtcelebs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:35 GMT
expires
Tue, 05 Sep 2023 17:53:35 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?gl=0.03&b=1&r=hawtcelebs.com_native_multi_endpostnative&sy=b58ce294-2ec9-453d-88a7-f81d116b95e0&ts=81&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=530x600&mlbw=4g&mlcs=NaN&mltp=9e9274f6-62d5-43fe-8541-f880697213e0&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
HIT
age
2234653
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d34a9c349945-FRA
pixel
googleads.g.doubleclick.net/xbbe/ Frame 8B84 		624 B
445 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYuKK9lQEwAQ&v=APEucNUkGFums6LWP53OQvnWPQj1bWuf4_rl-lAoLQP3iKrx36FAzMAt9kEzrFWGSoMqmkSuKTSo8ddN0AlJ6DvpU5rwPQRQs9iGXqWqL9TddYp_gJNEljTq7ZxgXbEMc1gL9yjnw4tyQa1k_AJoBTLxdA4LWmuVeNnu-bASmVPXwkT9RyVKtvWcYxs_ZhbN7Q7OAPrxfV80gqZ7nYR0u3d35fPB7nZe0w
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:36 GMT
expires
Mon, 05 Sep 2022 17:53:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame A677 		27 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B7PgFIPFgw9W4O_JcoPlfiJf-lX0yZUwe2Avqdc92QVbUl3sSwk9GC6KDS_STmTybl9Ts5U8SZkpei6gYfieZ5YPIMzaY9Nafk9frW-ROvnJ_u4iT_TJ8SkqBNXxWqQjWvCpUI74Ofoh29IVB_hjlC6c-9Pw&cry=1&dbm_d=AKAmf-A6q-nzE4uQGRv1wfJzuqV2r7JREABIICedbuVz7RQHX1TJIe7FilPgJcnQ5B3E9zzzEG9mWsiY4_aerGoz0tOxKblF0bczmQH-GtdqHI8mG6hhY2JhbHebr37ekshOClmanGx3mU_bK5ngfnmO-2UvWMU4j4yverlAseedzMHckzIZ8kEvNfN6EcqN3uSwPCSygrstHsraCVz4uuNG6CNjEx2FRS5WAZhdX2quqj681mwCCMmbaakuwWXDS-YIcp1wScN8NtSsGYMbInsd6W-pq9m-HZINksThA8zfezKajvG85i9mNIFzdNmqrx2uiUi5IOgRcelU6mrLzq_AyN0bVC5Ia7fCvgPPfyLT1TgQvXwP4o-cMF4xgqfEOGAX1x53iJx_g3nPfRj702Uj4BLzTcwC3wfAqxEuiqin4iZBe4FNZWFVJCzQsnojDfiFMekZmriqkhvpLW9LH22_YIT1AUY-x0z_QN_53Oe1cOJd1gSXVX-T0rDItg-UzjXhSQkDv_QuTy4nBvO8kHSHpZV-0jnMjyUPgBLX_9YC43eu4aR71YxkRohuLKzWJHyvIwJLZgyo6L-oQsMln3ttKwCzjjBa97qhmKOgrjXPIwjxxhnkZkIdGZVzkIhTm_iZrLrMW0DnuNCQVL465WJ-qbywQ7X7rQacT_1MSLEvVBCWIvdIb9Pe7P2mfPyas3DdchtVWSoYVWI8-TSAVTAOMaFnFTJlCncSvnHZ8vwZQ0kcudJu7iD6Q6HgzlJMItaJ_E_Fi2MlzBLkz36VcTb9psxNm39Iw_oS7NXuvyEDSX-FRYd-cLAIcPqPriLQXVo0KGxiPdRH1n5HCgQ4ta6dTILNZ9Bhddr5UmjunvrlwKi9DcOM3Dn4f_bUOSJ0d_wa8ygZV0JuD-oC7KymVnKXsmXaPOAu7m8QDy7zvEqSI9f045O3arxpyIeVSKSWoBB2McC4D2WQAh0nzBgyRPasdAyfR6rYlkq2ox8HpClOABypJCYIVyuARaU5Bx1w5DdhTugxlbvrgkuO0nV_xDjhvBrFdwUkRQENCY9y_pWhvOudtdGWoGBHCV2DDZ3iIPV59dPedPQgAmwV89VLvMyfTCj1XIsZ6cPlaGbfVbjnpG20RceBViC2h-nbvL2TsBSnm5GqBLLRnMN5n5zvJA3KR-OyjtmQokhCQf5NlWUjFYSOS_6JnwEgX-XFCH8ENCi6yxWSsbKsstlqB3KDA4Q317kgnfnhRLZko5IM0ub8QMbfBzqzjkPeuRUnO37WdJZy0YYAPcz_dBEcWK-RR8g3qGS7g98opTNGxHPmePUouDjXCt40XPB-9L1mjSEfn-0V2SbiAWAWW7xr-l4NpNvTflu3bAN7cPw-andHSXe_kzXarb6cndDA1i_QZe5BZNWOcXCaP9_WZUmScgorxtxfc_0kWFuTSvWDFQ7nKADhAojYT6eMOANfaCobrMz4KFEhuaDWndEIGb-m0vNGsNOJ8GGvXkBWYXrSkNYtzxAh9_RrzhvTano6imLW2j-1I0RFofPkbb84G8EZmB7d_JDzxfDOZNtZ1WQ4UxesJ0A7ls_zg85SRymTnMKFL6v0Fp4AWaheKgTfdK1qXV-JBVbGOANUSjGD3bhNO-5fkcSIF2C96pl3YpIFTiiWj7AyZC_x9bkdF82tz-5VuhjmLRWEzV-EPVvef8B4lxwQU7AyxwFbFx8ts0yoLaF0-Avbo9mcHP43HjpopdUd6zohPN_fp9iPhdS-D2rPB6Ag2AziF4gBZAWFmJr3Xj9hYCEqSzm4JIqWW9fO1BOZcUjeIixfNlW7221aUVKDSdqPqQsJEuuC7vxwoX_KOJjANdddPKagE_7lNNJJWRFcu8TjcAGTdc997G53YCBCIUxhlH0DUCMlhKOBNalXVAbnRSZNoBKwhWaCyQrPSwa10wG4ZcYm5ewnzlqZwveUu-QAzEq7Dp2-DUD33On1bmt6OeERKOS5OpTGucZbOMxU9YU6UF0Ld8Hjl2k7E1jSaylLK4t6sqj8l1NhJ-8Pr-lTf571lf9P1rzrEcXLo0yWQ4YXRqk0lxEpfvjQYPvVSXTPETrpgqkjIOEqWgu-egdbJr5K0yglw6lNe0OZyg5HjTrhJQtFyXKbvQWcxi1vKYnQlJdOmrDpqfd1RY2YnJZVIGzLfMWW6od2qzUwZaM_t1Ak4R_GOP26Y3hMOlONGhHDj_flfGi656dV06ZUd26lTDemBl0EYERgG-gVQfRtpKyWWTc1FFpRBJ1IB-aKVqorYbHsGdgrOgeVVqqGrMI33Yk0C0gU_u8KswsyzpWdJ3r6Ccd0Z4ORnBV4FxL1YIpwOwWWwVslrhnSrFCYs91cR7uDc4UajLX8aWu8PDQXR1jm1saCjZF0np4fmQjWk4sEWA-I-fewTBg0yzbMtPS0mXeZPuGsYHJQfAQZ6YWhBy2cH9Nl1V9Qon4ZGFtGRj5xjBqeABszWl9B4tgfsQ7u7mY2w8t3mBSfTwyCvsLACRPVFGStoVqVSTGKi8FEA7YLneFN-em7WU0SReyeS5263MzT9hTtSSVwvdSAuekVTW9XSGpps4UxH_RQSmrBQkzKxsamYRGf-5jZhPLESRfWit1tBgr-E_sB7rUId36mEtuTXOLdJHEkXxPBDllssN-cao5sjDGx_Ii2iosY935fRA1pHJjC6ptMZkM_xtfGNgTnMPbeN4ZMs4gAnKBVCowDjsjsSYbwQBGW7aUuPn24dVoyhGO8BK6ASMw8rO1QHLJAvB2FAt2mvowc5B7BcmfLahmAAmGjNc5xTz834YYaY1KfbVZJl0pGnZ3U0Uvb6dtdlD6XZ61fH67d4cCRbgsewbkqlxPcRiwflc-wakIcxg5NNwOjsKzh6TzryYH_27P3Gu0shFRyDawWBhjyDVWgneyGYy1Zl7708Ol2elu4sMzOLPc2kpFb4r0ICLR71UkDasJ8QhnJFFyaCpn_yeXF-nwcN-X9UxM9vNGieS-8N1Nx7D6Jz6YHuXbSLu-B1_vWxf8lwJ3-H7-A2z55EgrPqkApYWRVRIIL6stQuSRmCWrWwpvDUFUMY3phfvbfThdcPrdLBRJADl3SFO0BH9ZxanimIpFEnJt8W4xxh1SX0EEdjynd3fk3LmGq3NAjZxt1-YO9zeNIvJG7hGc1KAh7F_WWYcJWhOXy0jMDD3lqvy2vnsbgtFxznblHIDJvdf_EBssCH8b35RqI138I9MmhCZ6j6FJYdm5hcryO9b9blh4-9J3DLs_QkQWGjAeEdJMEo8C9QAPEXOjEAuoYNEPMe2tGVjRh3am2aVwpl_uE079cKRDINrCSxsYtPEkcI03whRmziW6-68Dp2xL3nfp6MNSx6qIJXyMcR-77zyZeTe6ugqQzJqQBDBQlIerkkZNnpGh3Sz8HfVhDHd1a9vMLdvVW7FcFcBDIdEuNxL_tot4ckV9wwluq8sWbQEgL08gcxYRVj1pF8I-rwo3pfTMC-rZHpfeYMPHO-2KGQj7mhG20-n_0gi44VIdycvTuVGVXPbODhdbJpLCHeA&cid=CAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g&rfl=2%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
111d1bc9aa9ad89b7eef5134cbe5b87d12b8ef480e3795d50da9b3ebcaca97aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16868
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame A677 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:53:14 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame A677 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:52:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
63
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:52:33 GMT
l
www.google.com/ads/measurement/ Frame A677 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTvQXX0CDgUx0tvV2XqYpxf2ekDpBRQrGX4HgLE2j4oCqeE0Zj5nFuG6UTJLbbys8DD44tZzkHMEYjBFKAb8WCh-vm_sg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A677 		142 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44792
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1661945761880069"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 05 Sep 2022 17:53:36 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A677 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bsf01XZD1kiHoLwb-VBBAHsC8UL_zEl-_QYJQkqsXZfiLqnHEg97rdwzaMTFQ5NQE6TLfLdrEDwrDddcDfzKBa68eoA01Px4oG41XLJyO6J8bcG6M
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 5111 		455 B
399 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD-jfH6ARjNgsKtATAB&v=APEucNVP-IsSxp6MeiImuCGff0BNVQeUrCJU-1oCyCr4WR2WhH_MXxQ3Pcy2kAw9RIkIt0L2n4eUXaWDl1T-jSIQpK7PjRN3Us3sIBzOItRTX8xjsCuwXrvyPBEl9pEHQJ84nOhc3AqBINaN33dQBRCxtUa6JjViYOMBIxIp8lDYVph_NAOHyVkvtkf84H3JoonqQLdqVKWhl1QHZ-QzFaluKD_FGJxqMw
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4ddb147981a655b321c1de9863af76210aa9c220061500ce7fe5b4d9c9e5c76
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
250
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:36 GMT
expires
Mon, 05 Sep 2022 17:53:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 2F18 		85 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_dg6QpSii7-jfifgKgLkmbdXWUDe4zyFqjMAymqR9BqatX_QZSS28hZ-rNfwaZd8Hl9MQGABpe5J7Yq6pwCJbTz3VA&cry=1&dbm_d=AKAmf-DcIx4bkfzdKSr7aIrMYT7AGV_imqms6VnYI94BKMti__nk0eQUGxCQ7kv1iqRAz5Irpi11bCmVSgQiEo1FYCY5DHGafnJ8QzOWNZVWlWeuHq11Ki-Akwn-PQgt97vYJawIp8f1WEPYFoElpHEc8_4P4XekKp-eEPaGWRmeFxf29hG1PGcVwysjUs3tMS7kG4UahwTgPCBFMTA9InI4UJvd34YOCxZb4masUyv59osub63OiGu4IMuakxs9qIPR_7TKg1bT7pm2cn88lS86fQukjO62Eds1Gai2vglTKEwXF6-hIy7UCfRh7jGyUX8Qdf5nKcamsjZ0MVeSCQnS7shn92-D7ug_-sIJcCm5zTW92pYxEIDb_N0dD6BN0BGVAipzsgFR0knmf79iCQa90GhrF_lbqHtFeBghGGGOoENcK3hgXD2Cnlj6KgjJ5DjXM-3Py-9o_BJOA2YoASPKipXJRLbgK77M3jxYV66qEN-MzBI8k45liMWXftZAzeDn53Ukx1DaZaDeTVQgq10Duuyu_mdTjrl6N4gEM2yNjv9ki5S0i5UqQJvA01IMWIFfNrW3jqAYXgptiHMJ9p0kcxGxrPIczm_30Sp22N3zO7ypQYwaRLE7HFsvH956RqF_ZvFg17ggEBlBTMrTlDfEi0bDdBW89fNSwdEMEKvn7debeXfCZAeMk6qBjd0Ah4d3UdnIseurUm9O4KRhlIYMvjKkfCpufG45f7BexqxboS5xFRZNhf5fEQOJWV3dqrsKEBtA2cW6AzP5a0rPkN7lD_mqS8DKzDKJ0xcf7xXG4euvzLMybUIxgiyyojN0nOp9LBKYyJVdLpIdsQ_7sLBFFQQCuqMt6HuCZfF6UMhzNoGaMTSmnX0YwXSnbqXybUUznxexFqTlTrRIn_zWw7S-tZiPZI5TJ9V0tx6_lTK9BtMHSeN2B_8F5wv_629kBj29FADXZYjgU7NkWmILiK9XFRKIQoIkJPEWnv1bNzXOSw9HlHo3xIMmo5jqRQEFrrCFChBVC5Mxa0ugmJebH-eV4DyBW86IUX9gfPABDoN25-jun86-PWGHp2FwHHA99OO7UxGFZYDzbmCwZJHDbRtjREX6NlSce_OdNNkib5wEcTM0ScU_B7F9VGJk5icqgbRZF2KrkQfC6TMHsgEz0P4yWkLTsNTMEiEJvR7h8Rar8I9lsx16wsBa_RIRFXaIhoIVb6KARuIgtSBpx-JPVGGgbWoJiLfzekCDUYjzRWbS_UgjWgh_lTWKud9QRSCCkWZN-8j8b8GB6xKmWXPpDBftM9Z0W0NopyQJZNqwcJ58Chx9F35J6MhgtmiZMQMypS6SCYYMhpJdV_RE2jA0ugOjQM3JmsIY-UfG-BBupgzqSiaG-gWm-twOkIJ4uBrpgMhlIXcecOLVpmqTk2BSLuoLEk-N_DCfN5sVhoW0pB6byY2dEoUANtD3cEBU-BJVJKVzVY_ArKZHNQExUv4nDDfYQLMYNYOBysVh7pam_gJnikSf034aA_j5y9H96TrJFnKtxkfe-lt_XfDNlVDGnNP0ynKfZiAZFeWiQO45CKnIcvNZt-Enq5IOBF--j6otomnn7vUoj7HUuZSghHIf9pmZP3Xo0wfStxSfAwzpBYJf4v1t2Rkikkknq7WQvrA3chci1hKSOfQTD7XF_oRoYL0cqotqa-1fqEy04CXCShRR8uXOXZvnoP11_DXaW-I4stS5qOLxyTb1s2gSEWV8MBbfAafdIvARj9j7j_nN_wDjOYpX9bwoaa7j0q7dWfywjhLuln5Al27R4YDYaZYaGbaI1aEWeVvtXfXeCERVYUh_KcKbjdY-H-ell1DnQYsoFrr7deWhcpFgcGFzhS8E8mRsvvgsMmpjtlbQzyIh9KrA_673YRGJpyrn6gLyWgAQ_fx9GSYP9Qpw4ubXb5I9HtUcXblCVRvVmjmw8amPL4CiCw2OQ4FcqTzy2VxFdj5bmgxpYR58M1ZuZ7AjJ7Cd64rpQ1ADf-6QD6fbF_Amwg38UJsHWOazIGCLLCha2NTDlMG7ItIA5581REXqnOWijHM1P7s-ZE7rDuFgiKOL57vQH4RKnLi1x0j_pWY9wxB1CCUd4zgOjpZTx_Z45RTqU8F2-g3mrnyMgqMltRfyoizUMQjCQ_2TP0ujAAzF-uYpHIVanL07odp5PyVTy0uF5Z_d0HqNhZf4uiWAOKgD-beDdUgTNg_u0lvDVZMFTu2a6dTFn_QjaTTPD-RHiGXA0Rw5iJBHDYtiMo1_XCMTCNCgkT8xnBsEURrRRRoqyS04SDt-V_ngxQQCArln7-AUflWTW9r0MfGgsLcuQa6NN-1kbWxL9ba0yfbnajeoJ6iEk0K_9IdupjcqN91josHg81afY34HEVgxuOeLwRRfsQ4O-XOoEHWtw2AIwqHQ-olPJCEiVpTF7VS8J-6l1h6E4Ft7PpCvY2PBZPIvQytQInAmXOOBPqV_wCdC3q2ot3NWyAvTHdpB8ZpXkx793RopHdil7DFzmvZz4JD6JsCNROLd1UAlLbUJ7nvN6fbe5A02DeF8cecB5Nu9SX4ElPxe294q8y4tYtRczo335xGi_ad_6YLgRJis4DXfFIu6SQqwwuRouoHfK_QIrgiHxzeq_zKDPVkAc-X7p5i2Xai312m8sMzv4Dx68wuxKAhNHMYcfHsP4-QhVShfQjDEYS2ssVXIpXsTXBUsE0o8eTE8gb-L7L6MDhdnb4Yw59SbTCiR_B49A7hAqFYjvP0qwmYdtySSydPJROEoC1J0dhpuySIULFNrB4GqcL9obBzKXoSJEhOgF8Xslq76HRj2ZcG8VE1DOaSAO17Ssr7Nyw8JsjCgiSsZND6hCz1SP7UFbQiKrr58vJlA4NoBkQ_1zn0KbQGa3bLz9u3V-qgd-9W0Ttf8OpF_sLBUtBACRGq1PCAKpEkaIvlOPSc2gkou0j2wI_Ije5OvwMtfFOvdELvplVPSFIjlMsSOH-zCT8XvKeTHnWbDv7qIS9aEZ7QucAW_oB766qnhbDHaQm1i2A5DBs5b4zLYTn06Y3TNP7bduxU-J9VfjmrHS1zdDO298fxVBbvwY4CDlDNR-s6cL5zvg8pCIVZ_uYjZGnFzUw73VU8lWjG7nvpENgGVb6qTAOHswsIFV6WqtUFbTYbluh_TDyDsdJZ8WjKo4C9eHWjAXyrQV6nbNl_lU96E3DnxAMseIrc7ppFiOYkdBeTbIsSgTtWF0NztMJFN2fE8NUk2DMkXEyNxxriVHP_ZXpk5WlRdHNdN2Ij6VSfSNdg2QclShsRFRQ1NB_ZHJm1ePZbIQ67GM6HorV9Ow4Erzmf68kHUb-wSdtDsldjgFuqkpI1ruObW8-AO2qkR4ADBlrEZlbOFowIHqfr2phfz7mN9V_Ple1redkG6AjI3VVu8vLm_jADJJfL6UyzNIqgZUP_GwN5aimh3Jj1jtXsCrg4Ts2O4eUjtPpjSXqcNxql_e4beKZl3noEVGTrFw1E&cid=CAASJ-RoxOBMqlCy_GP8qJJK3szF92RAOufYOzU1cJgsfUMvQ1Q4JyRDwSAN&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6d480bb437581e75f6fbfccb6105cddf931ebf0268d26c15cc3ae355a7b97ceb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36847
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F18 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ApbVj_oKN0MLA8-m04vgSbmHE7HProVIQPUf4A3hI86QChC3lVwfiAFHv3OoeLBbZQ94YU2QMhdV_1WSSY1QCiSO7Xjc13luXZ5qSx95Q4SxNRE9w
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame 2F18 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/window_focus_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:53:14 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 2F18 		142 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44792
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1661945761880069"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 05 Sep 2022 17:53:36 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame 2F18 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:52:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
63
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:52:33 GMT
l
www.google.com/ads/measurement/ Frame 2F18 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaT1JcSo6lhVVbMvP1EDUPZyQIrpLIVvpuJ6i5YO5K0PFt8JjnIZgnFKqSCrRWtWMk1zY4xwkJDg1Z_4xLSJe0x2QiP-cw
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
d9c3feb5dbeb38b81847ec1386e6162f.js
www.gstatic.com/mysidia/ Frame E29C 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/d9c3feb5dbeb38b81847ec1386e6162f.js?tag=client_fast_engine_2019
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c5cd3351a343011cbc0046d12c2b8bc8d7a968a09009ddb117fb1dc49fd1333
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Thu, 01 Sep 2022 01:24:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
404950
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4500
x-xss-protection
0
last-modified
Thu, 01 Sep 2022 00:50:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 30 Nov 2022 01:24:26 GMT
26f56bcbde8737fd8460d1ebee7fee83.js
www.gstatic.com/mysidia/ Frame E29C 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/26f56bcbde8737fd8460d1ebee7fee83.js?tag=core/multiplex_design_v1
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa2e64c0d37b249f65a0f2745cdbc17b6a6f7b9e96164acacdf9db1df4c6fc00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Thu, 01 Sep 2022 02:23:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
401381
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4881
x-xss-protection
0
last-modified
Thu, 01 Sep 2022 00:50:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 30 Nov 2022 02:23:55 GMT
css
fonts.googleapis.com/ Frame E29C 		4 KB
621 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 17:47:30 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 05 Sep 2022 17:53:36 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 05 Sep 2022 17:53:36 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame E29C 		2 KB
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:45:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
496
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
875
x-xss-protection
0
server
cafe
etag
16974406330603315520
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:45:20 GMT
66b3f07c310595f56497536fcb7f1f87.js
www.gstatic.com/mysidia/ Frame E29C 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/66b3f07c310595f56497536fcb7f1f87.js?tag=exit_2019
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
507aa227b15ecd81b5d9637bd621ee8f52af16b6d4137f1343221f76a3ebe520
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Thu, 01 Sep 2022 02:22:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
401441
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9309
x-xss-protection
0
last-modified
Thu, 01 Sep 2022 00:50:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 30 Nov 2022 02:22:55 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/ Frame E29C 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/abg_lite_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0e39772fd4ab2ea007f5b93277960107e5a96696c53eef90c6e694e556ff5c26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:51:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
146
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9632
x-xss-protection
0
server
cafe
etag
2755732409155645664
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:51:10 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame E29C 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/window_focus_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:53:14 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame E29C 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:52:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
63
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:52:33 GMT
l
www.google.com/ads/measurement/ Frame E29C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaS8M5YQV6-8czW8XP_ZZI9qnFj_S_Z4vc5oi6NhGrIYt0oV7jhJzFE9ls4-Ky20GnN77JlkasDYAVx8j1pxxZk4K3G4NA
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
exitapi-impl.js
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 4E62 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 04:52:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46873
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3271
x-xss-protection
0
server
cafe
etag
7483759447172721109
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Tue, 06 Sep 2022 04:52:23 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 4E62 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 04:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46872
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Tue, 06 Sep 2022 04:52:24 GMT
css
fonts.googleapis.com/ Frame 4E62 		9 KB
650 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Oswald:200,300,regular,500,600,700&cb=1660221761
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0f4aee2bdd54dc46a82aa73080798e95046fed54a96702322504c95deabb000b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 17:21:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 05 Sep 2022 17:53:36 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 05 Sep 2022 17:53:36 GMT
gsap_3.2.4_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 4E62 		57 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23276
x-xss-protection
0
last-modified
Thu, 05 Mar 2020 03:53:22 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Sep 2022 17:53:37 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 64E8 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2530
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Mon, 05 Sep 2022 17:11:26 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame 3468 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/window_focus_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:53:14 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame 3468 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:52:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
63
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:52:33 GMT
rum
dsum-sec.casalemedia.com/ Frame 0F12
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
43 B
429 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhj-9fnQATAB&v=APEucNWhCaOPEY0QwZT591KNaBUdGb3lcFaFlpxHoYHFkGz8xrhbTcP0Q7qzCfA4BFbLvFaxcKKtPzUCmaCzQTqt7WPQMYMt4moqMQ8vxhkzYw4X_tk0UYy7eeHaK7qMaPvZkpoF3hLnFe7GNrwrT-25KhkmgotLSl-QCHspTkobJsQJWfXZToBlRtA8iXijz35LwYf0RMq8l0_zFNCHYQunnndHlrcHvg
Protocol
H2
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
7460d34b5afd90dc-FRA
pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONzwiULZQAl9bcgPryN6t6c6RdQ%2FNsNc5jfhNwknlGAWQOgEG5mHI0BnXccOeTSZZxbB2IdLboJ5tHvDfE%2F453vlHi1Qi20pHQrGgbvF26V9U63yDcnkoIXCU0%2Fru8lbyDb2z6PFI%2BPMkw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 0F12
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxY3oOwda2xciwnHsx5sKwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
43 B
843 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhj-9fnQATAB&v=APEucNWhCaOPEY0QwZT591KNaBUdGb3lcFaFlpxHoYHFkGz8xrhbTcP0Q7qzCfA4BFbLvFaxcKKtPzUCmaCzQTqt7WPQMYMt4moqMQ8vxhkzYw4X_tk0UYy7eeHaK7qMaPvZkpoF3hLnFe7GNrwrT-25KhkmgotLSl-QCHspTkobJsQJWfXZToBlRtA8iXijz35LwYf0RMq8l0_zFNCHYQunnndHlrcHvg
Protocol
H3
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
7460d34c99fb8ffa-FRA
pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xcNWNb5QsxFomdupuDviiOcUBP3%2FI4wGT7JKLDUS310W%2BFPAeTZzXcu0Bx2xbqKOILj7s%2FC5xgUace7ztJ%2BKd12GatNTj94n04P4u0xxuhEldbCvRiLYDvhoL6sobIu0ZgyB3qYlwytuhA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 0F12
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEM4OlECGQ-JDRPVWbAkksBw&google_cver=1
43 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEM4OlECGQ-JDRPVWbAkksBw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhj-9fnQATAB&v=APEucNWhCaOPEY0QwZT591KNaBUdGb3lcFaFlpxHoYHFkGz8xrhbTcP0Q7qzCfA4BFbLvFaxcKKtPzUCmaCzQTqt7WPQMYMt4moqMQ8vxhkzYw4X_tk0UYy7eeHaK7qMaPvZkpoF3hLnFe7GNrwrT-25KhkmgotLSl-QCHspTkobJsQJWfXZToBlRtA8iXijz35LwYf0RMq8l0_zFNCHYQunnndHlrcHvg
Protocol
HTTP/1.1
Server
37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 17:53:36 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b97d5def-d90c-42e8-a75f-8770d8f8e7f2
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEM4OlECGQ-JDRPVWbAkksBw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 0F12
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTAwNzkwNDcyNjQ2NDI0NTM0MA%3D%3D
170 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTAwNzkwNDcyNjQ2NDI0NTM0MA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhj-9fnQATAB&v=APEucNWhCaOPEY0QwZT591KNaBUdGb3lcFaFlpxHoYHFkGz8xrhbTcP0Q7qzCfA4BFbLvFaxcKKtPzUCmaCzQTqt7WPQMYMt4moqMQ8vxhkzYw4X_tk0UYy7eeHaK7qMaPvZkpoF3hLnFe7GNrwrT-25KhkmgotLSl-QCHspTkobJsQJWfXZToBlRtA8iXijz35LwYf0RMq8l0_zFNCHYQunnndHlrcHvg
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 17:53:36 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
a4eff0ff-8993-4bed-b499-80b60393526a
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTAwNzkwNDcyNjQ2NDI0NTM0MA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
express_html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 12D8 		106 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Origin
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:50:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
36160
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 06 Sep 2022 07:50:56 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/elements/html/ Frame 12D8 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AcLxBzxt5aqOvr1lP2tz5g1iPaeR0VQUh2xQUo4FzKvJ7SWFiI_DRa2RbQ6aqPjUqLVq5nzVHRpYV_GeSVNCv4BDaj4g&cry=1&dbm_d=AKAmf-AW6VRoRkjtP6oHxaEOaqkTfV3TAv81vMLTqUhR4uCaq1UrytYxa-9QtEemRJCDA6fWY2JlOXSWGeyXWeKE4L1mUBcRQj77GnLTxEp3nekc2Z1f8gToGFRHYYO20cYGyRhSZX8fO40X5E7O_fT8OCxyH6oMSe5otvsKcS6q8fML6qRgLCB7XlLkUeZ3OzmCYjzjqGRX9IL3q9BlwBbmj8m2Jja-Pxma0lJKMc44rLPIlo3MEnLzo9ldYIbxwCtjCixVkgZIuQM44fFpPZIGfvExLUZ32BF0cK0Ty_-SCs6TdTA5vZMJ-oJL-ubTgX4mKbWevU-k_LKnefWVv6vvke3xp8_Ssp8zwTX6pkEIvmZZqANjLuaMGqGgpm6u1LNTPMGVQrOGuMqo5Kd4VkInB_DHYgLulzjVFiOYbyfbwn1Fz-pwWYNILFLTkD-JM2eVJw62IYQVa2i-VHWhHFtYDuuqAWgX4GKzAePl2ELi6a_Ejfpjgg9H_07YNQKaoHHAJkSN30rabxtnucK4z6cbZT_2Q_YVFtb_A15dISOFbSAqsjglQhGAa6Jrect7ATdkOMJ78xtMWe0neS6_dFQ8i4BNa97Ipx6VRsVlWx6oLaPwVbc9LebiWilIRd2rRfs9ZRJzq7vJt2V8mW8w7VVeJNt7e9kxArrJvLIHgY262-BSrEvGPNjGJs6X5KCm0uUgLV5rrVym0N6GzUmEjI_xGFI4nR7YtLASUaFocKX2LsAfWuqpUPmL9KRlT1lHCXfwxNCJG-VK30ewObqgpZJulTfrGL6nmwXzuRKznXefyptLw5mhot8dSxq01J8JRzGKeVbD7guPv7t1Kx9XT59-p9ETdSrnCzkIOWGwmVvqmOBtonmnDDt5xWcA8-1HuKjuQoxR_5LB7T_Zv83t51QR3k4634mlbT-bgjZQTWHSVZTSsntvHEk-y9Mec3CMRnh_C5VdSpkAStzaJ4waxqXhPbxzWC7Zi8WOSoL127ph-X2wuvL4XxQjeCMQp5ysl44bnzYZrVOuophjLZyr1CwPYbzn9hrzV51468WBOgaiVI9QNHD8XaDas8CZB95YUCddhGuqg1pVEfTrGFElrDRQ4IL8fQPSP4jLMwh1ltq9X9daVweSvn3aOnI8wKIKSovkeavDi3T9NrvCgm45djDUPk-Eog00fG8tPVuI7UmXMZg1mXxrtBI7l0vSRPBK7F8y8CSixuzerydagnv3nhhWF85gmUTZhUAP69BhNmYdYYIE99XMkT5ajukecu3oc7u6-3ozRFDqaXUs4w4f11H0mAKCiZkLQquFAQi5R6VRx0sD2mF9iRwwUUDUUCJWuBTLdruF75RlcMpsspzQKcqeIsdPXtFGN7F2hlJtEyZKH92NGSFcsDw4clNae3cQ4ylXUarr6evw6SseK4e_dOfUHZeKOFa4L22FZSr1RaRxGaDxbWRkbnhQywarTmHjmESGP5VQsZODDIZc3G5vQkwkjvKo94LQZOlLq7PqEKKaulS33OaPDvrp3m5iPA72smuXoOL8yPauy6Djs51UBPuWoS9YJGMwPBXWNIlc1mnBpBtHbdoFoV8Qb9nDxQShWfXwEOdoMs24f7ZyqM3i89luJytUc9hh9SYokG4F2RvWNf7HNVyr4KJh5kOS-4uReaWOIhMLn81-win4HF1iEERzng43S2LFFJjQ9TgA24ZkuUu_GSY_uIUrz9KK05pakJzsrOlq_uvtAP1cEkhC-tGWeV2tAadDnshNkhqPB6wg3jnxbC1pCLQzWwuUw9gwGFHj22T9mIdzZPiC1lTp5aEUFz1wGY-xiS47jVILTDAFuQJYUP2uonbuM4ftWIWVNmxJ91tKTb20yNu9Mja7i5QgxZa5-rQPVa92SHVNUZ04YPVpUNnzOBq3jdXRz0kNFNswT-kaTiICM8R2PHkSZblSs3s7oRVH5wbYcenweboeRWwQLYjPhFCXZ83V81uHkscf6HpK4P4cxJQAsAuy-MNyBA3MzdkLuST01nphuzfG124LjydzagZvBQ-D1AqF6RhzFTzDuSHNh8tl_Mya4f-y3h2Kt4wXTtt_VOvevk_M-0e-8qHDmEfaNur_62cOQyZT3WzoADHu2awA0XqCeomVnPFmFzuyEs1PNiE5d7_k-1t59xzxvoQ4RBdRpjZjFCtH6suSqg9FPpFGvo4D65P1qiXBmOTqWbJmmx9jaJYn0rDmWJ_QNgpaRscdSUqXBtLfLMu5oNSWs0MwwrFbfGtTWohR5tQX57JCR4TV3z1XQgaQVXVxgGh1Xx9yEWwhx3NtE62RFGkgMGQPEAmpsO6YB6mLEcdfvrmig6IYYV4J69b3UlIdXUeT6AxIDd2u_czaMJeBguJNQtX78GfAAO_wX7n97tJuWFy1lwzE3wzKmV0w8sHmbZUS03yf_w_iDOjGTS4ZgGmCZRkiOdrgMQY_j-o-zbKwoIbTfl1T0pQ9HZucK4sxr2g0shEDdeb8ZPrQ7voyCmDDZY7XZXd4FgeFYv7EZXv6W2xIzo7ExXvJTUXqkdtyVGskXnnW8rQzokeh0hPqCgV_Wv-JfZoaLCkUS9fxxNG_XpcUD9YIAgKzZ96GWpZfiS6ZCfq7zvZCsJ5Rct4X97RzGpDerTEhHys9-z9RppxbjOVEAW0nKbdiPkYtQSKudgDiZZs0ZZigt9NeBgqn0OPM1EG4phJ4hiN4eS3hoTVTPPG0gjABA7c5oYoNzzKXFTNHkNfvwh_jFd451kHUkAvYtL1XxRCbknEDjCKJrJ5cJJoCkaaiDxXQBwXs-hODdMMB7P5lEYb5qWNPWB8xXGmspWNYVZuSINRrEVNF30B-_HCXjc25A_3z-DdJFsguhBGsWC_Jv_gUedWo4ANc0yjjr4avd4lvK_8LCYGRQ3aAcYktwDR4JWFHnMUPrRkFc1JiGI_r-Y2YB70qfIbP5GygQKBcR_DsgDFEZ76GRQwTopOseI4mfCzYGybSfxbFYAKc_aQYgmcUEb0QUmH3sr5X7UKaDCJG3qplI1XMbmkwu2n9LZeYpr36mRlcvFqLS7susTgK4Pbw05bn8W7mbv3nIs8GCO8QlZH6M4bKWl7d0kkvLjPnMk_z_t52_qu21zd2iD2EGFhlCSHNt6f6OMIIR_zxy2TQ02bvEEUyYjSsf2x39txGu-ylVo47MZ0y8a33IU3Jez4OAW7qB7Bzd7Rax4Ik9PjOvfNf14M4HTVmUdFxWKWYFInqRHXlLCCYqbyAESic99yC6VQYpA9F-34hpY6n0ReBU8NFr_hTrGxl-8sIIGXGo-lFe7Ru9qUV9uHCjDzs108OYFP9x_SYHYNZAeIpH4-yxm5kE2LTYuCOkontSdZYe1UujpXkDefeOWz5nVEzdsyNYHRQVjMndhexLFYecT1_cgjCjwNH81Wm1n2lg3_cL2GBOI2Uy3NFTmpMjbwE35Sdd9cO6r1d_anXks5SL1XDmrGIVGkSUY_Ouw&cid=CAASJ-RoZvhQxpian2Jp3-jrJ6DrLe_V6YtINQemI5aFIL6Kai9JExuH4w&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:48:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
333
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:48:03 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/ Frame 12D8 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AcLxBzxt5aqOvr1lP2tz5g1iPaeR0VQUh2xQUo4FzKvJ7SWFiI_DRa2RbQ6aqPjUqLVq5nzVHRpYV_GeSVNCv4BDaj4g&cry=1&dbm_d=AKAmf-AW6VRoRkjtP6oHxaEOaqkTfV3TAv81vMLTqUhR4uCaq1UrytYxa-9QtEemRJCDA6fWY2JlOXSWGeyXWeKE4L1mUBcRQj77GnLTxEp3nekc2Z1f8gToGFRHYYO20cYGyRhSZX8fO40X5E7O_fT8OCxyH6oMSe5otvsKcS6q8fML6qRgLCB7XlLkUeZ3OzmCYjzjqGRX9IL3q9BlwBbmj8m2Jja-Pxma0lJKMc44rLPIlo3MEnLzo9ldYIbxwCtjCixVkgZIuQM44fFpPZIGfvExLUZ32BF0cK0Ty_-SCs6TdTA5vZMJ-oJL-ubTgX4mKbWevU-k_LKnefWVv6vvke3xp8_Ssp8zwTX6pkEIvmZZqANjLuaMGqGgpm6u1LNTPMGVQrOGuMqo5Kd4VkInB_DHYgLulzjVFiOYbyfbwn1Fz-pwWYNILFLTkD-JM2eVJw62IYQVa2i-VHWhHFtYDuuqAWgX4GKzAePl2ELi6a_Ejfpjgg9H_07YNQKaoHHAJkSN30rabxtnucK4z6cbZT_2Q_YVFtb_A15dISOFbSAqsjglQhGAa6Jrect7ATdkOMJ78xtMWe0neS6_dFQ8i4BNa97Ipx6VRsVlWx6oLaPwVbc9LebiWilIRd2rRfs9ZRJzq7vJt2V8mW8w7VVeJNt7e9kxArrJvLIHgY262-BSrEvGPNjGJs6X5KCm0uUgLV5rrVym0N6GzUmEjI_xGFI4nR7YtLASUaFocKX2LsAfWuqpUPmL9KRlT1lHCXfwxNCJG-VK30ewObqgpZJulTfrGL6nmwXzuRKznXefyptLw5mhot8dSxq01J8JRzGKeVbD7guPv7t1Kx9XT59-p9ETdSrnCzkIOWGwmVvqmOBtonmnDDt5xWcA8-1HuKjuQoxR_5LB7T_Zv83t51QR3k4634mlbT-bgjZQTWHSVZTSsntvHEk-y9Mec3CMRnh_C5VdSpkAStzaJ4waxqXhPbxzWC7Zi8WOSoL127ph-X2wuvL4XxQjeCMQp5ysl44bnzYZrVOuophjLZyr1CwPYbzn9hrzV51468WBOgaiVI9QNHD8XaDas8CZB95YUCddhGuqg1pVEfTrGFElrDRQ4IL8fQPSP4jLMwh1ltq9X9daVweSvn3aOnI8wKIKSovkeavDi3T9NrvCgm45djDUPk-Eog00fG8tPVuI7UmXMZg1mXxrtBI7l0vSRPBK7F8y8CSixuzerydagnv3nhhWF85gmUTZhUAP69BhNmYdYYIE99XMkT5ajukecu3oc7u6-3ozRFDqaXUs4w4f11H0mAKCiZkLQquFAQi5R6VRx0sD2mF9iRwwUUDUUCJWuBTLdruF75RlcMpsspzQKcqeIsdPXtFGN7F2hlJtEyZKH92NGSFcsDw4clNae3cQ4ylXUarr6evw6SseK4e_dOfUHZeKOFa4L22FZSr1RaRxGaDxbWRkbnhQywarTmHjmESGP5VQsZODDIZc3G5vQkwkjvKo94LQZOlLq7PqEKKaulS33OaPDvrp3m5iPA72smuXoOL8yPauy6Djs51UBPuWoS9YJGMwPBXWNIlc1mnBpBtHbdoFoV8Qb9nDxQShWfXwEOdoMs24f7ZyqM3i89luJytUc9hh9SYokG4F2RvWNf7HNVyr4KJh5kOS-4uReaWOIhMLn81-win4HF1iEERzng43S2LFFJjQ9TgA24ZkuUu_GSY_uIUrz9KK05pakJzsrOlq_uvtAP1cEkhC-tGWeV2tAadDnshNkhqPB6wg3jnxbC1pCLQzWwuUw9gwGFHj22T9mIdzZPiC1lTp5aEUFz1wGY-xiS47jVILTDAFuQJYUP2uonbuM4ftWIWVNmxJ91tKTb20yNu9Mja7i5QgxZa5-rQPVa92SHVNUZ04YPVpUNnzOBq3jdXRz0kNFNswT-kaTiICM8R2PHkSZblSs3s7oRVH5wbYcenweboeRWwQLYjPhFCXZ83V81uHkscf6HpK4P4cxJQAsAuy-MNyBA3MzdkLuST01nphuzfG124LjydzagZvBQ-D1AqF6RhzFTzDuSHNh8tl_Mya4f-y3h2Kt4wXTtt_VOvevk_M-0e-8qHDmEfaNur_62cOQyZT3WzoADHu2awA0XqCeomVnPFmFzuyEs1PNiE5d7_k-1t59xzxvoQ4RBdRpjZjFCtH6suSqg9FPpFGvo4D65P1qiXBmOTqWbJmmx9jaJYn0rDmWJ_QNgpaRscdSUqXBtLfLMu5oNSWs0MwwrFbfGtTWohR5tQX57JCR4TV3z1XQgaQVXVxgGh1Xx9yEWwhx3NtE62RFGkgMGQPEAmpsO6YB6mLEcdfvrmig6IYYV4J69b3UlIdXUeT6AxIDd2u_czaMJeBguJNQtX78GfAAO_wX7n97tJuWFy1lwzE3wzKmV0w8sHmbZUS03yf_w_iDOjGTS4ZgGmCZRkiOdrgMQY_j-o-zbKwoIbTfl1T0pQ9HZucK4sxr2g0shEDdeb8ZPrQ7voyCmDDZY7XZXd4FgeFYv7EZXv6W2xIzo7ExXvJTUXqkdtyVGskXnnW8rQzokeh0hPqCgV_Wv-JfZoaLCkUS9fxxNG_XpcUD9YIAgKzZ96GWpZfiS6ZCfq7zvZCsJ5Rct4X97RzGpDerTEhHys9-z9RppxbjOVEAW0nKbdiPkYtQSKudgDiZZs0ZZigt9NeBgqn0OPM1EG4phJ4hiN4eS3hoTVTPPG0gjABA7c5oYoNzzKXFTNHkNfvwh_jFd451kHUkAvYtL1XxRCbknEDjCKJrJ5cJJoCkaaiDxXQBwXs-hODdMMB7P5lEYb5qWNPWB8xXGmspWNYVZuSINRrEVNF30B-_HCXjc25A_3z-DdJFsguhBGsWC_Jv_gUedWo4ANc0yjjr4avd4lvK_8LCYGRQ3aAcYktwDR4JWFHnMUPrRkFc1JiGI_r-Y2YB70qfIbP5GygQKBcR_DsgDFEZ76GRQwTopOseI4mfCzYGybSfxbFYAKc_aQYgmcUEb0QUmH3sr5X7UKaDCJG3qplI1XMbmkwu2n9LZeYpr36mRlcvFqLS7susTgK4Pbw05bn8W7mbv3nIs8GCO8QlZH6M4bKWl7d0kkvLjPnMk_z_t52_qu21zd2iD2EGFhlCSHNt6f6OMIIR_zxy2TQ02bvEEUyYjSsf2x39txGu-ylVo47MZ0y8a33IU3Jez4OAW7qB7Bzd7Rax4Ik9PjOvfNf14M4HTVmUdFxWKWYFInqRHXlLCCYqbyAESic99yC6VQYpA9F-34hpY6n0ReBU8NFr_hTrGxl-8sIIGXGo-lFe7Ru9qUV9uHCjDzs108OYFP9x_SYHYNZAeIpH4-yxm5kE2LTYuCOkontSdZYe1UujpXkDefeOWz5nVEzdsyNYHRQVjMndhexLFYecT1_cgjCjwNH81Wm1n2lg3_cL2GBOI2Uy3NFTmpMjbwE35Sdd9cO6r1d_anXks5SL1XDmrGIVGkSUY_Ouw&cid=CAASJ-RoZvhQxpian2Jp3-jrJ6DrLe_V6YtINQemI5aFIL6Kai9JExuH4w&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
35700fd4dc1a4008ab66bc0e57c19689f6daca9368bfd2a6beea1b86dc0159d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:51:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
122
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11778
x-xss-protection
0
server
cafe
etag
15541287485089275602
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:51:34 GMT
rum
dsum-sec.casalemedia.com/ Frame 8B84
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
43 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYuKK9lQEwAQ&v=APEucNUkGFums6LWP53OQvnWPQj1bWuf4_rl-lAoLQP3iKrx36FAzMAt9kEzrFWGSoMqmkSuKTSo8ddN0AlJ6DvpU5rwPQRQs9iGXqWqL9TddYp_gJNEljTq7ZxgXbEMc1gL9yjnw4tyQa1k_AJoBTLxdA4LWmuVeNnu-bASmVPXwkT9RyVKtvWcYxs_ZhbN7Q7OAPrxfV80gqZ7nYR0u3d35fPB7nZe0w
Protocol
H2
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
7460d34b7b2390dc-FRA
pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNy%2BhvyxyizAFa3FmYT6HMtdstIXPW2NZWANzbjutVPqf5UBVE%2BE7ojl0cOwItannIHzcp3AuwVZYCnHcXmemIVd6lqfIQQfJnxqQg9859NJxaUqRtgqRN%2BHdjGpWZvqvam0%2FGolaMDJfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 8B84
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxY3oOwda2xciwnHsx5sKwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
43 B
883 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYuKK9lQEwAQ&v=APEucNUkGFums6LWP53OQvnWPQj1bWuf4_rl-lAoLQP3iKrx36FAzMAt9kEzrFWGSoMqmkSuKTSo8ddN0AlJ6DvpU5rwPQRQs9iGXqWqL9TddYp_gJNEljTq7ZxgXbEMc1gL9yjnw4tyQa1k_AJoBTLxdA4LWmuVeNnu-bASmVPXwkT9RyVKtvWcYxs_ZhbN7Q7OAPrxfV80gqZ7nYR0u3d35fPB7nZe0w
Protocol
H3
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
7460d34c99fe8ffa-FRA
pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bWYIR883XOK%2F%2FMnQOydaireiWqpOewLgzFrGW6IOOgmC%2BBp5e4ZKLOsMV%2FQIZkm1FRHxTYXxywGbqQ0HZxgKXdk5fVVuw4aPe7A6SrQhFUHdZZB01YIhzm8mFVe%2Fxdil2zDALauGjL68qg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE3t1z0ZAqSfy-MAnvT6ghg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 8B84
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEM4OlECGQ-JDRPVWbAkksBw&google_cver=1
43 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEM4OlECGQ-JDRPVWbAkksBw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYuKK9lQEwAQ&v=APEucNUkGFums6LWP53OQvnWPQj1bWuf4_rl-lAoLQP3iKrx36FAzMAt9kEzrFWGSoMqmkSuKTSo8ddN0AlJ6DvpU5rwPQRQs9iGXqWqL9TddYp_gJNEljTq7ZxgXbEMc1gL9yjnw4tyQa1k_AJoBTLxdA4LWmuVeNnu-bASmVPXwkT9RyVKtvWcYxs_ZhbN7Q7OAPrxfV80gqZ7nYR0u3d35fPB7nZe0w
Protocol
HTTP/1.1
Server
37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 17:53:36 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
fffa4d5e-0413-4ad1-8657-7802b95aede7
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEM4OlECGQ-JDRPVWbAkksBw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 8B84
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTAwNzkwNDcyNjQ2NDI0NTM0MA%3D%3D
170 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTAwNzkwNDcyNjQ2NDI0NTM0MA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYuKK9lQEwAQ&v=APEucNUkGFums6LWP53OQvnWPQj1bWuf4_rl-lAoLQP3iKrx36FAzMAt9kEzrFWGSoMqmkSuKTSo8ddN0AlJ6DvpU5rwPQRQs9iGXqWqL9TddYp_gJNEljTq7ZxgXbEMc1gL9yjnw4tyQa1k_AJoBTLxdA4LWmuVeNnu-bASmVPXwkT9RyVKtvWcYxs_ZhbN7Q7OAPrxfV80gqZ7nYR0u3d35fPB7nZe0w
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 17:53:36 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
6e41c819-a627-43cb-b6a9-db21ffffbda0
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTAwNzkwNDcyNjQ2NDI0NTM0MA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
l
www.google.com/ads/measurement/ Frame 3468 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaT_ph0xJlVL76HqncZGEJUUcJtcUnj4hFe0sbJMzJVBSINDJhQBrT9O7hRtfC5c_qpeazo0msUddp5xe7tGY2GiAWH8WQ
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 3468 		142 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44792
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1661945761880069"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 05 Sep 2022 17:53:36 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/ Frame A677 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B7PgFIPFgw9W4O_JcoPlfiJf-lX0yZUwe2Avqdc92QVbUl3sSwk9GC6KDS_STmTybl9Ts5U8SZkpei6gYfieZ5YPIMzaY9Nafk9frW-ROvnJ_u4iT_TJ8SkqBNXxWqQjWvCpUI74Ofoh29IVB_hjlC6c-9Pw&cry=1&dbm_d=AKAmf-A6q-nzE4uQGRv1wfJzuqV2r7JREABIICedbuVz7RQHX1TJIe7FilPgJcnQ5B3E9zzzEG9mWsiY4_aerGoz0tOxKblF0bczmQH-GtdqHI8mG6hhY2JhbHebr37ekshOClmanGx3mU_bK5ngfnmO-2UvWMU4j4yverlAseedzMHckzIZ8kEvNfN6EcqN3uSwPCSygrstHsraCVz4uuNG6CNjEx2FRS5WAZhdX2quqj681mwCCMmbaakuwWXDS-YIcp1wScN8NtSsGYMbInsd6W-pq9m-HZINksThA8zfezKajvG85i9mNIFzdNmqrx2uiUi5IOgRcelU6mrLzq_AyN0bVC5Ia7fCvgPPfyLT1TgQvXwP4o-cMF4xgqfEOGAX1x53iJx_g3nPfRj702Uj4BLzTcwC3wfAqxEuiqin4iZBe4FNZWFVJCzQsnojDfiFMekZmriqkhvpLW9LH22_YIT1AUY-x0z_QN_53Oe1cOJd1gSXVX-T0rDItg-UzjXhSQkDv_QuTy4nBvO8kHSHpZV-0jnMjyUPgBLX_9YC43eu4aR71YxkRohuLKzWJHyvIwJLZgyo6L-oQsMln3ttKwCzjjBa97qhmKOgrjXPIwjxxhnkZkIdGZVzkIhTm_iZrLrMW0DnuNCQVL465WJ-qbywQ7X7rQacT_1MSLEvVBCWIvdIb9Pe7P2mfPyas3DdchtVWSoYVWI8-TSAVTAOMaFnFTJlCncSvnHZ8vwZQ0kcudJu7iD6Q6HgzlJMItaJ_E_Fi2MlzBLkz36VcTb9psxNm39Iw_oS7NXuvyEDSX-FRYd-cLAIcPqPriLQXVo0KGxiPdRH1n5HCgQ4ta6dTILNZ9Bhddr5UmjunvrlwKi9DcOM3Dn4f_bUOSJ0d_wa8ygZV0JuD-oC7KymVnKXsmXaPOAu7m8QDy7zvEqSI9f045O3arxpyIeVSKSWoBB2McC4D2WQAh0nzBgyRPasdAyfR6rYlkq2ox8HpClOABypJCYIVyuARaU5Bx1w5DdhTugxlbvrgkuO0nV_xDjhvBrFdwUkRQENCY9y_pWhvOudtdGWoGBHCV2DDZ3iIPV59dPedPQgAmwV89VLvMyfTCj1XIsZ6cPlaGbfVbjnpG20RceBViC2h-nbvL2TsBSnm5GqBLLRnMN5n5zvJA3KR-OyjtmQokhCQf5NlWUjFYSOS_6JnwEgX-XFCH8ENCi6yxWSsbKsstlqB3KDA4Q317kgnfnhRLZko5IM0ub8QMbfBzqzjkPeuRUnO37WdJZy0YYAPcz_dBEcWK-RR8g3qGS7g98opTNGxHPmePUouDjXCt40XPB-9L1mjSEfn-0V2SbiAWAWW7xr-l4NpNvTflu3bAN7cPw-andHSXe_kzXarb6cndDA1i_QZe5BZNWOcXCaP9_WZUmScgorxtxfc_0kWFuTSvWDFQ7nKADhAojYT6eMOANfaCobrMz4KFEhuaDWndEIGb-m0vNGsNOJ8GGvXkBWYXrSkNYtzxAh9_RrzhvTano6imLW2j-1I0RFofPkbb84G8EZmB7d_JDzxfDOZNtZ1WQ4UxesJ0A7ls_zg85SRymTnMKFL6v0Fp4AWaheKgTfdK1qXV-JBVbGOANUSjGD3bhNO-5fkcSIF2C96pl3YpIFTiiWj7AyZC_x9bkdF82tz-5VuhjmLRWEzV-EPVvef8B4lxwQU7AyxwFbFx8ts0yoLaF0-Avbo9mcHP43HjpopdUd6zohPN_fp9iPhdS-D2rPB6Ag2AziF4gBZAWFmJr3Xj9hYCEqSzm4JIqWW9fO1BOZcUjeIixfNlW7221aUVKDSdqPqQsJEuuC7vxwoX_KOJjANdddPKagE_7lNNJJWRFcu8TjcAGTdc997G53YCBCIUxhlH0DUCMlhKOBNalXVAbnRSZNoBKwhWaCyQrPSwa10wG4ZcYm5ewnzlqZwveUu-QAzEq7Dp2-DUD33On1bmt6OeERKOS5OpTGucZbOMxU9YU6UF0Ld8Hjl2k7E1jSaylLK4t6sqj8l1NhJ-8Pr-lTf571lf9P1rzrEcXLo0yWQ4YXRqk0lxEpfvjQYPvVSXTPETrpgqkjIOEqWgu-egdbJr5K0yglw6lNe0OZyg5HjTrhJQtFyXKbvQWcxi1vKYnQlJdOmrDpqfd1RY2YnJZVIGzLfMWW6od2qzUwZaM_t1Ak4R_GOP26Y3hMOlONGhHDj_flfGi656dV06ZUd26lTDemBl0EYERgG-gVQfRtpKyWWTc1FFpRBJ1IB-aKVqorYbHsGdgrOgeVVqqGrMI33Yk0C0gU_u8KswsyzpWdJ3r6Ccd0Z4ORnBV4FxL1YIpwOwWWwVslrhnSrFCYs91cR7uDc4UajLX8aWu8PDQXR1jm1saCjZF0np4fmQjWk4sEWA-I-fewTBg0yzbMtPS0mXeZPuGsYHJQfAQZ6YWhBy2cH9Nl1V9Qon4ZGFtGRj5xjBqeABszWl9B4tgfsQ7u7mY2w8t3mBSfTwyCvsLACRPVFGStoVqVSTGKi8FEA7YLneFN-em7WU0SReyeS5263MzT9hTtSSVwvdSAuekVTW9XSGpps4UxH_RQSmrBQkzKxsamYRGf-5jZhPLESRfWit1tBgr-E_sB7rUId36mEtuTXOLdJHEkXxPBDllssN-cao5sjDGx_Ii2iosY935fRA1pHJjC6ptMZkM_xtfGNgTnMPbeN4ZMs4gAnKBVCowDjsjsSYbwQBGW7aUuPn24dVoyhGO8BK6ASMw8rO1QHLJAvB2FAt2mvowc5B7BcmfLahmAAmGjNc5xTz834YYaY1KfbVZJl0pGnZ3U0Uvb6dtdlD6XZ61fH67d4cCRbgsewbkqlxPcRiwflc-wakIcxg5NNwOjsKzh6TzryYH_27P3Gu0shFRyDawWBhjyDVWgneyGYy1Zl7708Ol2elu4sMzOLPc2kpFb4r0ICLR71UkDasJ8QhnJFFyaCpn_yeXF-nwcN-X9UxM9vNGieS-8N1Nx7D6Jz6YHuXbSLu-B1_vWxf8lwJ3-H7-A2z55EgrPqkApYWRVRIIL6stQuSRmCWrWwpvDUFUMY3phfvbfThdcPrdLBRJADl3SFO0BH9ZxanimIpFEnJt8W4xxh1SX0EEdjynd3fk3LmGq3NAjZxt1-YO9zeNIvJG7hGc1KAh7F_WWYcJWhOXy0jMDD3lqvy2vnsbgtFxznblHIDJvdf_EBssCH8b35RqI138I9MmhCZ6j6FJYdm5hcryO9b9blh4-9J3DLs_QkQWGjAeEdJMEo8C9QAPEXOjEAuoYNEPMe2tGVjRh3am2aVwpl_uE079cKRDINrCSxsYtPEkcI03whRmziW6-68Dp2xL3nfp6MNSx6qIJXyMcR-77zyZeTe6ugqQzJqQBDBQlIerkkZNnpGh3Sz8HfVhDHd1a9vMLdvVW7FcFcBDIdEuNxL_tot4ckV9wwluq8sWbQEgL08gcxYRVj1pF8I-rwo3pfTMC-rZHpfeYMPHO-2KGQj7mhG20-n_0gi44VIdycvTuVGVXPbODhdbJpLCHeA&cid=CAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g&rfl=2%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
35700fd4dc1a4008ab66bc0e57c19689f6daca9368bfd2a6beea1b86dc0159d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:51:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
122
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11778
x-xss-protection
0
server
cafe
etag
15541287485089275602
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:51:34 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame A677 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B7PgFIPFgw9W4O_JcoPlfiJf-lX0yZUwe2Avqdc92QVbUl3sSwk9GC6KDS_STmTybl9Ts5U8SZkpei6gYfieZ5YPIMzaY9Nafk9frW-ROvnJ_u4iT_TJ8SkqBNXxWqQjWvCpUI74Ofoh29IVB_hjlC6c-9Pw&cry=1&dbm_d=AKAmf-A6q-nzE4uQGRv1wfJzuqV2r7JREABIICedbuVz7RQHX1TJIe7FilPgJcnQ5B3E9zzzEG9mWsiY4_aerGoz0tOxKblF0bczmQH-GtdqHI8mG6hhY2JhbHebr37ekshOClmanGx3mU_bK5ngfnmO-2UvWMU4j4yverlAseedzMHckzIZ8kEvNfN6EcqN3uSwPCSygrstHsraCVz4uuNG6CNjEx2FRS5WAZhdX2quqj681mwCCMmbaakuwWXDS-YIcp1wScN8NtSsGYMbInsd6W-pq9m-HZINksThA8zfezKajvG85i9mNIFzdNmqrx2uiUi5IOgRcelU6mrLzq_AyN0bVC5Ia7fCvgPPfyLT1TgQvXwP4o-cMF4xgqfEOGAX1x53iJx_g3nPfRj702Uj4BLzTcwC3wfAqxEuiqin4iZBe4FNZWFVJCzQsnojDfiFMekZmriqkhvpLW9LH22_YIT1AUY-x0z_QN_53Oe1cOJd1gSXVX-T0rDItg-UzjXhSQkDv_QuTy4nBvO8kHSHpZV-0jnMjyUPgBLX_9YC43eu4aR71YxkRohuLKzWJHyvIwJLZgyo6L-oQsMln3ttKwCzjjBa97qhmKOgrjXPIwjxxhnkZkIdGZVzkIhTm_iZrLrMW0DnuNCQVL465WJ-qbywQ7X7rQacT_1MSLEvVBCWIvdIb9Pe7P2mfPyas3DdchtVWSoYVWI8-TSAVTAOMaFnFTJlCncSvnHZ8vwZQ0kcudJu7iD6Q6HgzlJMItaJ_E_Fi2MlzBLkz36VcTb9psxNm39Iw_oS7NXuvyEDSX-FRYd-cLAIcPqPriLQXVo0KGxiPdRH1n5HCgQ4ta6dTILNZ9Bhddr5UmjunvrlwKi9DcOM3Dn4f_bUOSJ0d_wa8ygZV0JuD-oC7KymVnKXsmXaPOAu7m8QDy7zvEqSI9f045O3arxpyIeVSKSWoBB2McC4D2WQAh0nzBgyRPasdAyfR6rYlkq2ox8HpClOABypJCYIVyuARaU5Bx1w5DdhTugxlbvrgkuO0nV_xDjhvBrFdwUkRQENCY9y_pWhvOudtdGWoGBHCV2DDZ3iIPV59dPedPQgAmwV89VLvMyfTCj1XIsZ6cPlaGbfVbjnpG20RceBViC2h-nbvL2TsBSnm5GqBLLRnMN5n5zvJA3KR-OyjtmQokhCQf5NlWUjFYSOS_6JnwEgX-XFCH8ENCi6yxWSsbKsstlqB3KDA4Q317kgnfnhRLZko5IM0ub8QMbfBzqzjkPeuRUnO37WdJZy0YYAPcz_dBEcWK-RR8g3qGS7g98opTNGxHPmePUouDjXCt40XPB-9L1mjSEfn-0V2SbiAWAWW7xr-l4NpNvTflu3bAN7cPw-andHSXe_kzXarb6cndDA1i_QZe5BZNWOcXCaP9_WZUmScgorxtxfc_0kWFuTSvWDFQ7nKADhAojYT6eMOANfaCobrMz4KFEhuaDWndEIGb-m0vNGsNOJ8GGvXkBWYXrSkNYtzxAh9_RrzhvTano6imLW2j-1I0RFofPkbb84G8EZmB7d_JDzxfDOZNtZ1WQ4UxesJ0A7ls_zg85SRymTnMKFL6v0Fp4AWaheKgTfdK1qXV-JBVbGOANUSjGD3bhNO-5fkcSIF2C96pl3YpIFTiiWj7AyZC_x9bkdF82tz-5VuhjmLRWEzV-EPVvef8B4lxwQU7AyxwFbFx8ts0yoLaF0-Avbo9mcHP43HjpopdUd6zohPN_fp9iPhdS-D2rPB6Ag2AziF4gBZAWFmJr3Xj9hYCEqSzm4JIqWW9fO1BOZcUjeIixfNlW7221aUVKDSdqPqQsJEuuC7vxwoX_KOJjANdddPKagE_7lNNJJWRFcu8TjcAGTdc997G53YCBCIUxhlH0DUCMlhKOBNalXVAbnRSZNoBKwhWaCyQrPSwa10wG4ZcYm5ewnzlqZwveUu-QAzEq7Dp2-DUD33On1bmt6OeERKOS5OpTGucZbOMxU9YU6UF0Ld8Hjl2k7E1jSaylLK4t6sqj8l1NhJ-8Pr-lTf571lf9P1rzrEcXLo0yWQ4YXRqk0lxEpfvjQYPvVSXTPETrpgqkjIOEqWgu-egdbJr5K0yglw6lNe0OZyg5HjTrhJQtFyXKbvQWcxi1vKYnQlJdOmrDpqfd1RY2YnJZVIGzLfMWW6od2qzUwZaM_t1Ak4R_GOP26Y3hMOlONGhHDj_flfGi656dV06ZUd26lTDemBl0EYERgG-gVQfRtpKyWWTc1FFpRBJ1IB-aKVqorYbHsGdgrOgeVVqqGrMI33Yk0C0gU_u8KswsyzpWdJ3r6Ccd0Z4ORnBV4FxL1YIpwOwWWwVslrhnSrFCYs91cR7uDc4UajLX8aWu8PDQXR1jm1saCjZF0np4fmQjWk4sEWA-I-fewTBg0yzbMtPS0mXeZPuGsYHJQfAQZ6YWhBy2cH9Nl1V9Qon4ZGFtGRj5xjBqeABszWl9B4tgfsQ7u7mY2w8t3mBSfTwyCvsLACRPVFGStoVqVSTGKi8FEA7YLneFN-em7WU0SReyeS5263MzT9hTtSSVwvdSAuekVTW9XSGpps4UxH_RQSmrBQkzKxsamYRGf-5jZhPLESRfWit1tBgr-E_sB7rUId36mEtuTXOLdJHEkXxPBDllssN-cao5sjDGx_Ii2iosY935fRA1pHJjC6ptMZkM_xtfGNgTnMPbeN4ZMs4gAnKBVCowDjsjsSYbwQBGW7aUuPn24dVoyhGO8BK6ASMw8rO1QHLJAvB2FAt2mvowc5B7BcmfLahmAAmGjNc5xTz834YYaY1KfbVZJl0pGnZ3U0Uvb6dtdlD6XZ61fH67d4cCRbgsewbkqlxPcRiwflc-wakIcxg5NNwOjsKzh6TzryYH_27P3Gu0shFRyDawWBhjyDVWgneyGYy1Zl7708Ol2elu4sMzOLPc2kpFb4r0ICLR71UkDasJ8QhnJFFyaCpn_yeXF-nwcN-X9UxM9vNGieS-8N1Nx7D6Jz6YHuXbSLu-B1_vWxf8lwJ3-H7-A2z55EgrPqkApYWRVRIIL6stQuSRmCWrWwpvDUFUMY3phfvbfThdcPrdLBRJADl3SFO0BH9ZxanimIpFEnJt8W4xxh1SX0EEdjynd3fk3LmGq3NAjZxt1-YO9zeNIvJG7hGc1KAh7F_WWYcJWhOXy0jMDD3lqvy2vnsbgtFxznblHIDJvdf_EBssCH8b35RqI138I9MmhCZ6j6FJYdm5hcryO9b9blh4-9J3DLs_QkQWGjAeEdJMEo8C9QAPEXOjEAuoYNEPMe2tGVjRh3am2aVwpl_uE079cKRDINrCSxsYtPEkcI03whRmziW6-68Dp2xL3nfp6MNSx6qIJXyMcR-77zyZeTe6ugqQzJqQBDBQlIerkkZNnpGh3Sz8HfVhDHd1a9vMLdvVW7FcFcBDIdEuNxL_tot4ckV9wwluq8sWbQEgL08gcxYRVj1pF8I-rwo3pfTMC-rZHpfeYMPHO-2KGQj7mhG20-n_0gi44VIdycvTuVGVXPbODhdbJpLCHeA&cid=CAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g&rfl=2%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 07:50:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
295359
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Sep 2023 07:50:57 GMT
/
d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/ Frame 5111
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=turn_dmp&google_cm
  • https://d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/?mpuid=CAESEIPrYTCr1TaNSsKRecc9Hns&google_cver=1
43 B
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/?mpuid=CAESEIPrYTCr1TaNSsKRecc9Hns&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD-jfH6ARjNgsKtATAB&v=APEucNVP-IsSxp6MeiImuCGff0BNVQeUrCJU-1oCyCr4WR2WhH_MXxQ3Pcy2kAw9RIkIt0L2n4eUXaWDl1T-jSIQpK7PjRN3Us3sIBzOItRTX8xjsCuwXrvyPBEl9pEHQJ84nOhc3AqBINaN33dQBRCxtUa6JjViYOMBIxIp8lDYVph_NAOHyVkvtkf84H3JoonqQLdqVKWhl1QHZ-QzFaluKD_FGJxqMw
Protocol
H2
Server
2001:678:cb4:bbbb::13 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type
image/gif
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/?mpuid=CAESEIPrYTCr1TaNSsKRecc9Hns&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
309
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 5111
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFlfihLHZc4jhHzq-3nhvE4&google_cver=1
43 B
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFlfihLHZc4jhHzq-3nhvE4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD-jfH6ARjNgsKtATAB&v=APEucNVP-IsSxp6MeiImuCGff0BNVQeUrCJU-1oCyCr4WR2WhH_MXxQ3Pcy2kAw9RIkIt0L2n4eUXaWDl1T-jSIQpK7PjRN3Us3sIBzOItRTX8xjsCuwXrvyPBEl9pEHQJ84nOhc3AqBINaN33dQBRCxtUa6JjViYOMBIxIp8lDYVph_NAOHyVkvtkf84H3JoonqQLdqVKWhl1QHZ-QzFaluKD_FGJxqMw
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFlfihLHZc4jhHzq-3nhvE4&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame 5111 		43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD-jfH6ARjNgsKtATAB&v=APEucNVP-IsSxp6MeiImuCGff0BNVQeUrCJU-1oCyCr4WR2WhH_MXxQ3Pcy2kAw9RIkIt0L2n4eUXaWDl1T-jSIQpK7PjRN3Us3sIBzOItRTX8xjsCuwXrvyPBEl9pEHQJ84nOhc3AqBINaN33dQBRCxtUa6JjViYOMBIxIp8lDYVph_NAOHyVkvtkf84H3JoonqQLdqVKWhl1QHZ-QzFaluKD_FGJxqMw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
truncated
/ Frame 3468 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
939ae264853db9ed3f45645cf2d7285940bc968ba8b14198bd166d80710ac191

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
skeleton.js
fw.adsafeprotected.com/rjss/st/747557/55375942/ Frame 2F18 		46 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/747557/55375942/skeleton.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_dg6QpSii7-jfifgKgLkmbdXWUDe4zyFqjMAymqR9BqatX_QZSS28hZ-rNfwaZd8Hl9MQGABpe5J7Yq6pwCJbTz3VA&cry=1&dbm_d=AKAmf-DcIx4bkfzdKSr7aIrMYT7AGV_imqms6VnYI94BKMti__nk0eQUGxCQ7kv1iqRAz5Irpi11bCmVSgQiEo1FYCY5DHGafnJ8QzOWNZVWlWeuHq11Ki-Akwn-PQgt97vYJawIp8f1WEPYFoElpHEc8_4P4XekKp-eEPaGWRmeFxf29hG1PGcVwysjUs3tMS7kG4UahwTgPCBFMTA9InI4UJvd34YOCxZb4masUyv59osub63OiGu4IMuakxs9qIPR_7TKg1bT7pm2cn88lS86fQukjO62Eds1Gai2vglTKEwXF6-hIy7UCfRh7jGyUX8Qdf5nKcamsjZ0MVeSCQnS7shn92-D7ug_-sIJcCm5zTW92pYxEIDb_N0dD6BN0BGVAipzsgFR0knmf79iCQa90GhrF_lbqHtFeBghGGGOoENcK3hgXD2Cnlj6KgjJ5DjXM-3Py-9o_BJOA2YoASPKipXJRLbgK77M3jxYV66qEN-MzBI8k45liMWXftZAzeDn53Ukx1DaZaDeTVQgq10Duuyu_mdTjrl6N4gEM2yNjv9ki5S0i5UqQJvA01IMWIFfNrW3jqAYXgptiHMJ9p0kcxGxrPIczm_30Sp22N3zO7ypQYwaRLE7HFsvH956RqF_ZvFg17ggEBlBTMrTlDfEi0bDdBW89fNSwdEMEKvn7debeXfCZAeMk6qBjd0Ah4d3UdnIseurUm9O4KRhlIYMvjKkfCpufG45f7BexqxboS5xFRZNhf5fEQOJWV3dqrsKEBtA2cW6AzP5a0rPkN7lD_mqS8DKzDKJ0xcf7xXG4euvzLMybUIxgiyyojN0nOp9LBKYyJVdLpIdsQ_7sLBFFQQCuqMt6HuCZfF6UMhzNoGaMTSmnX0YwXSnbqXybUUznxexFqTlTrRIn_zWw7S-tZiPZI5TJ9V0tx6_lTK9BtMHSeN2B_8F5wv_629kBj29FADXZYjgU7NkWmILiK9XFRKIQoIkJPEWnv1bNzXOSw9HlHo3xIMmo5jqRQEFrrCFChBVC5Mxa0ugmJebH-eV4DyBW86IUX9gfPABDoN25-jun86-PWGHp2FwHHA99OO7UxGFZYDzbmCwZJHDbRtjREX6NlSce_OdNNkib5wEcTM0ScU_B7F9VGJk5icqgbRZF2KrkQfC6TMHsgEz0P4yWkLTsNTMEiEJvR7h8Rar8I9lsx16wsBa_RIRFXaIhoIVb6KARuIgtSBpx-JPVGGgbWoJiLfzekCDUYjzRWbS_UgjWgh_lTWKud9QRSCCkWZN-8j8b8GB6xKmWXPpDBftM9Z0W0NopyQJZNqwcJ58Chx9F35J6MhgtmiZMQMypS6SCYYMhpJdV_RE2jA0ugOjQM3JmsIY-UfG-BBupgzqSiaG-gWm-twOkIJ4uBrpgMhlIXcecOLVpmqTk2BSLuoLEk-N_DCfN5sVhoW0pB6byY2dEoUANtD3cEBU-BJVJKVzVY_ArKZHNQExUv4nDDfYQLMYNYOBysVh7pam_gJnikSf034aA_j5y9H96TrJFnKtxkfe-lt_XfDNlVDGnNP0ynKfZiAZFeWiQO45CKnIcvNZt-Enq5IOBF--j6otomnn7vUoj7HUuZSghHIf9pmZP3Xo0wfStxSfAwzpBYJf4v1t2Rkikkknq7WQvrA3chci1hKSOfQTD7XF_oRoYL0cqotqa-1fqEy04CXCShRR8uXOXZvnoP11_DXaW-I4stS5qOLxyTb1s2gSEWV8MBbfAafdIvARj9j7j_nN_wDjOYpX9bwoaa7j0q7dWfywjhLuln5Al27R4YDYaZYaGbaI1aEWeVvtXfXeCERVYUh_KcKbjdY-H-ell1DnQYsoFrr7deWhcpFgcGFzhS8E8mRsvvgsMmpjtlbQzyIh9KrA_673YRGJpyrn6gLyWgAQ_fx9GSYP9Qpw4ubXb5I9HtUcXblCVRvVmjmw8amPL4CiCw2OQ4FcqTzy2VxFdj5bmgxpYR58M1ZuZ7AjJ7Cd64rpQ1ADf-6QD6fbF_Amwg38UJsHWOazIGCLLCha2NTDlMG7ItIA5581REXqnOWijHM1P7s-ZE7rDuFgiKOL57vQH4RKnLi1x0j_pWY9wxB1CCUd4zgOjpZTx_Z45RTqU8F2-g3mrnyMgqMltRfyoizUMQjCQ_2TP0ujAAzF-uYpHIVanL07odp5PyVTy0uF5Z_d0HqNhZf4uiWAOKgD-beDdUgTNg_u0lvDVZMFTu2a6dTFn_QjaTTPD-RHiGXA0Rw5iJBHDYtiMo1_XCMTCNCgkT8xnBsEURrRRRoqyS04SDt-V_ngxQQCArln7-AUflWTW9r0MfGgsLcuQa6NN-1kbWxL9ba0yfbnajeoJ6iEk0K_9IdupjcqN91josHg81afY34HEVgxuOeLwRRfsQ4O-XOoEHWtw2AIwqHQ-olPJCEiVpTF7VS8J-6l1h6E4Ft7PpCvY2PBZPIvQytQInAmXOOBPqV_wCdC3q2ot3NWyAvTHdpB8ZpXkx793RopHdil7DFzmvZz4JD6JsCNROLd1UAlLbUJ7nvN6fbe5A02DeF8cecB5Nu9SX4ElPxe294q8y4tYtRczo335xGi_ad_6YLgRJis4DXfFIu6SQqwwuRouoHfK_QIrgiHxzeq_zKDPVkAc-X7p5i2Xai312m8sMzv4Dx68wuxKAhNHMYcfHsP4-QhVShfQjDEYS2ssVXIpXsTXBUsE0o8eTE8gb-L7L6MDhdnb4Yw59SbTCiR_B49A7hAqFYjvP0qwmYdtySSydPJROEoC1J0dhpuySIULFNrB4GqcL9obBzKXoSJEhOgF8Xslq76HRj2ZcG8VE1DOaSAO17Ssr7Nyw8JsjCgiSsZND6hCz1SP7UFbQiKrr58vJlA4NoBkQ_1zn0KbQGa3bLz9u3V-qgd-9W0Ttf8OpF_sLBUtBACRGq1PCAKpEkaIvlOPSc2gkou0j2wI_Ije5OvwMtfFOvdELvplVPSFIjlMsSOH-zCT8XvKeTHnWbDv7qIS9aEZ7QucAW_oB766qnhbDHaQm1i2A5DBs5b4zLYTn06Y3TNP7bduxU-J9VfjmrHS1zdDO298fxVBbvwY4CDlDNR-s6cL5zvg8pCIVZ_uYjZGnFzUw73VU8lWjG7nvpENgGVb6qTAOHswsIFV6WqtUFbTYbluh_TDyDsdJZ8WjKo4C9eHWjAXyrQV6nbNl_lU96E3DnxAMseIrc7ppFiOYkdBeTbIsSgTtWF0NztMJFN2fE8NUk2DMkXEyNxxriVHP_ZXpk5WlRdHNdN2Ij6VSfSNdg2QclShsRFRQ1NB_ZHJm1ePZbIQ67GM6HorV9Ow4Erzmf68kHUb-wSdtDsldjgFuqkpI1ruObW8-AO2qkR4ADBlrEZlbOFowIHqfr2phfz7mN9V_Ple1redkG6AjI3VVu8vLm_jADJJfL6UyzNIqgZUP_GwN5aimh3Jj1jtXsCrg4Ts2O4eUjtPpjSXqcNxql_e4beKZl3noEVGTrFw1E&cid=CAASJ-RoxOBMqlCy_GP8qJJK3szF92RAOufYOzU1cJgsfUMvQ1Q4JyRDwSAN&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.139.148 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-139-148.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8dd5b55e97d6f337b67a1a612fe849a9b55cab36134a8501e8d585f625604673

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/ Frame 2F18 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_dg6QpSii7-jfifgKgLkmbdXWUDe4zyFqjMAymqR9BqatX_QZSS28hZ-rNfwaZd8Hl9MQGABpe5J7Yq6pwCJbTz3VA&cry=1&dbm_d=AKAmf-DcIx4bkfzdKSr7aIrMYT7AGV_imqms6VnYI94BKMti__nk0eQUGxCQ7kv1iqRAz5Irpi11bCmVSgQiEo1FYCY5DHGafnJ8QzOWNZVWlWeuHq11Ki-Akwn-PQgt97vYJawIp8f1WEPYFoElpHEc8_4P4XekKp-eEPaGWRmeFxf29hG1PGcVwysjUs3tMS7kG4UahwTgPCBFMTA9InI4UJvd34YOCxZb4masUyv59osub63OiGu4IMuakxs9qIPR_7TKg1bT7pm2cn88lS86fQukjO62Eds1Gai2vglTKEwXF6-hIy7UCfRh7jGyUX8Qdf5nKcamsjZ0MVeSCQnS7shn92-D7ug_-sIJcCm5zTW92pYxEIDb_N0dD6BN0BGVAipzsgFR0knmf79iCQa90GhrF_lbqHtFeBghGGGOoENcK3hgXD2Cnlj6KgjJ5DjXM-3Py-9o_BJOA2YoASPKipXJRLbgK77M3jxYV66qEN-MzBI8k45liMWXftZAzeDn53Ukx1DaZaDeTVQgq10Duuyu_mdTjrl6N4gEM2yNjv9ki5S0i5UqQJvA01IMWIFfNrW3jqAYXgptiHMJ9p0kcxGxrPIczm_30Sp22N3zO7ypQYwaRLE7HFsvH956RqF_ZvFg17ggEBlBTMrTlDfEi0bDdBW89fNSwdEMEKvn7debeXfCZAeMk6qBjd0Ah4d3UdnIseurUm9O4KRhlIYMvjKkfCpufG45f7BexqxboS5xFRZNhf5fEQOJWV3dqrsKEBtA2cW6AzP5a0rPkN7lD_mqS8DKzDKJ0xcf7xXG4euvzLMybUIxgiyyojN0nOp9LBKYyJVdLpIdsQ_7sLBFFQQCuqMt6HuCZfF6UMhzNoGaMTSmnX0YwXSnbqXybUUznxexFqTlTrRIn_zWw7S-tZiPZI5TJ9V0tx6_lTK9BtMHSeN2B_8F5wv_629kBj29FADXZYjgU7NkWmILiK9XFRKIQoIkJPEWnv1bNzXOSw9HlHo3xIMmo5jqRQEFrrCFChBVC5Mxa0ugmJebH-eV4DyBW86IUX9gfPABDoN25-jun86-PWGHp2FwHHA99OO7UxGFZYDzbmCwZJHDbRtjREX6NlSce_OdNNkib5wEcTM0ScU_B7F9VGJk5icqgbRZF2KrkQfC6TMHsgEz0P4yWkLTsNTMEiEJvR7h8Rar8I9lsx16wsBa_RIRFXaIhoIVb6KARuIgtSBpx-JPVGGgbWoJiLfzekCDUYjzRWbS_UgjWgh_lTWKud9QRSCCkWZN-8j8b8GB6xKmWXPpDBftM9Z0W0NopyQJZNqwcJ58Chx9F35J6MhgtmiZMQMypS6SCYYMhpJdV_RE2jA0ugOjQM3JmsIY-UfG-BBupgzqSiaG-gWm-twOkIJ4uBrpgMhlIXcecOLVpmqTk2BSLuoLEk-N_DCfN5sVhoW0pB6byY2dEoUANtD3cEBU-BJVJKVzVY_ArKZHNQExUv4nDDfYQLMYNYOBysVh7pam_gJnikSf034aA_j5y9H96TrJFnKtxkfe-lt_XfDNlVDGnNP0ynKfZiAZFeWiQO45CKnIcvNZt-Enq5IOBF--j6otomnn7vUoj7HUuZSghHIf9pmZP3Xo0wfStxSfAwzpBYJf4v1t2Rkikkknq7WQvrA3chci1hKSOfQTD7XF_oRoYL0cqotqa-1fqEy04CXCShRR8uXOXZvnoP11_DXaW-I4stS5qOLxyTb1s2gSEWV8MBbfAafdIvARj9j7j_nN_wDjOYpX9bwoaa7j0q7dWfywjhLuln5Al27R4YDYaZYaGbaI1aEWeVvtXfXeCERVYUh_KcKbjdY-H-ell1DnQYsoFrr7deWhcpFgcGFzhS8E8mRsvvgsMmpjtlbQzyIh9KrA_673YRGJpyrn6gLyWgAQ_fx9GSYP9Qpw4ubXb5I9HtUcXblCVRvVmjmw8amPL4CiCw2OQ4FcqTzy2VxFdj5bmgxpYR58M1ZuZ7AjJ7Cd64rpQ1ADf-6QD6fbF_Amwg38UJsHWOazIGCLLCha2NTDlMG7ItIA5581REXqnOWijHM1P7s-ZE7rDuFgiKOL57vQH4RKnLi1x0j_pWY9wxB1CCUd4zgOjpZTx_Z45RTqU8F2-g3mrnyMgqMltRfyoizUMQjCQ_2TP0ujAAzF-uYpHIVanL07odp5PyVTy0uF5Z_d0HqNhZf4uiWAOKgD-beDdUgTNg_u0lvDVZMFTu2a6dTFn_QjaTTPD-RHiGXA0Rw5iJBHDYtiMo1_XCMTCNCgkT8xnBsEURrRRRoqyS04SDt-V_ngxQQCArln7-AUflWTW9r0MfGgsLcuQa6NN-1kbWxL9ba0yfbnajeoJ6iEk0K_9IdupjcqN91josHg81afY34HEVgxuOeLwRRfsQ4O-XOoEHWtw2AIwqHQ-olPJCEiVpTF7VS8J-6l1h6E4Ft7PpCvY2PBZPIvQytQInAmXOOBPqV_wCdC3q2ot3NWyAvTHdpB8ZpXkx793RopHdil7DFzmvZz4JD6JsCNROLd1UAlLbUJ7nvN6fbe5A02DeF8cecB5Nu9SX4ElPxe294q8y4tYtRczo335xGi_ad_6YLgRJis4DXfFIu6SQqwwuRouoHfK_QIrgiHxzeq_zKDPVkAc-X7p5i2Xai312m8sMzv4Dx68wuxKAhNHMYcfHsP4-QhVShfQjDEYS2ssVXIpXsTXBUsE0o8eTE8gb-L7L6MDhdnb4Yw59SbTCiR_B49A7hAqFYjvP0qwmYdtySSydPJROEoC1J0dhpuySIULFNrB4GqcL9obBzKXoSJEhOgF8Xslq76HRj2ZcG8VE1DOaSAO17Ssr7Nyw8JsjCgiSsZND6hCz1SP7UFbQiKrr58vJlA4NoBkQ_1zn0KbQGa3bLz9u3V-qgd-9W0Ttf8OpF_sLBUtBACRGq1PCAKpEkaIvlOPSc2gkou0j2wI_Ije5OvwMtfFOvdELvplVPSFIjlMsSOH-zCT8XvKeTHnWbDv7qIS9aEZ7QucAW_oB766qnhbDHaQm1i2A5DBs5b4zLYTn06Y3TNP7bduxU-J9VfjmrHS1zdDO298fxVBbvwY4CDlDNR-s6cL5zvg8pCIVZ_uYjZGnFzUw73VU8lWjG7nvpENgGVb6qTAOHswsIFV6WqtUFbTYbluh_TDyDsdJZ8WjKo4C9eHWjAXyrQV6nbNl_lU96E3DnxAMseIrc7ppFiOYkdBeTbIsSgTtWF0NztMJFN2fE8NUk2DMkXEyNxxriVHP_ZXpk5WlRdHNdN2Ij6VSfSNdg2QclShsRFRQ1NB_ZHJm1ePZbIQ67GM6HorV9Ow4Erzmf68kHUb-wSdtDsldjgFuqkpI1ruObW8-AO2qkR4ADBlrEZlbOFowIHqfr2phfz7mN9V_Ple1redkG6AjI3VVu8vLm_jADJJfL6UyzNIqgZUP_GwN5aimh3Jj1jtXsCrg4Ts2O4eUjtPpjSXqcNxql_e4beKZl3noEVGTrFw1E&cid=CAASJ-RoxOBMqlCy_GP8qJJK3szF92RAOufYOzU1cJgsfUMvQ1Q4JyRDwSAN&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
35700fd4dc1a4008ab66bc0e57c19689f6daca9368bfd2a6beea1b86dc0159d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:51:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
122
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11778
x-xss-protection
0
server
cafe
etag
15541287485089275602
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:51:34 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/elements/html/ Frame 2F18 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_dg6QpSii7-jfifgKgLkmbdXWUDe4zyFqjMAymqR9BqatX_QZSS28hZ-rNfwaZd8Hl9MQGABpe5J7Yq6pwCJbTz3VA&cry=1&dbm_d=AKAmf-DcIx4bkfzdKSr7aIrMYT7AGV_imqms6VnYI94BKMti__nk0eQUGxCQ7kv1iqRAz5Irpi11bCmVSgQiEo1FYCY5DHGafnJ8QzOWNZVWlWeuHq11Ki-Akwn-PQgt97vYJawIp8f1WEPYFoElpHEc8_4P4XekKp-eEPaGWRmeFxf29hG1PGcVwysjUs3tMS7kG4UahwTgPCBFMTA9InI4UJvd34YOCxZb4masUyv59osub63OiGu4IMuakxs9qIPR_7TKg1bT7pm2cn88lS86fQukjO62Eds1Gai2vglTKEwXF6-hIy7UCfRh7jGyUX8Qdf5nKcamsjZ0MVeSCQnS7shn92-D7ug_-sIJcCm5zTW92pYxEIDb_N0dD6BN0BGVAipzsgFR0knmf79iCQa90GhrF_lbqHtFeBghGGGOoENcK3hgXD2Cnlj6KgjJ5DjXM-3Py-9o_BJOA2YoASPKipXJRLbgK77M3jxYV66qEN-MzBI8k45liMWXftZAzeDn53Ukx1DaZaDeTVQgq10Duuyu_mdTjrl6N4gEM2yNjv9ki5S0i5UqQJvA01IMWIFfNrW3jqAYXgptiHMJ9p0kcxGxrPIczm_30Sp22N3zO7ypQYwaRLE7HFsvH956RqF_ZvFg17ggEBlBTMrTlDfEi0bDdBW89fNSwdEMEKvn7debeXfCZAeMk6qBjd0Ah4d3UdnIseurUm9O4KRhlIYMvjKkfCpufG45f7BexqxboS5xFRZNhf5fEQOJWV3dqrsKEBtA2cW6AzP5a0rPkN7lD_mqS8DKzDKJ0xcf7xXG4euvzLMybUIxgiyyojN0nOp9LBKYyJVdLpIdsQ_7sLBFFQQCuqMt6HuCZfF6UMhzNoGaMTSmnX0YwXSnbqXybUUznxexFqTlTrRIn_zWw7S-tZiPZI5TJ9V0tx6_lTK9BtMHSeN2B_8F5wv_629kBj29FADXZYjgU7NkWmILiK9XFRKIQoIkJPEWnv1bNzXOSw9HlHo3xIMmo5jqRQEFrrCFChBVC5Mxa0ugmJebH-eV4DyBW86IUX9gfPABDoN25-jun86-PWGHp2FwHHA99OO7UxGFZYDzbmCwZJHDbRtjREX6NlSce_OdNNkib5wEcTM0ScU_B7F9VGJk5icqgbRZF2KrkQfC6TMHsgEz0P4yWkLTsNTMEiEJvR7h8Rar8I9lsx16wsBa_RIRFXaIhoIVb6KARuIgtSBpx-JPVGGgbWoJiLfzekCDUYjzRWbS_UgjWgh_lTWKud9QRSCCkWZN-8j8b8GB6xKmWXPpDBftM9Z0W0NopyQJZNqwcJ58Chx9F35J6MhgtmiZMQMypS6SCYYMhpJdV_RE2jA0ugOjQM3JmsIY-UfG-BBupgzqSiaG-gWm-twOkIJ4uBrpgMhlIXcecOLVpmqTk2BSLuoLEk-N_DCfN5sVhoW0pB6byY2dEoUANtD3cEBU-BJVJKVzVY_ArKZHNQExUv4nDDfYQLMYNYOBysVh7pam_gJnikSf034aA_j5y9H96TrJFnKtxkfe-lt_XfDNlVDGnNP0ynKfZiAZFeWiQO45CKnIcvNZt-Enq5IOBF--j6otomnn7vUoj7HUuZSghHIf9pmZP3Xo0wfStxSfAwzpBYJf4v1t2Rkikkknq7WQvrA3chci1hKSOfQTD7XF_oRoYL0cqotqa-1fqEy04CXCShRR8uXOXZvnoP11_DXaW-I4stS5qOLxyTb1s2gSEWV8MBbfAafdIvARj9j7j_nN_wDjOYpX9bwoaa7j0q7dWfywjhLuln5Al27R4YDYaZYaGbaI1aEWeVvtXfXeCERVYUh_KcKbjdY-H-ell1DnQYsoFrr7deWhcpFgcGFzhS8E8mRsvvgsMmpjtlbQzyIh9KrA_673YRGJpyrn6gLyWgAQ_fx9GSYP9Qpw4ubXb5I9HtUcXblCVRvVmjmw8amPL4CiCw2OQ4FcqTzy2VxFdj5bmgxpYR58M1ZuZ7AjJ7Cd64rpQ1ADf-6QD6fbF_Amwg38UJsHWOazIGCLLCha2NTDlMG7ItIA5581REXqnOWijHM1P7s-ZE7rDuFgiKOL57vQH4RKnLi1x0j_pWY9wxB1CCUd4zgOjpZTx_Z45RTqU8F2-g3mrnyMgqMltRfyoizUMQjCQ_2TP0ujAAzF-uYpHIVanL07odp5PyVTy0uF5Z_d0HqNhZf4uiWAOKgD-beDdUgTNg_u0lvDVZMFTu2a6dTFn_QjaTTPD-RHiGXA0Rw5iJBHDYtiMo1_XCMTCNCgkT8xnBsEURrRRRoqyS04SDt-V_ngxQQCArln7-AUflWTW9r0MfGgsLcuQa6NN-1kbWxL9ba0yfbnajeoJ6iEk0K_9IdupjcqN91josHg81afY34HEVgxuOeLwRRfsQ4O-XOoEHWtw2AIwqHQ-olPJCEiVpTF7VS8J-6l1h6E4Ft7PpCvY2PBZPIvQytQInAmXOOBPqV_wCdC3q2ot3NWyAvTHdpB8ZpXkx793RopHdil7DFzmvZz4JD6JsCNROLd1UAlLbUJ7nvN6fbe5A02DeF8cecB5Nu9SX4ElPxe294q8y4tYtRczo335xGi_ad_6YLgRJis4DXfFIu6SQqwwuRouoHfK_QIrgiHxzeq_zKDPVkAc-X7p5i2Xai312m8sMzv4Dx68wuxKAhNHMYcfHsP4-QhVShfQjDEYS2ssVXIpXsTXBUsE0o8eTE8gb-L7L6MDhdnb4Yw59SbTCiR_B49A7hAqFYjvP0qwmYdtySSydPJROEoC1J0dhpuySIULFNrB4GqcL9obBzKXoSJEhOgF8Xslq76HRj2ZcG8VE1DOaSAO17Ssr7Nyw8JsjCgiSsZND6hCz1SP7UFbQiKrr58vJlA4NoBkQ_1zn0KbQGa3bLz9u3V-qgd-9W0Ttf8OpF_sLBUtBACRGq1PCAKpEkaIvlOPSc2gkou0j2wI_Ije5OvwMtfFOvdELvplVPSFIjlMsSOH-zCT8XvKeTHnWbDv7qIS9aEZ7QucAW_oB766qnhbDHaQm1i2A5DBs5b4zLYTn06Y3TNP7bduxU-J9VfjmrHS1zdDO298fxVBbvwY4CDlDNR-s6cL5zvg8pCIVZ_uYjZGnFzUw73VU8lWjG7nvpENgGVb6qTAOHswsIFV6WqtUFbTYbluh_TDyDsdJZ8WjKo4C9eHWjAXyrQV6nbNl_lU96E3DnxAMseIrc7ppFiOYkdBeTbIsSgTtWF0NztMJFN2fE8NUk2DMkXEyNxxriVHP_ZXpk5WlRdHNdN2Ij6VSfSNdg2QclShsRFRQ1NB_ZHJm1ePZbIQ67GM6HorV9Ow4Erzmf68kHUb-wSdtDsldjgFuqkpI1ruObW8-AO2qkR4ADBlrEZlbOFowIHqfr2phfz7mN9V_Ple1redkG6AjI3VVu8vLm_jADJJfL6UyzNIqgZUP_GwN5aimh3Jj1jtXsCrg4Ts2O4eUjtPpjSXqcNxql_e4beKZl3noEVGTrFw1E&cid=CAASJ-RoxOBMqlCy_GP8qJJK3szF92RAOufYOzU1cJgsfUMvQ1Q4JyRDwSAN&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:48:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
333
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:48:03 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 2F18 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBqscz3THn6s-AOkx9ofOKh9N9isiG1mPO7ihhApstaHCSaZfWOnXyCZacEGd-1hRcgfJx-VwnSFyb_vpKyAwvjvINbnr9MYgluWD3M2NRAi8Xayxb0upK_fwN5WZ84aw_xlWFf9yZi2OwT78dTJ3hR8viEkV5xrqA8yMX7W2SnIfkJsEMLuIHHF4m6G_Lwv_uaHFvcV-zFIf-RvtqK8MtBvGlfmMJIJfpEqv_YkiGQqAB1rRc0wc0MIpq3bPhf9UXvz6DYwpRJONkl2SraHOE15FE1u7azvjst_N92RlDpLgaQNz61Aw1M5-3KGVtyK6HBkLVY4MJow2bbkSKzX3qsdxkh5ADaKK4eGrQFpH7e5UqD_XHbZNjJAPbC0-v6lFovBjLSWZ0ZzVf3mMHAKzucacvOqn2uP14R6dAv4DCtwbvmU7rTVHiEa3H6ktgnO4gSwnE3S7yr9BrVDFMkbYqQM2XNK52naPNqmlPwPxJnpbxQ7TvBRP3reQClq6acaO-J7ohPM2b7lqP6gH1zqJIz24ITqUPHS_F6iR8pMj9Nq8eYR8CyBn6BjmrDrM7OlTz7h5nH3BOTQIxfFG8uRqwDyeRaegeXsm0emRuonk2YBnkK3u9DDR_M7eeaw6RN6-VYvsyoca5QZeBbcDef2v0AReQNs4wuZsc37SZ9-kiY362U_AH9lxqTBJUew5-gKwTKQduNDJOeX4Hu_JgtRg1k4rxbRLqhQTvnAVo2iBjEQi17mzdSqyYqKwW7euvDb1pKuUa2J7OwsZvxtiq3DlUxMdpR90dbHQPvwtgFLMIVkZ1KyAMqyBm1QIkS0fbip-daU1pui0YFcoyxwPaxM2iDz4BP4TZsRcAp7_A4Gr8adP7Bn1i70cgaa8ehYTNLAmuGdxqb8iCcq1drOeU7OkZdfmHw693NtuHNDTDQTW79eWLCt97Z2xwzM6Pr8fiLeSL1bn5ZQzZj-khwpel25HLOW9d1cAkEPRiwQ1l2THo4e6ln_eXJAlNgJFKC4mS1WePO8O6MqYDVcqkfjkG0SNzg9pOvkEaKHgN1Avrvc3CGMjEsk75esLZXI1Hn7feLzB5TMIbDxCfIRfXewF94OxYQYgqQLuS4xqLrQDysNDnF2tAvxr3qOXUsEohaDIpqmD4Si9LeNJr0SfNZrnE7jI5T42aAMOa7bC0-hSpE2A0mor_Ovtzhh0whiFw5mhR1VsckGLAjXME9ILZ4wI0DZBctHc7__cHdMnAqCJLxwgKONZPru34zDT9Y3p4AgO3j5RBDeHlt7HS&sai=AMfl-YS1QgGCyVMFyl4jpmx-Gi1YFSoOOKD_mzkXkobpQMw4h64NOFYMRbwwoVcha8-7nip4DaccBGl0GzP-MP3PDtd_PWycHDswKBmF48SC9z3AYajjzVRYhYRDuxm4ru_D07TZgFn0apcfN03bQCHbDmYclNAYkTR2OFc1vUUpg3_wiC2M6WVgPg355tRYetMAiCT-b_XFgiJ--1Mce7oSmHoSkz4brcFEag&sig=Cg0ArKJSzCpBvFynApzVEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220831.60319&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_dg6QpSii7-jfifgKgLkmbdXWUDe4zyFqjMAymqR9BqatX_QZSS28hZ-rNfwaZd8Hl9MQGABpe5J7Yq6pwCJbTz3VA&cry=1&dbm_d=AKAmf-DcIx4bkfzdKSr7aIrMYT7AGV_imqms6VnYI94BKMti__nk0eQUGxCQ7kv1iqRAz5Irpi11bCmVSgQiEo1FYCY5DHGafnJ8QzOWNZVWlWeuHq11Ki-Akwn-PQgt97vYJawIp8f1WEPYFoElpHEc8_4P4XekKp-eEPaGWRmeFxf29hG1PGcVwysjUs3tMS7kG4UahwTgPCBFMTA9InI4UJvd34YOCxZb4masUyv59osub63OiGu4IMuakxs9qIPR_7TKg1bT7pm2cn88lS86fQukjO62Eds1Gai2vglTKEwXF6-hIy7UCfRh7jGyUX8Qdf5nKcamsjZ0MVeSCQnS7shn92-D7ug_-sIJcCm5zTW92pYxEIDb_N0dD6BN0BGVAipzsgFR0knmf79iCQa90GhrF_lbqHtFeBghGGGOoENcK3hgXD2Cnlj6KgjJ5DjXM-3Py-9o_BJOA2YoASPKipXJRLbgK77M3jxYV66qEN-MzBI8k45liMWXftZAzeDn53Ukx1DaZaDeTVQgq10Duuyu_mdTjrl6N4gEM2yNjv9ki5S0i5UqQJvA01IMWIFfNrW3jqAYXgptiHMJ9p0kcxGxrPIczm_30Sp22N3zO7ypQYwaRLE7HFsvH956RqF_ZvFg17ggEBlBTMrTlDfEi0bDdBW89fNSwdEMEKvn7debeXfCZAeMk6qBjd0Ah4d3UdnIseurUm9O4KRhlIYMvjKkfCpufG45f7BexqxboS5xFRZNhf5fEQOJWV3dqrsKEBtA2cW6AzP5a0rPkN7lD_mqS8DKzDKJ0xcf7xXG4euvzLMybUIxgiyyojN0nOp9LBKYyJVdLpIdsQ_7sLBFFQQCuqMt6HuCZfF6UMhzNoGaMTSmnX0YwXSnbqXybUUznxexFqTlTrRIn_zWw7S-tZiPZI5TJ9V0tx6_lTK9BtMHSeN2B_8F5wv_629kBj29FADXZYjgU7NkWmILiK9XFRKIQoIkJPEWnv1bNzXOSw9HlHo3xIMmo5jqRQEFrrCFChBVC5Mxa0ugmJebH-eV4DyBW86IUX9gfPABDoN25-jun86-PWGHp2FwHHA99OO7UxGFZYDzbmCwZJHDbRtjREX6NlSce_OdNNkib5wEcTM0ScU_B7F9VGJk5icqgbRZF2KrkQfC6TMHsgEz0P4yWkLTsNTMEiEJvR7h8Rar8I9lsx16wsBa_RIRFXaIhoIVb6KARuIgtSBpx-JPVGGgbWoJiLfzekCDUYjzRWbS_UgjWgh_lTWKud9QRSCCkWZN-8j8b8GB6xKmWXPpDBftM9Z0W0NopyQJZNqwcJ58Chx9F35J6MhgtmiZMQMypS6SCYYMhpJdV_RE2jA0ugOjQM3JmsIY-UfG-BBupgzqSiaG-gWm-twOkIJ4uBrpgMhlIXcecOLVpmqTk2BSLuoLEk-N_DCfN5sVhoW0pB6byY2dEoUANtD3cEBU-BJVJKVzVY_ArKZHNQExUv4nDDfYQLMYNYOBysVh7pam_gJnikSf034aA_j5y9H96TrJFnKtxkfe-lt_XfDNlVDGnNP0ynKfZiAZFeWiQO45CKnIcvNZt-Enq5IOBF--j6otomnn7vUoj7HUuZSghHIf9pmZP3Xo0wfStxSfAwzpBYJf4v1t2Rkikkknq7WQvrA3chci1hKSOfQTD7XF_oRoYL0cqotqa-1fqEy04CXCShRR8uXOXZvnoP11_DXaW-I4stS5qOLxyTb1s2gSEWV8MBbfAafdIvARj9j7j_nN_wDjOYpX9bwoaa7j0q7dWfywjhLuln5Al27R4YDYaZYaGbaI1aEWeVvtXfXeCERVYUh_KcKbjdY-H-ell1DnQYsoFrr7deWhcpFgcGFzhS8E8mRsvvgsMmpjtlbQzyIh9KrA_673YRGJpyrn6gLyWgAQ_fx9GSYP9Qpw4ubXb5I9HtUcXblCVRvVmjmw8amPL4CiCw2OQ4FcqTzy2VxFdj5bmgxpYR58M1ZuZ7AjJ7Cd64rpQ1ADf-6QD6fbF_Amwg38UJsHWOazIGCLLCha2NTDlMG7ItIA5581REXqnOWijHM1P7s-ZE7rDuFgiKOL57vQH4RKnLi1x0j_pWY9wxB1CCUd4zgOjpZTx_Z45RTqU8F2-g3mrnyMgqMltRfyoizUMQjCQ_2TP0ujAAzF-uYpHIVanL07odp5PyVTy0uF5Z_d0HqNhZf4uiWAOKgD-beDdUgTNg_u0lvDVZMFTu2a6dTFn_QjaTTPD-RHiGXA0Rw5iJBHDYtiMo1_XCMTCNCgkT8xnBsEURrRRRoqyS04SDt-V_ngxQQCArln7-AUflWTW9r0MfGgsLcuQa6NN-1kbWxL9ba0yfbnajeoJ6iEk0K_9IdupjcqN91josHg81afY34HEVgxuOeLwRRfsQ4O-XOoEHWtw2AIwqHQ-olPJCEiVpTF7VS8J-6l1h6E4Ft7PpCvY2PBZPIvQytQInAmXOOBPqV_wCdC3q2ot3NWyAvTHdpB8ZpXkx793RopHdil7DFzmvZz4JD6JsCNROLd1UAlLbUJ7nvN6fbe5A02DeF8cecB5Nu9SX4ElPxe294q8y4tYtRczo335xGi_ad_6YLgRJis4DXfFIu6SQqwwuRouoHfK_QIrgiHxzeq_zKDPVkAc-X7p5i2Xai312m8sMzv4Dx68wuxKAhNHMYcfHsP4-QhVShfQjDEYS2ssVXIpXsTXBUsE0o8eTE8gb-L7L6MDhdnb4Yw59SbTCiR_B49A7hAqFYjvP0qwmYdtySSydPJROEoC1J0dhpuySIULFNrB4GqcL9obBzKXoSJEhOgF8Xslq76HRj2ZcG8VE1DOaSAO17Ssr7Nyw8JsjCgiSsZND6hCz1SP7UFbQiKrr58vJlA4NoBkQ_1zn0KbQGa3bLz9u3V-qgd-9W0Ttf8OpF_sLBUtBACRGq1PCAKpEkaIvlOPSc2gkou0j2wI_Ije5OvwMtfFOvdELvplVPSFIjlMsSOH-zCT8XvKeTHnWbDv7qIS9aEZ7QucAW_oB766qnhbDHaQm1i2A5DBs5b4zLYTn06Y3TNP7bduxU-J9VfjmrHS1zdDO298fxVBbvwY4CDlDNR-s6cL5zvg8pCIVZ_uYjZGnFzUw73VU8lWjG7nvpENgGVb6qTAOHswsIFV6WqtUFbTYbluh_TDyDsdJZ8WjKo4C9eHWjAXyrQV6nbNl_lU96E3DnxAMseIrc7ppFiOYkdBeTbIsSgTtWF0NztMJFN2fE8NUk2DMkXEyNxxriVHP_ZXpk5WlRdHNdN2Ij6VSfSNdg2QclShsRFRQ1NB_ZHJm1ePZbIQ67GM6HorV9Ow4Erzmf68kHUb-wSdtDsldjgFuqkpI1ruObW8-AO2qkR4ADBlrEZlbOFowIHqfr2phfz7mN9V_Ple1redkG6AjI3VVu8vLm_jADJJfL6UyzNIqgZUP_GwN5aimh3Jj1jtXsCrg4Ts2O4eUjtPpjSXqcNxql_e4beKZl3noEVGTrFw1E&cid=CAASJ-RoxOBMqlCy_GP8qJJK3szF92RAOufYOzU1cJgsfUMvQ1Q4JyRDwSAN&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Mon, 05 Sep 2022 17:53:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 2F18 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_dg6QpSii7-jfifgKgLkmbdXWUDe4zyFqjMAymqR9BqatX_QZSS28hZ-rNfwaZd8Hl9MQGABpe5J7Yq6pwCJbTz3VA&cry=1&dbm_d=AKAmf-DcIx4bkfzdKSr7aIrMYT7AGV_imqms6VnYI94BKMti__nk0eQUGxCQ7kv1iqRAz5Irpi11bCmVSgQiEo1FYCY5DHGafnJ8QzOWNZVWlWeuHq11Ki-Akwn-PQgt97vYJawIp8f1WEPYFoElpHEc8_4P4XekKp-eEPaGWRmeFxf29hG1PGcVwysjUs3tMS7kG4UahwTgPCBFMTA9InI4UJvd34YOCxZb4masUyv59osub63OiGu4IMuakxs9qIPR_7TKg1bT7pm2cn88lS86fQukjO62Eds1Gai2vglTKEwXF6-hIy7UCfRh7jGyUX8Qdf5nKcamsjZ0MVeSCQnS7shn92-D7ug_-sIJcCm5zTW92pYxEIDb_N0dD6BN0BGVAipzsgFR0knmf79iCQa90GhrF_lbqHtFeBghGGGOoENcK3hgXD2Cnlj6KgjJ5DjXM-3Py-9o_BJOA2YoASPKipXJRLbgK77M3jxYV66qEN-MzBI8k45liMWXftZAzeDn53Ukx1DaZaDeTVQgq10Duuyu_mdTjrl6N4gEM2yNjv9ki5S0i5UqQJvA01IMWIFfNrW3jqAYXgptiHMJ9p0kcxGxrPIczm_30Sp22N3zO7ypQYwaRLE7HFsvH956RqF_ZvFg17ggEBlBTMrTlDfEi0bDdBW89fNSwdEMEKvn7debeXfCZAeMk6qBjd0Ah4d3UdnIseurUm9O4KRhlIYMvjKkfCpufG45f7BexqxboS5xFRZNhf5fEQOJWV3dqrsKEBtA2cW6AzP5a0rPkN7lD_mqS8DKzDKJ0xcf7xXG4euvzLMybUIxgiyyojN0nOp9LBKYyJVdLpIdsQ_7sLBFFQQCuqMt6HuCZfF6UMhzNoGaMTSmnX0YwXSnbqXybUUznxexFqTlTrRIn_zWw7S-tZiPZI5TJ9V0tx6_lTK9BtMHSeN2B_8F5wv_629kBj29FADXZYjgU7NkWmILiK9XFRKIQoIkJPEWnv1bNzXOSw9HlHo3xIMmo5jqRQEFrrCFChBVC5Mxa0ugmJebH-eV4DyBW86IUX9gfPABDoN25-jun86-PWGHp2FwHHA99OO7UxGFZYDzbmCwZJHDbRtjREX6NlSce_OdNNkib5wEcTM0ScU_B7F9VGJk5icqgbRZF2KrkQfC6TMHsgEz0P4yWkLTsNTMEiEJvR7h8Rar8I9lsx16wsBa_RIRFXaIhoIVb6KARuIgtSBpx-JPVGGgbWoJiLfzekCDUYjzRWbS_UgjWgh_lTWKud9QRSCCkWZN-8j8b8GB6xKmWXPpDBftM9Z0W0NopyQJZNqwcJ58Chx9F35J6MhgtmiZMQMypS6SCYYMhpJdV_RE2jA0ugOjQM3JmsIY-UfG-BBupgzqSiaG-gWm-twOkIJ4uBrpgMhlIXcecOLVpmqTk2BSLuoLEk-N_DCfN5sVhoW0pB6byY2dEoUANtD3cEBU-BJVJKVzVY_ArKZHNQExUv4nDDfYQLMYNYOBysVh7pam_gJnikSf034aA_j5y9H96TrJFnKtxkfe-lt_XfDNlVDGnNP0ynKfZiAZFeWiQO45CKnIcvNZt-Enq5IOBF--j6otomnn7vUoj7HUuZSghHIf9pmZP3Xo0wfStxSfAwzpBYJf4v1t2Rkikkknq7WQvrA3chci1hKSOfQTD7XF_oRoYL0cqotqa-1fqEy04CXCShRR8uXOXZvnoP11_DXaW-I4stS5qOLxyTb1s2gSEWV8MBbfAafdIvARj9j7j_nN_wDjOYpX9bwoaa7j0q7dWfywjhLuln5Al27R4YDYaZYaGbaI1aEWeVvtXfXeCERVYUh_KcKbjdY-H-ell1DnQYsoFrr7deWhcpFgcGFzhS8E8mRsvvgsMmpjtlbQzyIh9KrA_673YRGJpyrn6gLyWgAQ_fx9GSYP9Qpw4ubXb5I9HtUcXblCVRvVmjmw8amPL4CiCw2OQ4FcqTzy2VxFdj5bmgxpYR58M1ZuZ7AjJ7Cd64rpQ1ADf-6QD6fbF_Amwg38UJsHWOazIGCLLCha2NTDlMG7ItIA5581REXqnOWijHM1P7s-ZE7rDuFgiKOL57vQH4RKnLi1x0j_pWY9wxB1CCUd4zgOjpZTx_Z45RTqU8F2-g3mrnyMgqMltRfyoizUMQjCQ_2TP0ujAAzF-uYpHIVanL07odp5PyVTy0uF5Z_d0HqNhZf4uiWAOKgD-beDdUgTNg_u0lvDVZMFTu2a6dTFn_QjaTTPD-RHiGXA0Rw5iJBHDYtiMo1_XCMTCNCgkT8xnBsEURrRRRoqyS04SDt-V_ngxQQCArln7-AUflWTW9r0MfGgsLcuQa6NN-1kbWxL9ba0yfbnajeoJ6iEk0K_9IdupjcqN91josHg81afY34HEVgxuOeLwRRfsQ4O-XOoEHWtw2AIwqHQ-olPJCEiVpTF7VS8J-6l1h6E4Ft7PpCvY2PBZPIvQytQInAmXOOBPqV_wCdC3q2ot3NWyAvTHdpB8ZpXkx793RopHdil7DFzmvZz4JD6JsCNROLd1UAlLbUJ7nvN6fbe5A02DeF8cecB5Nu9SX4ElPxe294q8y4tYtRczo335xGi_ad_6YLgRJis4DXfFIu6SQqwwuRouoHfK_QIrgiHxzeq_zKDPVkAc-X7p5i2Xai312m8sMzv4Dx68wuxKAhNHMYcfHsP4-QhVShfQjDEYS2ssVXIpXsTXBUsE0o8eTE8gb-L7L6MDhdnb4Yw59SbTCiR_B49A7hAqFYjvP0qwmYdtySSydPJROEoC1J0dhpuySIULFNrB4GqcL9obBzKXoSJEhOgF8Xslq76HRj2ZcG8VE1DOaSAO17Ssr7Nyw8JsjCgiSsZND6hCz1SP7UFbQiKrr58vJlA4NoBkQ_1zn0KbQGa3bLz9u3V-qgd-9W0Ttf8OpF_sLBUtBACRGq1PCAKpEkaIvlOPSc2gkou0j2wI_Ije5OvwMtfFOvdELvplVPSFIjlMsSOH-zCT8XvKeTHnWbDv7qIS9aEZ7QucAW_oB766qnhbDHaQm1i2A5DBs5b4zLYTn06Y3TNP7bduxU-J9VfjmrHS1zdDO298fxVBbvwY4CDlDNR-s6cL5zvg8pCIVZ_uYjZGnFzUw73VU8lWjG7nvpENgGVb6qTAOHswsIFV6WqtUFbTYbluh_TDyDsdJZ8WjKo4C9eHWjAXyrQV6nbNl_lU96E3DnxAMseIrc7ppFiOYkdBeTbIsSgTtWF0NztMJFN2fE8NUk2DMkXEyNxxriVHP_ZXpk5WlRdHNdN2Ij6VSfSNdg2QclShsRFRQ1NB_ZHJm1ePZbIQ67GM6HorV9Ow4Erzmf68kHUb-wSdtDsldjgFuqkpI1ruObW8-AO2qkR4ADBlrEZlbOFowIHqfr2phfz7mN9V_Ple1redkG6AjI3VVu8vLm_jADJJfL6UyzNIqgZUP_GwN5aimh3Jj1jtXsCrg4Ts2O4eUjtPpjSXqcNxql_e4beKZl3noEVGTrFw1E&cid=CAASJ-RoxOBMqlCy_GP8qJJK3szF92RAOufYOzU1cJgsfUMvQ1Q4JyRDwSAN&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 07:50:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
295359
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Sep 2023 07:50:57 GMT
5494435694731802657
s0.2mdn.net/simgad/ Frame 2F18 		114 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/5494435694731802657
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b4e4185fd32167cb7d9a41483d35fbc0326d42f094818b50e07f517a506220ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 00:13:51 GMT
x-content-type-options
nosniff
age
322785
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116906
x-xss-protection
0
last-modified
Wed, 31 Aug 2022 09:27:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 02 Sep 2023 00:13:51 GMT
/
track.adform.net/Serving/TrackPoint/ Frame 2F18
Redirect Chain
  • https://track.adform.net/Serving/TrackPoint/?pm=2488958&ADFPageName=DAN_Valentino_Tracking_Campaign_Impression&ADFdivider=|&itm={sv91:%278468260%27,sv92:%2726085996%27,sv93:%271374101%27,sv94:%2730...
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=2488958&ADFPageName=DAN_Valentino_Tracking_Campaign_Impression&ADFdivider=|&itm={sv91:%278468260%27,sv92:%2726085996%27,sv93:%271374101%27,sv94:...
35 B
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=2488958&ADFPageName=DAN_Valentino_Tracking_Campaign_Impression&ADFdivider=|&itm={sv91:%278468260%27,sv92:%2726085996%27,sv93:%271374101%27,sv94:%27306358049%27,sv95:%27177023086%27,sv90:%27IMPRESSION%E2%80%99}
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
expires
-1

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
server
nginx
location
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=2488958&ADFPageName=DAN_Valentino_Tracking_Campaign_Impression&ADFdivider=|&itm={sv91:%278468260%27,sv92:%2726085996%27,sv93:%271374101%27,sv94:%27306358049%27,sv95:%27177023086%27,sv90:%27IMPRESSION%E2%80%99}
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
text/html; charset=utf-8
expires
-1
5136854307345587388
s0.2mdn.net/simgad/ Frame E29C 		947 KB
947 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/5136854307345587388?w=195&h=102
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10017de59f10543b2fc736d8c724b7cf1f981f0a83e4320261fba3d0ea5ec7d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 14:56:27 GMT
x-content-type-options
nosniff
age
10629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
969397
x-xss-protection
0
last-modified
Mon, 03 Jan 2022 11:02:46 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 14:56:27 GMT
truncated
/ Frame E29C 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
38354e6a0119fe113356e1506a115ca148a6b9ea22cf88136baa9167d6fde794

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/svg+xml
adview
securepubads.g.doubleclick.net/pagead/ Frame E29C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CCkmUnzcWY4OKOdPRgAei4IOQA5GO_clrmeaPou8OvtXakJ0iEAEglZvKIWCVypGCoAegAdHQ0MkCyAEGqQI7gscMP6SwPqgDAaoE8QFP0Plrh71S7J69F0D_NYT1tESKgTuzDk99sNcglNOGKcdoW8wCkzAr2Og6H13-EN7UNAovQb0vmt9vhkHOjI2dmWvllNbtsxFhSfpG1iM0ffJpLWMr_Et72aWOA5N1yXc5cdR5fVFa6S_jD_a5ykzRFgULy8Wvi_ugoZ3Yi7HMUhZA-PQBpkollqLy0nMOlUygGWjYJURCr6g4G-ECH4ZUfSJxsO64i52q6P3U4seNy7eluRc6pR1vFTGFGFuKz2dbKMWsITjX1FaSPMR2BR8u1xXM-p3KskXpv9weA78NU4_I_Doha_bwxXnHIWoF61CMwASr9v7tiwPgBAOIBeXv84AokgUGCAMQBRgBkgUGCBsQARgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeXr6-2AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKENunAhijtsK-AdIIEgiI4YAQEAEYHTIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tOTkzODU2NTgyMjAzNDY4MIAKA8gLAbATi4aKEMgTp-66CNATANgTDYgUBtgUAdAVAYAXAbIXHgocCAASFHB1Yi0zODMxODk0NTU5MDE0NjE0GP35Ew&sigh=wrn7dQbcbwk&uach_m=[UACH]&cid=CAQSPwCsnQUxXokRgkEeszIFDc0UQ_CZz-8oe-vc7Qe3GM1Z5A7ZZCqsaTyqQveGcLnhZJ_ExvHCZwY3U0ZtfydrGw&template_id=509&vt=10
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
ad
googleads.g.doubleclick.net/dbm/ Frame E29C 		42 B
63 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AYi8THZEfNPZk7NNWFKvXw_LXXKQJSzIkrvTI-w4oHk2P3eoz11qPW50Rmg4oQMGWmMCJ5gt65oADUfDtBF2-LrUBFqoAfRwXrdxZvpyDmn9kdQGe3DEp8sEFdVe44bVY9iACaGpFT5Xmw2KgyBMF-Jo1q2w&dbm_d=AKAmf-DCWjTG64ngM_5tbW8ZvE_IpuhTLcgabLlZZVDdkSz8d5xE_pEfWohsVpoIIXsEOoBLbDu3dip4XWVe3mzsP_2rvoXwTFBkuQSOmwlHoqD73ZMAJLU7ky0EM5C-FLzvXdwI_oAoAJDiye58XgzjdlcMB-q_uXgmEGaqc8OI4DdKpuv5TfsZTO91iSPmAc-NpghXmrO_h-lfIDNcSx1bZsxhJHnXvyXJBsKonMRPs2f333nGDltgGcOroiWfEwxhRIUFZlyJiwfCC4qhWYJNGe6jXSQoRxBPIDCf9xLVi8DXCWfU5iICLzoExWNgU-o-hIij-cr277fM0fG5ep14b7W23xVoTKW1wNtLXORzym1MfZZEblSNGoiuUWpCrFWfiGOFI-YNw-cnpbod5bffvAjd7yCuBklAqrT8Qo_PAn47Srt_hP-RVv6FtU9qJAEdCGQWsIxOfFPag-OETF2Czh39_t7A6nFMP7uRyCD_MdMRAbrqtH-m3UP8HfX7NcxcVwijjwY0zfKYY0BpIUBZ4VTLQYLHQYN-GA-AdVPD48wYJNTso2126H5d22E_HqzR7V9Mz4Nkwnm3nWYEmxU1jFctC72jDysIUT8NOqZRFN9WZrVa27WvHhD4WUeGOJvznX-TMcsiunrHj82oO9KH77Viq_J6O_ADfmAB3uWFp81aFKrGawzsPiNMgSTn2xmXHWdeoUKuTWzLBt-fbDHs7MR-Cr6d8XwGQ2hWpsnjZTSq-zbfB8zWCkbw2H97h_cP7FsmZqZ9_PMFCo7rmnCJMRzLwEEndOya1tIrGRY_28zQhJRGTBQ7grz_PTJLbNJhIoSabpyEY7aS2sIYP4TFnazD-yPmHrZHMPjPdsrbk228A-RAF1Lo7nVml0tMVtwbq_TfUQ7kb07uJrwbut7QggNVOkPBLY8leAfERp0BNF5U75Qi6BIITyOZLLJCVEAxdLDCMipYm6B6kqDF8rh6VMKF_aolpYnbiW3QoljC-eIF5dArxZIPiOq1fKFz0Her6wmOgjgH2-9n1fxoUk7ZBljSxV3GW88I6HcY3ndhJlaamZS-5woovYsm096hq4yzdWVgVfLHuico98Kk9SBhpSiTVJsbS7H0EEgfYYHM79Lrpo--gbMRT5mNDt7bCy2GyVK55Je2PjhpQQXF60jdNJA8JWs3B5WLKD5ZKw-OrCO1C3WuCnCGsa_ekmhzF2JPDhF7F-kHP0ZtJmG8NfmQDoTFeKcqJczOyR1HQlnxlKQH7ng4DD5tQJmegcCaGJZT6xzSeLhAj_ollXWAHUpkbN3NOik8QVEMX_w0XDgw8_nJYjTUGLLjbMhyaBh8067pM6Tm-SpREczvZT1jjh-YleAksr3A-ss0pB1Jh9HgXMfu1hciYPYh210PJu9_TVk89h66Gdb_anXtsG-EFCz2Fk4Vo-QbHEYLZzRF4qkWj1odOlGHhQZumQi-aY0cePJS7X8wFW7Cplp6OoP5H9dD8wOExmzsIY3gv3tVP_yXUoLgE-b8BR3XJrIHJ-Jl8Kq0_HK71bzJP63T6kBYbOPKoAl9GIpwcAm3IOAlBrRMiikf54F7TAdgxRmW2rcT_Cl38Qu0LexXG_cwAvFSx7Vb3stPPhw5jh6aTHbiDZpRKOL1RgfCHwAelD1WyxmAROifzbTnhuGR6TseVyKaN3RQyQy6zLQmz6zA-KFtIU8NUUHGKHMnrddrz9KxyFqxY7kv0b4eSWKPIL5xBo1HiSmEP2tk75v6x4ZLTTtnO6z0FY_9VWwfjdU70aGxtfNmCozX4-F1Yx3d5CTDpfcmyCNF3Ht6PsGOD4pWi-k1oan1_7zA9z4Kr-ozIF8uoPLqbCzsRl9C-5ge6DgGp8ZA-LYksGD9NEcWyfbKAZQwnsSoAF5ydjh-WhVq5gmxB2ewjIH9AjLjpfnhJmcqoZ4sg4TQQIsZ0nim475I4KxgQce1vgy35EyCS-zD2dk0w9u8FRthhTK3m52s7lT0hhRiTkDj1_Dcst-dTnoilBMh4ve637Ipu8tWRYplT_pz0lIGwpDMXoK6jv-teHbWTS4P1p0v88wwOeneCCV3NTPJwZp12YEGkjG3ADLWrYIA1rvvpmYtDxTaFSLTBQg52IzduCN2A5CKzcbM2fXkft1hyN9-UHPtNBq41IZj0qoYHJlQ8BnyaQB88OvlxElkYrE5Mr-muph-S5khz00uyQT95vX-X_g0Wu_bddhqz4c7boc--878BJHLWfi-vafOPDH5w-sA5MrqMYLyAG8YbJsT1OeIW4_m-hLCI5grre2uqfo3zUv78N_68yeQLPYgkH0OFr0ppKjT9pwxR7UObwaDQ-IY8sZJaxY8cC2DE0Fdnw5Y375LOPw1AaabrxOq5rohp3YMsrGUDg9FshlsMtc5S5j0JwXc8cbkk9QPla43z7FhE3LBf94aglEa4RXZSKqIZtKloLj3j7jO7EAfGjJiZS7CPr3--JgT8Od-MR6ThwJuvPDobgrDhMYalGwIhBdHuhkLrEyw6ovrUEMMdHdoPD9wNy4V1C97xUp_fijMfF5TTsjpDDZn097sI8_7pFsep5nmLUErOEEY_8O-d_R4J3fi-n0IhkNfGARbSlnZ0OejhLgATuMrEZxHKYjULt5g_hxjnMTpJFJrVbUyDb_UCv17xX5HUBYqGntGZ7Gv5elWn5lBK7l9H4roymfqZptj-y5leVs5p7bQfqIbzAhLhyurHwJDMJwFfSR9YtJZbP9moeNvi0RAO1IaK8J-k8JpLdxukZ8k8cNdDZwZbQDa2X4Bi0PWRFLm7kiFH37HvkEKWRC19xc0iboYr2Am_Ev77901C3eQ5gDCLMr_EZLt5PZfkEi8i9S-My0Z2WQqfSPrCJOGqjhg0u_Oiu9Plz9dwYiXW80IagWdwAt9L-yKl6jd_OZjbLrbWLC3SE_G0ZgjulNUU4xPVrzQGv22VeBt3s0AOXXlGPWQfPSaO0D-LZlcqouPOzyBZC4EkqUedfrwRLsu_wA03SfHkBcv2Ha6yfES5iZpCQ5UxaFVLmLJephbci37A-GTaarePm0287uOW5LmlCL2KAuXgZZwN74ZY5sfsVW5v5hcFjG_iSziI6w_R2-asL76v_bRylRxY53e6-1cUOB8KYU78UHKMlRGThtkxHG7yPIYrSGkAehhj9Uafq6_s1OluTo&cid=CAASKORo8ny-fZH03DlxbMsAa6C5Fg3NzcRo-zXr8g88PrlGAw1CcrcCzvk&dc_exteid=596045599145614055&dc_pubid=4
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame E29C 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abd69d600a2765e19efd4ae7e0ae67251c444d26983dee435163fc1331239ec6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame A0AE 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
295359
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 02 Sep 2022 07:50:57 GMT
expires
Sat, 02 Sep 2023 07:50:57 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
xhwrmj44o767
hal9000.redintelligence.net/zone/ Frame A677 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/xhwrmj44o767?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNTQ3nzcWY6mnN6mxgAeSsozYD7XN-YNXvNu5q-UM8C4QASCVm8ohYJXKkYKgB8gBCakCO4LHDD-ksD6oAwGqBPcBT9DNUaFsZoyFcwor6BXIeV_bfSuxMOSDUHOQMIjw8aX5us5iEHhI9WEZC0LJFh4EY4p7gURTNq90q6_Q0KB8hwdz5fzquWtkJzW_taBBTPUSF9IBqhxSkn9Mxm_txmYmLXlJZlw2SOWBuDnIYl-PTkIkv24JkwAuwyjwxbpLAjlOReJ8b1TZ4GGbwDZqQRBNcdiqP2iK_T851__KQgFyhYAO0X2qgOYcWEjLjwp_UvYdf5qI7GBkUWNd2rZUmJIdb19Ul4QJ-N5tj7WZx3A7O7paYH8RQVErZv3DNbDGHqK0mHVpT2siWe6OQ9dI3JwjKRaD59rNQ8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tOTkzODU2NTgyMjAzNDY4MIAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g%26sig%3DAOD64_2SJJnOk3TlLJZyhOvZ7mmfWkwMlw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CBUoRSY4W3DKUg8HTru_ZFbHcsGTkbCuhfsJ-Gf6Yq2Y-5bgWn4rCJQZs9VMbRa7zcGQ22oZCQeMSHH_LqOBUJ3wLackIwH7_8hXQ7U5sSvQ9ulKQRjl_AoeZ1jnr_oX9W_VuPW4E0OIxSvirHfNb57KE8nw%26cry%3D1%26dbm_d%3DAKAmf-DYNuD88jcOhSR0kjngTTcloYxQheKZfCmhNEwEyewIHhz5J52MLlQpdRhgZJ24TsqFJblxUrVMnpiaf8mtqwqsHSriJIC0cVIFRru2m4RAcYjw8GsQK1lD5bR9OexjHVqdKFhvJZd85Tn7PSmQyhy5HiZMpdC9mbVqalMAIz17UWMWxhOlHZJJkW_XKyhrBa_Ff8AnHKhLPIj93mwANsG202bQ_DogiikUk45qULIb7moBUKveXKCArKgslv_NRuBOLhQ28mDieKopSsh_6r_IZGThkwmqXdLkf4cPezO29Ry5mAns4zoP9UgVX95PX2Dg6unHWn6CnONmuNXqraQeGb6hC5dsLp5l_kBHla-ycvSzTb7kZ-NDMTLpfn0oXzd0HiPs7FYzjkVTkF8feSPY94kGHQR1dN0TJIaq2sh6jCUrqTKnCpKbd_0O6dlPqJ-ZAFwvukItim0bXounP8d3YudZnrcs6Q9Ak0u4gIdngyGKOkVxZxRJP7Ai-Aam2Yt-Rou9ZgvWFiqz22lmhYqrYyTvDTTgM362WqR9vGfki8nA8QbFJM_taDwuH0mg8a_enV13_C9pXbLWUipjDH0KoqbnL9eDvwLahNKPqVBZypUatOdoDKOFPkq9mkura67QLg0t%26adurl%3D
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.164.102.130.94.clients.your-server.de
Software
Apache /
Resource Hash
8e77b3e6ef93af58380131ec650584ce5e4053b988253d4ef1596cfafbcdb9b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:36 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
4141
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
si
googleads.g.doubleclick.net/pagead/drt/ Frame 64E8
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:36 GMT
expires
Mon, 05 Sep 2022 17:53:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:36 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 5965 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
295359
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 02 Sep 2022 07:50:57 GMT
expires
Sat, 02 Sep 2023 07:50:57 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 12D8 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 07:50:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
295359
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Sep 2023 07:50:57 GMT
truncated
/ Frame 12D8 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
13d612759d841e36ffb65d66a0b67cb1509d030ec306309681174fca8cea5352

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 2F18 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cac92ffee7ee14c1479de55ba1f425f8fd05e5d792a7621edb46ab84a89cc006

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E29C 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 12:56:05 GMT
x-content-type-options
nosniff
age
17851
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 12:56:05 GMT
index.html
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/ Frame 9E2B 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a416a40b169eb44c122821aa19de8e0ffca5bf2543d6062c2f4ab6d7ec64129
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
37978
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
1946
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 07:20:38 GMT
expires
Tue, 05 Sep 2023 07:20:38 GMT
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 12D8 		0
27 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuMaHrJ0cUk996c49wyDNrL2p6jhBMIbNQg0-pKxTJ1q2TJEcDC9rvRYsRpSJKe1b5WfE_ryy3o2BSlIuHYwAhRuE60-3HEo0oHUzKDemx1pADFGbrynRpxpcI421f5UK-Yd8Gic5grzZgH4C6UaBiogjWbW5Q5Qg6u0lCwymwCNxt-XCU1catvzmLxzvWpFMBG66v6pqWHzshYfmhABWG92ye8fbhIXaGJT4qhjlXFvGCg-TWINN_tHip2_G7CTfrh5RgZT9ShXr1894iEnctn59suoB0UVa3kJag7jbBlReyqD9VDPD1AMaRywyHrngksapgr2loVTX3j4X8PKa4zTqVMUucd5jlGov86gW9j_4O5CYJBQFR-Y-ENy29aYBjkNXSn1XI6E9ny2GpTZlSkhTagmbOmdOxXpkTGQwOgYL4nArzRUBUJh5ZG4XXdZSnVse-3AXyPkvkrlC3jEpQ2AsH4ffukXAGSqMxAvtZ3sheMsJSziSJo-hreJANQa51PhlD3_caNlj8-8raeSprXC8tIDQRK7_y8OFR7ABy93yLfECScOsJtsv5fI6-vYD_mU5imyCIwgNVFS3--G8dEF0P8zPVMh5J3lFB1kAHFYMOUBjkW4zbdbd88St0D-pJxEUr8TtjfNVJ8CvRUaKixwJ7A9m22IUllXkR2SmVcVy6ZQXF3u6mOIAycsqGF-wJ_5TiVh6KGYwtf51WcaEaAJBBrO8DjnaKGYZYdRCFhjPiwKFKRU2VCZnI1-HkhDz9t15QxRDtbznuJlAljnfrWR3JZ7dopcLYBplczQ_lTQaaNPYKw_QujGhliTPegCZeltaDVCNvoFY8rBQ0Z9cewVIKqhNmc6MZRL86SeYt8xbSJ54Arvas8bXjYLVWjkpxITPnforIPzLMQw7A0aEE_aUHBG12AEGtEHvGlnUftiNPMTLY89Lbghz0RlprGvkJrXPgqbB3kAxy2AZ8b99qK74t1_qLid04KcKy760J6BcaTY9XHM3fhnboeBzuzV-u8acdB05_KlcdoB43oUVvos59f8yCx4ydGdqW5Q_jDlsG7-RWfjM09a3xM1WQtj6mya3BLO6Bh8Dq_ZswTlqHTeMLBQZiga40z81CYAx9N9EGQr18VjlMgjHCN5HcnXwKbn1ChLL-_9wsmtdHfbNB_zvQF5YE3-keNTdL26UOfhiL3qeLxuUXDDI5-OQcaUDVnghTqWdX7nHqEGWIGfOlhvhfY694VFffsX5eaJkyv6gxG3_SxZaOLCLIHmkazG_vXNy2y6XkpyflUVexBM-c&sai=AMfl-YQy3xEBrrPPgC3iZU1LGONbluHsmdasyQNpHf7mmUc0dAwnxZqizBfPKTXyP8E4ZFiQleKutwPYMuMvK_9DzQDftNQgqZWIdB7gba04I78hDk6gpoPb5fxFbxkZ8r_XiGPGwzihB5ZeI9O_l1dHCeBe8MJnArAVgP8GDrk7wDXjWYsLeQ8BV1Vo3DUEmtG3N67dHQtTqCM7nsMCuSJhpCP124ghCsk&sig=Cg0ArKJSzCZr667wZeaJEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=192&cbvp=1&cstd=188&cisv=r20220831.48006&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Mon, 05 Sep 2022 17:53:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
view
googleads4.g.doubleclick.net/pcs/ Frame 2F18 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBqscz3THn6s-AOkx9ofOKh9N9isiG1mPO7ihhApstaHCSaZfWOnXyCZacEGd-1hRcgfJx-VwnSFyb_vpKyAwvjvINbnr9MYgluWD3M2NRAi8Xayxb0upK_fwN5WZ84aw_xlWFf9yZi2OwT78dTJ3hR8viEkV5xrqA8yMX7W2SnIfkJsEMLuIHHF4m6G_Lwv_uaHFvcV-zFIf-RvtqK8MtBvGlfmMJIJfpEqv_YkiGQqAB1rRc0wc0MIpq3bPhf9UXvz6DYwpRJONkl2SraHOE15FE1u7azvjst_N92RlDpLgaQNz61Aw1M5-3KGVtyK6HBkLVY4MJow2bbkSKzX3qsdxkh5ADaKK4eGrQFpH7e5UqD_XHbZNjJAPbC0-v6lFovBjLSWZ0ZzVf3mMHAKzucacvOqn2uP14R6dAv4DCtwbvmU7rTVHiEa3H6ktgnO4gSwnE3S7yr9BrVDFMkbYqQM2XNK52naPNqmlPwPxJnpbxQ7TvBRP3reQClq6acaO-J7ohPM2b7lqP6gH1zqJIz24ITqUPHS_F6iR8pMj9Nq8eYR8CyBn6BjmrDrM7OlTz7h5nH3BOTQIxfFG8uRqwDyeRaegeXsm0emRuonk2YBnkK3u9DDR_M7eeaw6RN6-VYvsyoca5QZeBbcDef2v0AReQNs4wuZsc37SZ9-kiY362U_AH9lxqTBJUew5-gKwTKQduNDJOeX4Hu_JgtRg1k4rxbRLqhQTvnAVo2iBjEQi17mzdSqyYqKwW7euvDb1pKuUa2J7OwsZvxtiq3DlUxMdpR90dbHQPvwtgFLMIVkZ1KyAMqyBm1QIkS0fbip-daU1pui0YFcoyxwPaxM2iDz4BP4TZsRcAp7_A4Gr8adP7Bn1i70cgaa8ehYTNLAmuGdxqb8iCcq1drOeU7OkZdfmHw693NtuHNDTDQTW79eWLCt97Z2xwzM6Pr8fiLeSL1bn5ZQzZj-khwpel25HLOW9d1cAkEPRiwQ1l2THo4e6ln_eXJAlNgJFKC4mS1WePO8O6MqYDVcqkfjkG0SNzg9pOvkEaKHgN1Avrvc3CGMjEsk75esLZXI1Hn7feLzB5TMIbDxCfIRfXewF94OxYQYgqQLuS4xqLrQDysNDnF2tAvxr3qOXUsEohaDIpqmD4Si9LeNJr0SfNZrnE7jI5T42aAMOa7bC0-hSpE2A0mor_Ovtzhh0whiFw5mhR1VsckGLAjXME9ILZ4wI0DZBctHc7__cHdMnAqCJLxwgKONZPru34zDT9Y3p4AgO3j5RBDeHlt7HS&sai=AMfl-YS1QgGCyVMFyl4jpmx-Gi1YFSoOOKD_mzkXkobpQMw4h64NOFYMRbwwoVcha8-7nip4DaccBGl0GzP-MP3PDtd_PWycHDswKBmF48SC9z3AYajjzVRYhYRDuxm4ru_D07TZgFn0apcfN03bQCHbDmYclNAYkTR2OFc1vUUpg3_wiC2M6WVgPg355tRYetMAiCT-b_XFgiJ--1Mce7oSmHoSkz4brcFEag&sig=Cg0ArKJSzCpBvFynApzVEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=191&vt=11&dtpt=190&dett=2&cstd=0&cisv=r20220831.60319&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_dg6QpSii7-jfifgKgLkmbdXWUDe4zyFqjMAymqR9BqatX_QZSS28hZ-rNfwaZd8Hl9MQGABpe5J7Yq6pwCJbTz3VA&cry=1&dbm_d=AKAmf-DcIx4bkfzdKSr7aIrMYT7AGV_imqms6VnYI94BKMti__nk0eQUGxCQ7kv1iqRAz5Irpi11bCmVSgQiEo1FYCY5DHGafnJ8QzOWNZVWlWeuHq11Ki-Akwn-PQgt97vYJawIp8f1WEPYFoElpHEc8_4P4XekKp-eEPaGWRmeFxf29hG1PGcVwysjUs3tMS7kG4UahwTgPCBFMTA9InI4UJvd34YOCxZb4masUyv59osub63OiGu4IMuakxs9qIPR_7TKg1bT7pm2cn88lS86fQukjO62Eds1Gai2vglTKEwXF6-hIy7UCfRh7jGyUX8Qdf5nKcamsjZ0MVeSCQnS7shn92-D7ug_-sIJcCm5zTW92pYxEIDb_N0dD6BN0BGVAipzsgFR0knmf79iCQa90GhrF_lbqHtFeBghGGGOoENcK3hgXD2Cnlj6KgjJ5DjXM-3Py-9o_BJOA2YoASPKipXJRLbgK77M3jxYV66qEN-MzBI8k45liMWXftZAzeDn53Ukx1DaZaDeTVQgq10Duuyu_mdTjrl6N4gEM2yNjv9ki5S0i5UqQJvA01IMWIFfNrW3jqAYXgptiHMJ9p0kcxGxrPIczm_30Sp22N3zO7ypQYwaRLE7HFsvH956RqF_ZvFg17ggEBlBTMrTlDfEi0bDdBW89fNSwdEMEKvn7debeXfCZAeMk6qBjd0Ah4d3UdnIseurUm9O4KRhlIYMvjKkfCpufG45f7BexqxboS5xFRZNhf5fEQOJWV3dqrsKEBtA2cW6AzP5a0rPkN7lD_mqS8DKzDKJ0xcf7xXG4euvzLMybUIxgiyyojN0nOp9LBKYyJVdLpIdsQ_7sLBFFQQCuqMt6HuCZfF6UMhzNoGaMTSmnX0YwXSnbqXybUUznxexFqTlTrRIn_zWw7S-tZiPZI5TJ9V0tx6_lTK9BtMHSeN2B_8F5wv_629kBj29FADXZYjgU7NkWmILiK9XFRKIQoIkJPEWnv1bNzXOSw9HlHo3xIMmo5jqRQEFrrCFChBVC5Mxa0ugmJebH-eV4DyBW86IUX9gfPABDoN25-jun86-PWGHp2FwHHA99OO7UxGFZYDzbmCwZJHDbRtjREX6NlSce_OdNNkib5wEcTM0ScU_B7F9VGJk5icqgbRZF2KrkQfC6TMHsgEz0P4yWkLTsNTMEiEJvR7h8Rar8I9lsx16wsBa_RIRFXaIhoIVb6KARuIgtSBpx-JPVGGgbWoJiLfzekCDUYjzRWbS_UgjWgh_lTWKud9QRSCCkWZN-8j8b8GB6xKmWXPpDBftM9Z0W0NopyQJZNqwcJ58Chx9F35J6MhgtmiZMQMypS6SCYYMhpJdV_RE2jA0ugOjQM3JmsIY-UfG-BBupgzqSiaG-gWm-twOkIJ4uBrpgMhlIXcecOLVpmqTk2BSLuoLEk-N_DCfN5sVhoW0pB6byY2dEoUANtD3cEBU-BJVJKVzVY_ArKZHNQExUv4nDDfYQLMYNYOBysVh7pam_gJnikSf034aA_j5y9H96TrJFnKtxkfe-lt_XfDNlVDGnNP0ynKfZiAZFeWiQO45CKnIcvNZt-Enq5IOBF--j6otomnn7vUoj7HUuZSghHIf9pmZP3Xo0wfStxSfAwzpBYJf4v1t2Rkikkknq7WQvrA3chci1hKSOfQTD7XF_oRoYL0cqotqa-1fqEy04CXCShRR8uXOXZvnoP11_DXaW-I4stS5qOLxyTb1s2gSEWV8MBbfAafdIvARj9j7j_nN_wDjOYpX9bwoaa7j0q7dWfywjhLuln5Al27R4YDYaZYaGbaI1aEWeVvtXfXeCERVYUh_KcKbjdY-H-ell1DnQYsoFrr7deWhcpFgcGFzhS8E8mRsvvgsMmpjtlbQzyIh9KrA_673YRGJpyrn6gLyWgAQ_fx9GSYP9Qpw4ubXb5I9HtUcXblCVRvVmjmw8amPL4CiCw2OQ4FcqTzy2VxFdj5bmgxpYR58M1ZuZ7AjJ7Cd64rpQ1ADf-6QD6fbF_Amwg38UJsHWOazIGCLLCha2NTDlMG7ItIA5581REXqnOWijHM1P7s-ZE7rDuFgiKOL57vQH4RKnLi1x0j_pWY9wxB1CCUd4zgOjpZTx_Z45RTqU8F2-g3mrnyMgqMltRfyoizUMQjCQ_2TP0ujAAzF-uYpHIVanL07odp5PyVTy0uF5Z_d0HqNhZf4uiWAOKgD-beDdUgTNg_u0lvDVZMFTu2a6dTFn_QjaTTPD-RHiGXA0Rw5iJBHDYtiMo1_XCMTCNCgkT8xnBsEURrRRRoqyS04SDt-V_ngxQQCArln7-AUflWTW9r0MfGgsLcuQa6NN-1kbWxL9ba0yfbnajeoJ6iEk0K_9IdupjcqN91josHg81afY34HEVgxuOeLwRRfsQ4O-XOoEHWtw2AIwqHQ-olPJCEiVpTF7VS8J-6l1h6E4Ft7PpCvY2PBZPIvQytQInAmXOOBPqV_wCdC3q2ot3NWyAvTHdpB8ZpXkx793RopHdil7DFzmvZz4JD6JsCNROLd1UAlLbUJ7nvN6fbe5A02DeF8cecB5Nu9SX4ElPxe294q8y4tYtRczo335xGi_ad_6YLgRJis4DXfFIu6SQqwwuRouoHfK_QIrgiHxzeq_zKDPVkAc-X7p5i2Xai312m8sMzv4Dx68wuxKAhNHMYcfHsP4-QhVShfQjDEYS2ssVXIpXsTXBUsE0o8eTE8gb-L7L6MDhdnb4Yw59SbTCiR_B49A7hAqFYjvP0qwmYdtySSydPJROEoC1J0dhpuySIULFNrB4GqcL9obBzKXoSJEhOgF8Xslq76HRj2ZcG8VE1DOaSAO17Ssr7Nyw8JsjCgiSsZND6hCz1SP7UFbQiKrr58vJlA4NoBkQ_1zn0KbQGa3bLz9u3V-qgd-9W0Ttf8OpF_sLBUtBACRGq1PCAKpEkaIvlOPSc2gkou0j2wI_Ije5OvwMtfFOvdELvplVPSFIjlMsSOH-zCT8XvKeTHnWbDv7qIS9aEZ7QucAW_oB766qnhbDHaQm1i2A5DBs5b4zLYTn06Y3TNP7bduxU-J9VfjmrHS1zdDO298fxVBbvwY4CDlDNR-s6cL5zvg8pCIVZ_uYjZGnFzUw73VU8lWjG7nvpENgGVb6qTAOHswsIFV6WqtUFbTYbluh_TDyDsdJZ8WjKo4C9eHWjAXyrQV6nbNl_lU96E3DnxAMseIrc7ppFiOYkdBeTbIsSgTtWF0NztMJFN2fE8NUk2DMkXEyNxxriVHP_ZXpk5WlRdHNdN2Ij6VSfSNdg2QclShsRFRQ1NB_ZHJm1ePZbIQ67GM6HorV9Ow4Erzmf68kHUb-wSdtDsldjgFuqkpI1ruObW8-AO2qkR4ADBlrEZlbOFowIHqfr2phfz7mN9V_Ple1redkG6AjI3VVu8vLm_jADJJfL6UyzNIqgZUP_GwN5aimh3Jj1jtXsCrg4Ts2O4eUjtPpjSXqcNxql_e4beKZl3noEVGTrFw1E&cid=CAASJ-RoxOBMqlCy_GP8qJJK3szF92RAOufYOzU1cJgsfUMvQ1Q4JyRDwSAN&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:36 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
request.php
hal90002.redintelligence.net/ Frame A677
Redirect Chain
  • https://hal90002.redintelligence.net/request.php?zone=xhwrmj44o767&nw=20&renderingType=javascript&namespace=94d1c6f0ef&subid=&uid=a66399ec8c9c8825&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
  • https://hal90002.redintelligence.net/request.php?zone=xhwrmj44o767&nw=20&renderingType=javascript&namespace=94d1c6f0ef&subid=&uid=a66399ec8c9c8825&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal90002.redintelligence.net/request.php?zone=xhwrmj44o767&nw=20&renderingType=javascript&namespace=94d1c6f0ef&subid=&uid=a66399ec8c9c8825&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=980x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNTQ3nzcWY6mnN6mxgAeSsozYD7XN-YNXvNu5q-UM8C4QASCVm8ohYJXKkYKgB8gBCakCO4LHDD-ksD6oAwGqBPcBT9DNUaFsZoyFcwor6BXIeV_bfSuxMOSDUHOQMIjw8aX5us5iEHhI9WEZC0LJFh4EY4p7gURTNq90q6_Q0KB8hwdz5fzquWtkJzW_taBBTPUSF9IBqhxSkn9Mxm_txmYmLXlJZlw2SOWBuDnIYl-PTkIkv24JkwAuwyjwxbpLAjlOReJ8b1TZ4GGbwDZqQRBNcdiqP2iK_T851__KQgFyhYAO0X2qgOYcWEjLjwp_UvYdf5qI7GBkUWNd2rZUmJIdb19Ul4QJ-N5tj7WZx3A7O7paYH8RQVErZv3DNbDGHqK0mHVpT2siWe6OQ9dI3JwjKRaD59rNQ8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tOTkzODU2NTgyMjAzNDY4MIAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g%26sig%3DAOD64_2SJJnOk3TlLJZyhOvZ7mmfWkwMlw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CBUoRSY4W3DKUg8HTru_ZFbHcsGTkbCuhfsJ-Gf6Yq2Y-5bgWn4rCJQZs9VMbRa7zcGQ22oZCQeMSHH_LqOBUJ3wLackIwH7_8hXQ7U5sSvQ9ulKQRjl_AoeZ1jnr_oX9W_VuPW4E0OIxSvirHfNb57KE8nw%26cry%3D1%26dbm_d%3DAKAmf-DYNuD88jcOhSR0kjngTTcloYxQheKZfCmhNEwEyewIHhz5J52MLlQpdRhgZJ24TsqFJblxUrVMnpiaf8mtqwqsHSriJIC0cVIFRru2m4RAcYjw8GsQK1lD5bR9OexjHVqdKFhvJZd85Tn7PSmQyhy5HiZMpdC9mbVqalMAIz17UWMWxhOlHZJJkW_XKyhrBa_Ff8AnHKhLPIj93mwANsG202bQ_DogiikUk45qULIb7moBUKveXKCArKgslv_NRuBOLhQ28mDieKopSsh_6r_IZGThkwmqXdLkf4cPezO29Ry5mAns4zoP9UgVX95PX2Dg6unHWn6CnONmuNXqraQeGb6hC5dsLp5l_kBHla-ycvSzTb7kZ-NDMTLpfn0oXzd0HiPs7FYzjkVTkF8feSPY94kGHQR1dN0TJIaq2sh6jCUrqTKnCpKbd_0O6dlPqJ-ZAFwvukItim0bXounP8d3YudZnrcs6Q9Ak0u4gIdngyGKOkVxZxRJP7Ai-Aam2Yt-Rou9ZgvWFiqz22lmhYqrYyTvDTTgM362WqR9vGfki8nA8QbFJM_taDwuH0mg8a_enV13_C9pXbLWUipjDH0KoqbnL9eDvwLahNKPqVBZypUatOdoDKOFPkq9mkura67QLg0t%26adurl%3D&documentReferer=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.hawtcelebs.com&random=1631178079905&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Server
46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.47.10.4.46.clients.your-server.de
Software
Apache /
Resource Hash
5ad06326a440d3bf449060c5f9ce238f0d144ffdb7900193a14b5821ed4c69de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 17:53:36 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
78794700131074401084714012073002
Connection
close
Content-Type
application/x-javascript; charset=utf-8
Content-Length
892
Expires
Mon, 05 Sep 2022 18:53:36 +0200

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 17:53:36 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=xhwrmj44o767&nw=20&renderingType=javascript&namespace=94d1c6f0ef&subid=&uid=a66399ec8c9c8825&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=980x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNTQ3nzcWY6mnN6mxgAeSsozYD7XN-YNXvNu5q-UM8C4QASCVm8ohYJXKkYKgB8gBCakCO4LHDD-ksD6oAwGqBPcBT9DNUaFsZoyFcwor6BXIeV_bfSuxMOSDUHOQMIjw8aX5us5iEHhI9WEZC0LJFh4EY4p7gURTNq90q6_Q0KB8hwdz5fzquWtkJzW_taBBTPUSF9IBqhxSkn9Mxm_txmYmLXlJZlw2SOWBuDnIYl-PTkIkv24JkwAuwyjwxbpLAjlOReJ8b1TZ4GGbwDZqQRBNcdiqP2iK_T851__KQgFyhYAO0X2qgOYcWEjLjwp_UvYdf5qI7GBkUWNd2rZUmJIdb19Ul4QJ-N5tj7WZx3A7O7paYH8RQVErZv3DNbDGHqK0mHVpT2siWe6OQ9dI3JwjKRaD59rNQ8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tOTkzODU2NTgyMjAzNDY4MIAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g%26sig%3DAOD64_2SJJnOk3TlLJZyhOvZ7mmfWkwMlw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CBUoRSY4W3DKUg8HTru_ZFbHcsGTkbCuhfsJ-Gf6Yq2Y-5bgWn4rCJQZs9VMbRa7zcGQ22oZCQeMSHH_LqOBUJ3wLackIwH7_8hXQ7U5sSvQ9ulKQRjl_AoeZ1jnr_oX9W_VuPW4E0OIxSvirHfNb57KE8nw%26cry%3D1%26dbm_d%3DAKAmf-DYNuD88jcOhSR0kjngTTcloYxQheKZfCmhNEwEyewIHhz5J52MLlQpdRhgZJ24TsqFJblxUrVMnpiaf8mtqwqsHSriJIC0cVIFRru2m4RAcYjw8GsQK1lD5bR9OexjHVqdKFhvJZd85Tn7PSmQyhy5HiZMpdC9mbVqalMAIz17UWMWxhOlHZJJkW_XKyhrBa_Ff8AnHKhLPIj93mwANsG202bQ_DogiikUk45qULIb7moBUKveXKCArKgslv_NRuBOLhQ28mDieKopSsh_6r_IZGThkwmqXdLkf4cPezO29Ry5mAns4zoP9UgVX95PX2Dg6unHWn6CnONmuNXqraQeGb6hC5dsLp5l_kBHla-ycvSzTb7kZ-NDMTLpfn0oXzd0HiPs7FYzjkVTkF8feSPY94kGHQR1dN0TJIaq2sh6jCUrqTKnCpKbd_0O6dlPqJ-ZAFwvukItim0bXounP8d3YudZnrcs6Q9Ak0u4gIdngyGKOkVxZxRJP7Ai-Aam2Yt-Rou9ZgvWFiqz22lmhYqrYyTvDTTgM362WqR9vGfki8nA8QbFJM_taDwuH0mg8a_enV13_C9pXbLWUipjDH0KoqbnL9eDvwLahNKPqVBZypUatOdoDKOFPkq9mkura67QLg0t%26adurl%3D&documentReferer=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.hawtcelebs.com&random=1631178079905&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Type
text/html; charset=UTF-8
Content-Length
0
Expires
Mon, 05 Sep 2022 18:53:36 +0200
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 9E2B 		60 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Sep 2022 17:53:36 GMT
script.js
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/js/ Frame 9E2B 		4 KB
977 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/js/script.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a921383af76c5359ac83a1dd5d4741c90577a30be0c7b8f1d619b8414d8a83fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37976
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
948
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:40 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 5EBC 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
295359
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 02 Sep 2022 07:50:57 GMT
expires
Sat, 02 Sep 2023 07:50:57 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
main.19.8.346.js
static.adsafeprotected.com/ Frame 2F18 		193 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.19.8.346.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/747557/55375942/skeleton.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:dc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
09d066e51f3699727a7533bdbe741b2aef7033a2d30f9a10f0ca730cd82fd4b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 15:43:56 GMT
content-encoding
gzip
age
871780
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 26 Aug 2022 15:08:13 GMT
server
AmazonS3
etag
W/"569c14417cef79e09af1f97186222ebf"
vary
Accept-Encoding
x-amz-version-id
t9RhXwW8JdabXcjtbk8lQmz62Fe2eJie
via
1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA53-C1
content-type
application/javascript
x-amz-cf-id
tYA0FIcbXwtUNywIEuilAHj85Q8s2D0f-j-Zj3DeSs71y2nxxOmudg==
dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
pagead2.googlesyndication.com/bg/ Frame A0AE 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74c50cc0a947464285c66df6e20bbfb2137624119faf6ad94489cb3f5bcc8aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 14:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13593
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15929
x-xss-protection
0
last-modified
Mon, 29 Aug 2022 10:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 14:07:03 GMT
dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
pagead2.googlesyndication.com/bg/ Frame 5965 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74c50cc0a947464285c66df6e20bbfb2137624119faf6ad94489cb3f5bcc8aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 14:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13593
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15929
x-xss-protection
0
last-modified
Mon, 29 Aug 2022 10:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 14:07:03 GMT
container.html
76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A8DD 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hawtcelebs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:35 GMT
expires
Tue, 05 Sep 2023 17:53:35 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?r=hawtcelebs.com_300x250_desno300x250&pn=1&sn=2&pc=0.3848159578119901&ds=true&e=wdp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
HIT
age
2234653
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d34cd9279945-FRA
e.js
live.demand.supply/e/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/e/e.js?gl=0.05&b=2&r=hawtcelebs.com_300x250_desno300x250&sy=b58ce294-2ec9-453d-88a7-f81d116b95e0&ts=81&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=300x250&mlbw=4g&mlcs=NaN&mltp=9e9274f6-62d5-43fe-8541-f880697213e0&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01G3H3TVM5VP9D98ZA3HVY52JK
date
Mon, 05 Sep 2022 17:53:36 GMT
cf-cache-status
HIT
age
2234653
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"ec09d72975fe89142c7d2feb1371ff57-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d34ce9369945-FRA
dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
pagead2.googlesyndication.com/bg/ Frame 5EBC 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74c50cc0a947464285c66df6e20bbfb2137624119faf6ad94489cb3f5bcc8aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 14:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13593
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15929
x-xss-protection
0
last-modified
Mon, 29 Aug 2022 10:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 14:07:03 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 12D8 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuMaHrJ0cUk996c49wyDNrL2p6jhBMIbNQg0-pKxTJ1q2TJEcDC9rvRYsRpSJKe1b5WfE_ryy3o2BSlIuHYwAhRuE60-3HEo0oHUzKDemx1pADFGbrynRpxpcI421f5UK-Yd8Gic5grzZgH4C6UaBiogjWbW5Q5Qg6u0lCwymwCNxt-XCU1catvzmLxzvWpFMBG66v6pqWHzshYfmhABWG92ye8fbhIXaGJT4qhjlXFvGCg-TWINN_tHip2_G7CTfrh5RgZT9ShXr1894iEnctn59suoB0UVa3kJag7jbBlReyqD9VDPD1AMaRywyHrngksapgr2loVTX3j4X8PKa4zTqVMUucd5jlGov86gW9j_4O5CYJBQFR-Y-ENy29aYBjkNXSn1XI6E9ny2GpTZlSkhTagmbOmdOxXpkTGQwOgYL4nArzRUBUJh5ZG4XXdZSnVse-3AXyPkvkrlC3jEpQ2AsH4ffukXAGSqMxAvtZ3sheMsJSziSJo-hreJANQa51PhlD3_caNlj8-8raeSprXC8tIDQRK7_y8OFR7ABy93yLfECScOsJtsv5fI6-vYD_mU5imyCIwgNVFS3--G8dEF0P8zPVMh5J3lFB1kAHFYMOUBjkW4zbdbd88St0D-pJxEUr8TtjfNVJ8CvRUaKixwJ7A9m22IUllXkR2SmVcVy6ZQXF3u6mOIAycsqGF-wJ_5TiVh6KGYwtf51WcaEaAJBBrO8DjnaKGYZYdRCFhjPiwKFKRU2VCZnI1-HkhDz9t15QxRDtbznuJlAljnfrWR3JZ7dopcLYBplczQ_lTQaaNPYKw_QujGhliTPegCZeltaDVCNvoFY8rBQ0Z9cewVIKqhNmc6MZRL86SeYt8xbSJ54Arvas8bXjYLVWjkpxITPnforIPzLMQw7A0aEE_aUHBG12AEGtEHvGlnUftiNPMTLY89Lbghz0RlprGvkJrXPgqbB3kAxy2AZ8b99qK74t1_qLid04KcKy760J6BcaTY9XHM3fhnboeBzuzV-u8acdB05_KlcdoB43oUVvos59f8yCx4ydGdqW5Q_jDlsG7-RWfjM09a3xM1WQtj6mya3BLO6Bh8Dq_ZswTlqHTeMLBQZiga40z81CYAx9N9EGQr18VjlMgjHCN5HcnXwKbn1ChLL-_9wsmtdHfbNB_zvQF5YE3-keNTdL26UOfhiL3qeLxuUXDDI5-OQcaUDVnghTqWdX7nHqEGWIGfOlhvhfY694VFffsX5eaJkyv6gxG3_SxZaOLCLIHmkazG_vXNy2y6XkpyflUVexBM-c&sai=AMfl-YQy3xEBrrPPgC3iZU1LGONbluHsmdasyQNpHf7mmUc0dAwnxZqizBfPKTXyP8E4ZFiQleKutwPYMuMvK_9DzQDftNQgqZWIdB7gba04I78hDk6gpoPb5fxFbxkZ8r_XiGPGwzihB5ZeI9O_l1dHCeBe8MJnArAVgP8GDrk7wDXjWYsLeQ8BV1Vo3DUEmtG3N67dHQtTqCM7nsMCuSJhpCP124ghCsk&sig=Cg0ArKJSzCZr667wZeaJEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=373&vt=11&dtpt=181&dett=3&cstd=188&cisv=r20220831.48006&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:36 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
txt1@2x.png
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/txt1@2x.png
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61f12a6f12fd3924f1622b786c05b67cfe48b3d0b38f8ba5d779a2a828cd2cae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:40 GMT
x-content-type-options
nosniff
age
37976
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3458
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:40 GMT
cta@2x.png
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		997 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/cta@2x.png
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b9300f2e357d74f1e9fcf85f5fa6c16ff113bdf946210cad9e54730e5953cded
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:40 GMT
x-content-type-options
nosniff
age
37976
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
997
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:40 GMT
disclaimer@2x.png
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		587 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/disclaimer@2x.png
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ad7afbe9d305cb621e9eb723576299abd60a267840dff122a2016d749632be79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:40 GMT
x-content-type-options
nosniff
age
37976
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
587
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:40 GMT
logo.svg
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/logo.svg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9b62726c16a24a6c96dfdf09813ae3f6d676bec3d70d8665035e138711e4d91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37976
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1053
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:40 GMT
bg1@2x.jpg
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		76 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/bg1@2x.jpg
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5bbd103eaaf331cc0615b3929979f80e9fc481f1f26abc6bc87ea20a747b8642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:40 GMT
x-content-type-options
nosniff
age
37976
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
77758
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:40 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 740A 		468 B
254 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD5_-oBGMaErZkBMAE&v=APEucNUhX6lIqcRzgt9NjS2CvtaEaqxnBmcVQmC4-tyD59AeKA8uoNI8t059uiPYW6wQ4UYDHT93vmiK17WbaRTNLMxXmM5YEv_K0DPYkQmOiy-6QZuvLWz9H7B4Eks-_J3HSX6pmXMg0GH-HyOFoiVsv9I0oCruuapTWp9EvI_hBfqGPKbf8mp50G-nqn4QHyS-5OThGDCOnUqCNwl6fByyw_v2yKHezQ
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1a81c00b02e9a797e6e8cfce706577e8eb14c66fc4ab38ed71f09508d9222c72
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
233
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame A8DD 		15 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D40kC45y2vmYR6n7WOm6pngAPMxgG6LEcrHc1I_K2sKLnhOkjSDgJJ80fCYHLZ8iNwoN39aYbgT3LlRkHhAiezu0nn09iY9KRaMEGCWMF6DLsrr5lvIvDJgxItaJBxpJX1z-wk303ilf1kyFzw4KA14FpVJQ&cry=1&dbm_d=AKAmf-BTynFhFbarHIo0Y9OMj_SnlAbLfEDBn9DQEqDpS2qF9FxlS7LfFpxFxlHsdR_ney18gTiIOfnBlxLxokLISvG75PkM3RS8hSBNFWqlTCCfSnLgF8aiLAdWnfVXOcyf01Sz9n1sdl963b9pVlFwmMw_VEUDXIWYD-BgMVlaCSBNWnP1EI9L8xYhz0fCNdbdepQwzIOMFp6s-IZZXppiKpU3sjJKYj8SVUgHjCeIT5IhgHsOu7lkwAlvxrPybfJ4-ZUr_K8aoVY8Cws1tYkyfmLxy_uqtk-4_YBWyE3QhN1OI6iZi7iMILIt3vUALw_nJMSjjh8QO3Gxnn2YZfZMalYwb8z1u0NfqHKhMBj_FXsXWxfwEIuTLV6XsekivpMJAt65Y4rUe_naC2mObCzs0_1botUzjuWRuyyESiH29YNdViLPRP8cxM4FYKuez4iAmA1AYTuUgxdp-BZvMPpxprJp2B9N69sJbwlDFg9a4iEcPZ6cwGaE_tUKSNtwh25Oy2LSsJb_VtnB2KsurRLYRzCeQNyFRJMYNlE1x_32QwqlwANr92gcbnchjWJnUR_8HvTN1WYM2BBi7BAa4L6NyYVZahpKFx0AHXbHT660_1rrXMptSecNgu1a3iT-nAs_pI3p_GWDOqRsH1-qxhF7CKKPgw_ad0HRAqeOqqpNXqNntPKdxanuWrM_vLoZZ_rtfBVTjjRoJZQVZ2xtJYt-ngDAZyPz6upTUYxBq-giR9CN8440grt3jpwckE_RCi8ylUPlnN6DaSw1sEKaacMSWuZLspkRLBdydf-OlMqPAW1cJ_BLPW5a3xy3ISbTJfTkbtI6bgQozSU3rkobh6dZJ4FbRtfpjH-n7mkfj5RQ_KRA_EVyW3seb_46n_j9mWKhXOzqMkd2cnQNwdWNrQdCd8aNkt8Y_004QcV7T5wArmKZT9Fae8vhQCRnH6nB05FBo2u-AnnhxTawxiebObwDrwirxragvAwqM81vp5Bx_v2GcPHEaOphKlnnXfiqkfnnh5YWWhbC7hSARyAPAjJPolaF1xryRXTbCfGOY9SomZCLQ1XxEQW7PYCqvU-VoWBmtDUn5lCFgHSx05q7ANjDF36z9mEfFWJuX14_xnS-GO8oWsnwtfuS3m7mNaHPbLiFCM_8swNvK_bcGwIAwFq_oXxBS4oPnRrcxCcPwJNTSUVrhF7moXcX7FjXugM8-2rpfD2BEi2lwe8-ClCl-l_I7HZLtxChtm23rYFnFPggELdtkHLnRF8-vTtvlKujcWo364aDiC4jawd2DpBwg6_3DiGl9vs4IUvBQa5pEa6BySdKROSG4IzZjiYkqONoZiZWwe0lf3vQDmxEOj5bwt-a4RHq2WpRcdloXGtBAOSQFFQqnisRoMM6lRTsRMAovVRHAy5o3xGfT9U2y-bEaZw0d7_odR_95sfth2MMqfxE4FdbJuEVmiKGxCkJLs853FmfEq5QgeISzLSRlLhxVcyeNDwjWAsxa_-ntiKiz3dnpIBBtAuxTgo7UPH_9yApfUmaa_Fa-g7z-UQ9DkKJ1FC6F4xtIqmwgJqQiDo5-SYTdtl5BXsNq00dOjadmzTbr_Ip2fjx9DtWHBElsRWK2CslRWsrA0ZtVc6yF8ZEHyvcB2npa1gr_jYx-zuzX5rs0VtVcz8mjfUc4tYMeZUSu0otMnYTOIZcTdntrSM9F_BF4D5RzCsnBimD2NCpDUOkjCtrMEAcBkZXehAbwdD9v94G_dtSiVn6d5d7Ez2GCMyvCAJFVguwoJCC8nW6OtvNog0Y1za-CHEWxSp0-XKaOSX6xSsEtjNQ2ROFTxUs8tpfrGNUC7VRDIdeMtPAaNRF8WUcGuZfh_wgsmMBuLwANoWFlXRKXxQrfTX3EZOnXWkpwF9hyhOavwWcyooDiB0tSdeaRSEIdNkS5BYlQLOuwsSoHmT_nGI7qNeNv4OhEbL61CLnv3awvAbvC0W2zz8NAR9aOMGG84WNxw_VBAN4E9-PM3Okv8_Z4nzu2dQQ6PWCvc0o6hlwMojcvrs1uBc_0rrlVMX8pPbuu2XzQd2TaloP4ksbM0xiEd2UWJ8AEq4K6Quhrr5ktuT58NrGpl3FRByVt_x-Fl_YY3DmDjbLjQdmuVfFzjYTAN3IZYyCqI8L47_gp_lMWrn3donNrRgb3DI27Cxk7t3STLkGnJ_YWsUwFp5TbG0tG6dDKy72F12la8VvAy6R07nbiC6rWYgJqr7dKbFjjpGFsp00Sb2hMf5l1O6nY68MX1c5cmiByQ7eVVpNrg22gbx--rZcUJdgmiUFv4qnzLvmu2qwWrvC2jwlRzF3_HekdYeonzDmlX3kIPzOfnykzLyw7L9NLWK7xIdDFR6fhzI54jYlJJRQ45sNNptbZUMNQEgNOyLs2jLNlovq5JPVTwio38refOQ66IOJXl1XS7aDS85DXhQHXLy6tqO98xvZbw7GTIEAmfG2P3ESxr80EFI1VNaLmBxvyiDkMKfyr8paOmmpK-OYfBrHTefEV8yXg1Vm1qJJ_NVpimSiUNCTI9Pjp0XmPUxszCO-9GC6kyv5gFReDSk7B3HJUqnRO-_5H6HtWD5bt5t5S6SVyOFyr_psUBeDM57lFV9cK6vWxzBMsAsQC7FZVXbqYLfri2zrXuU7SzKnE9PuqZi-1Kopshyw1fdQRkdci8gLLreEOdnkqBq8mJCqKcYPED77vsC69C3A2wgLrPfzAOxF425voZ_FJ6ozP41dMbbsVthcUwTqBRBySf83RNdSLz9MNJhQaZKaj2nTwhxQnxQYO_fqRuCbESbWmiwT9lzScGaJ-BwHsCR4V90pBwVUHkv3YEbSIZ0Nopb5wpyE111k5Uj2aEnZrEolKGxluN_GETzMZlPdPvm1uUky5O6ZPf35QEO9pYtW-aIwR_tm-l-XhzHxmzDhjnd6LmRsjC0xk3vzSaC57p564bpkld5MHFqHcoO7DJsqeQb-hunvV9mM0pdogKk&cid=CAASJeRog3A0-auf_8vFwKQI42ir3DfXY6QYUlx8qM27UhcxhGUVXQo&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6a2981854b58e53b9bfdaea5719f459e640db5753c84ba01f5f23ed3297a14ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A8DD 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DMUz4m-NejyG68fbIhL58DBcCtdI_eYqtTh7uGmJAnM30unsUNdCDmAX3WiwVOrv1r9NiN0JbZYmDRkXcAOz5W2WYITI2gm-b_YB0wbb99GFEZ6EA
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adj
fw.adsafeprotected.com/rjss/bgd/266706/51196687/xbbe/creative/ Frame A8DD 		242 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/bgd/266706/51196687/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPoAOEfWSQRb1FS8g5QshTSMp-Glay2oFYHNqniZ0AC8Gok_db-ZH6z-zY1fnkdWkALY0Yqq2qvEzsN08i9mhq5cezI2yo6sX02rES-RMAoCZ_4PFyrcROs2mnLxbbfLlxl5dzpijP1T7DqlQVD3Wn6uD6n6kz4PPZnCk4ttEyFUSfrT1-HRFfzTiIjWAN_BRL_sFDpoUibHp1fSUYD4UTyR3ezd0iOuM_emesnde2D6ol3E58gxXZRNaLRrQGGkLkH3ClqZ9Gsc7L_sfj1yU9FTQJnTY4Qm_XMDcHQQ35hQ1_7B1u--vdtfHwClAaDzgZjXVolr2aKDA_4HNK9sOXcFaum5D2xlGt8wpMOdqPz7LT7QX6n-1wiemGwjkJ1g1DjSoYOT6BJaS9rnF-vxB5QLbqn8PAxizjb0byjkLE80m16Jbpvoy1rovD7RkPehwyNP_jEgicD9vxUO_bzGUGCmBy8reJEK8qqz12xNB4gQwtx3ceYvVY-fydR7GCVdLMVu0r4F2uk2guiqab7xANaOf1A5FSDieqkeLcC9AtdoTC3RbWOywy8PBacU_CaOEo4XZ5puvapW-1vQZHSHIPqcuXxszJ_y-ZcJP9REFEOTzrDhPXSfSpv73EQVw9pFnwKRMroNPwUSSzJgMXU2CNoqf-ArEDyqy9M0KOpoCrZgO_9fu3z4yx-QF-e_66xkTkykbTHjQJ3ONAIuyHmqrLajj-QYH-OICYshQIvUpzE-1l5JpYYQUJb6jyJC9PggAjZ2ObL8GwrUoP95mJfwBI19dmyOOZlAnmnG5v_0gfyrMNFcOSgyWBbpOtWKkM1meAYe8UdPm1Hi89earDGKKiJ7ZFzSIMwvSEt2vF9pskMIRAwUv9itVQCJwHYNenYECnh96t5b2KN3rFSbWTV0nb5RPiD4LpV3WudCLQiu_DfsT2JhzsH33OQR58Ef9hnc-il127ln0-C4XpMmu1BtsGNi-Jas8gxODoLngZ5lTQBC9d3uin5kVpgUx-dj4O7idZsh9TnwPmTwza1euHNY1XJ6mkNcx9Aks-vMGNp4Nw2i-rbOHfpjTict1O3mtGulkhwOHIpxXVoUKrhCLjGGDLrMTDd3AnI5G9AgIgPzm2cCjdaEGV0PwAg2PYg41eVQMMF3bn107EYlA-epZcQEssKXYjrtCrHf7Qb4uL8gNzzz2-vebW6k2G9MMSP_Hi9BRJn-i07i_Edc7yamhs6JPc2fdBbahQ2M5YV5GuvdjccCMLSk9NAbD2kApQUWOZPgVukXkCYssqqeMZcKwAeVntKEnxIRuEdycaa2lL9mhHL1_ABi8SF-xaVZrS3gbN0RDy5Z-J6JzLeYsbXlaxiRBQD5elWL7s3x1l6i9Dy9ytV-s6j9M61Flbs3W4HKItUskbiag_dK8oBxcOPhR3V4ye5qjTPyRqwGUGmDjd4eXz5uASUBTadBXgnc2L42mcuGxM-0KUX-VJiUF46cKdtwSdPjHQoxP4r70uEViyaQ2OMd3cgZUdGTAdixIf8IKobAOjbOO34Qi1RUGeQiKKACutnnOX0cYCdEnpiRxLeHUOOUVFif-9C8DfNVee3IpE7X8hldZVchkBHE0j3BpJfjm3vBD3r0uYEJCvpiXu2k1OJRCSFrX312lGPEvUpLF98ZyjHuq6WIIb6kMzTQuai_78BZajdhwQoHd9Tl1uNTzIlKRup_7eAV_oLeuGy7XjcvfJFfu3h2O20y68bMpiN4cBPEKxLOt9JS8mrERuakI--DTLtkkFPNBoPtz0rhvgC1ArIBFSZBdTusZubUM2VkaZS5beo-e6ZyHdhUGqu4071_eYbc_TxCYxnxESGH86EQA_SXvoGts97bRaUKnQxxQ3fQmQ7P3UwORKGybz48R9MQo90yAyjziCfN9l0nCwjyDfJE9jY0ldJX-ckUikkkfQZKA3MYdrjHnmSQSyRn_tdG7YhmQZR0aPrKQTlqU5C3aHeFICo9LlyZcFGncTPW1AESrWIEPtPQ7PciHtJRsIJNFrrtI36galk57Kzdku-pmLoJNYCvRZok09TvjcUCO--mr2WxwJGJWnwP-umGMEx-881jLeLG_O0Qi7MDk5AIkI62LVdV5BsJsvpxZbqIjoa25380kqHclc_nI5VXrlEslQplKDyaNDL4oquGo-CH05sHAttN1mQ143f8s_ofa7-f6wMSSsaJIFCyYeH59k62jluugJDj9BNpv6WUDjaQ1IkYM7YZqrDS22m5s3D9HxMwKatMYtVVcPwO-gnx9vkxY63K3sPCAURSAT_SNSeJJJHQ9k1JGo4PtB7y9_wZZWNcNBXTPXriW5vi-zq-RipPRXDAYnHLifiQT-AGyC_pxm8iJaWL0FQYxp6YHGM7ob20tU7whB8SBfWo3wkeUhMxcoeUXtHdazoHQzyFGzhl30tcs6LOFr3jLrsdAlC2uy8YWVAFPNd4IVjjpjMABAOGHyfTZ8FIILCWMiKHkTIIirzg0Px8cmMDUc-SpDMlxnDXZht2SwVEwtRXE1hBa0_u818YWcBgRbWr6uQx5q9fIOhx7S9okDGp0Hk7icVMkgVGbgZn8vycnHicHgUroxKEOMi_L6JcZ8BSe8LQNl7kV1zbr5pEUDzKN3DIKTEQ4fkjIhXxWq0BSRwpaW2UObpaKDHgLcEuXr10t7roCwQs_7wV2Ntz-1WRweD1zDdTIwkMJi-_QIilTD095UHrujAHnh97BJIbfe7hiYB4ix8EnjKVunw-xtu64-4bYbr0uXzjlwfLMqCa3H53RLoFpKiPOvZl6FnwwnaLjlof1N9pubOZAar2Dc9tJ7vdOWUhLYUJ4qPMRvUZ63puguD-1ik63rOyT1QX-bJxQ2Wjx3ItAaNkhZMLtdI0QjER2GDBkNoKbWfN4JWSSbfnyeNAJpp9tKRbD5dRc4RjwDI1PrJ5AHdn3IPv0HuBoRsuwdvZLmpAip1yqpxczR6rT4sSCt52-Aur4WnbiXk4p3IzVJw-i1YKcXpcikxYSBG_SjS_zPkSqGM47d6rk8DZD7HCjAOVSAQqCyLliPf_OAOz9_7fFLyF2RCHBn1Omszypkokk2E-6l7y0q_VdF9vHrRBcZFLa5VHT6Kz7AD2ZwC-dMpZehKvU4Y7rOt_MnbpswUT-_WU9dFXR91vPnNCJntHHrDqv8tkBMcx9AWQCtkEEfetqD1tvdSKYG6jUYYKwRfz1EFQcnKBv1qCkzkYLaiGtIBDS0MVYP5qzibGIhiFE_Yv0OnFEpPMpP-eyVFRiq4lTTVhS9aUKC2s0xWyvvq3jv0NTZLtsE44F0Ns3lHAU6Koz7Bn8TMl2pDAIOvbG-ziR8ddZQZZ7eozt4srRXnrwzb3YC5gVdGAwwWaC2gSdcB6KimZ1t2f_rIjpMbzVfh_CQccxMkYcawuKy02mjnkHyAYCY7-dhaa4z_3RIwumPFzxyCL0ZGFFbCSxBPYM8JWsASUTdAtmT5WeNUToY0uhGQU8IInS9uxEaKQgAEiXkaINwNPmrn__LxcCkCONoq9w312OkGFJcfKjNu1IXMYRlFV0KYAE&cry=1
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.139.148 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-139-148.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
135b752896a461d44fd10bd12afe15b66b18846f9faf42f81a1839a617d52728

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame A8DD 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/window_focus_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:53:14 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame A8DD 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:52:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
63
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:52:33 GMT
l
www.google.com/ads/measurement/ Frame A8DD 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQUBiFV1afkZxmnSFfCHakDxaKZq_KW4aiNx3GuKteVXCJ8o6ei8CEN-GKOVr73FXOQ6YJvaTChkzpJ5oYVhdMvRnSWUQ
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A8DD 		142 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44792
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1661945761880069"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 05 Sep 2022 17:53:36 GMT
skeleton.js
static.adsafeprotected.com/ Frame 2F18
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/747557/55375942/skeleton.js?adsafe_url=https%3A%2F%2Fwww.hawtcelebs.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.go...
  • https://static.adsafeprotected.com/skeleton.js
17 B
465 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/skeleton.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Server
2600:9000:214f:dc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 01 Jul 2022 02:01:00 GMT
via
1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
age
5759558
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
17
last-modified
Mon, 17 Aug 2020 23:54:35 GMT
server
AmazonS3
etag
"53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id
nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control
max-age=315360000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
ailzUcR4H9wWSvc5YpnPT4OO1Ux9-aL-RNWiu3eVlcrcl6WCqOKvkw==

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
app02.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/skeleton.js
cache-control
no-cache
content-length
0
server
nginx
sca.17.5.12.js
static.adsafeprotected.com/ Frame 324F 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.5.12.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:dc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Sat, 16 Jul 2022 09:09:25 GMT
content-encoding
gzip
age
4437852
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 19 Aug 2021 16:31:24 GMT
server
AmazonS3
etag
W/"9304f57298c3834ff107ea7ccb547996"
vary
Accept-Encoding
x-amz-version-id
9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via
1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA53-C1
content-type
application/javascript
x-amz-cf-id
PT74_SfM5Z1tGAfXtNLEQ4OjFVl4gVYzt4tB1AO1TdsIhV2kPXIbQQ==
dt
dt.adsafeprotected.com/ Frame 2F18 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=747557&asId=41a422a5-cf3e-e596-caf8-963a01ab86d2&tv=%7Bc:nmC6LL,pingTime:-3,time:261,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:160,h:600,t:216%7D,%7Bpiv:0,vs:o,r:l,t:260%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:261,n:260,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:216,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B58~1,0~0%5D,as:%5B58~160.600%5D%7D%7D,%7Bsl:o,t:260,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15*.747557-55375942%7C151%7C1521%7C16%7C171,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
dt22.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame 2F18 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=747557&asId=41a422a5-cf3e-e596-caf8-963a01ab86d2&tv=%7Bc:nmC6LN,pingTime:-6,time:263,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:263,n:260,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:216,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B58~1,0~0%5D,as:%5B58~160.600%5D%7D%7D,%7Bsl:o,t:260,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B3~0%5D,as:%5B3~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15*.747557-55375942%7C151%7C1521%7C16%7C171,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&tpiLookup=ao:www.hawtcelebs.com*&br=c
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
dt24.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame A8DD 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D40kC45y2vmYR6n7WOm6pngAPMxgG6LEcrHc1I_K2sKLnhOkjSDgJJ80fCYHLZ8iNwoN39aYbgT3LlRkHhAiezu0nn09iY9KRaMEGCWMF6DLsrr5lvIvDJgxItaJBxpJX1z-wk303ilf1kyFzw4KA14FpVJQ&cry=1&dbm_d=AKAmf-BTynFhFbarHIo0Y9OMj_SnlAbLfEDBn9DQEqDpS2qF9FxlS7LfFpxFxlHsdR_ney18gTiIOfnBlxLxokLISvG75PkM3RS8hSBNFWqlTCCfSnLgF8aiLAdWnfVXOcyf01Sz9n1sdl963b9pVlFwmMw_VEUDXIWYD-BgMVlaCSBNWnP1EI9L8xYhz0fCNdbdepQwzIOMFp6s-IZZXppiKpU3sjJKYj8SVUgHjCeIT5IhgHsOu7lkwAlvxrPybfJ4-ZUr_K8aoVY8Cws1tYkyfmLxy_uqtk-4_YBWyE3QhN1OI6iZi7iMILIt3vUALw_nJMSjjh8QO3Gxnn2YZfZMalYwb8z1u0NfqHKhMBj_FXsXWxfwEIuTLV6XsekivpMJAt65Y4rUe_naC2mObCzs0_1botUzjuWRuyyESiH29YNdViLPRP8cxM4FYKuez4iAmA1AYTuUgxdp-BZvMPpxprJp2B9N69sJbwlDFg9a4iEcPZ6cwGaE_tUKSNtwh25Oy2LSsJb_VtnB2KsurRLYRzCeQNyFRJMYNlE1x_32QwqlwANr92gcbnchjWJnUR_8HvTN1WYM2BBi7BAa4L6NyYVZahpKFx0AHXbHT660_1rrXMptSecNgu1a3iT-nAs_pI3p_GWDOqRsH1-qxhF7CKKPgw_ad0HRAqeOqqpNXqNntPKdxanuWrM_vLoZZ_rtfBVTjjRoJZQVZ2xtJYt-ngDAZyPz6upTUYxBq-giR9CN8440grt3jpwckE_RCi8ylUPlnN6DaSw1sEKaacMSWuZLspkRLBdydf-OlMqPAW1cJ_BLPW5a3xy3ISbTJfTkbtI6bgQozSU3rkobh6dZJ4FbRtfpjH-n7mkfj5RQ_KRA_EVyW3seb_46n_j9mWKhXOzqMkd2cnQNwdWNrQdCd8aNkt8Y_004QcV7T5wArmKZT9Fae8vhQCRnH6nB05FBo2u-AnnhxTawxiebObwDrwirxragvAwqM81vp5Bx_v2GcPHEaOphKlnnXfiqkfnnh5YWWhbC7hSARyAPAjJPolaF1xryRXTbCfGOY9SomZCLQ1XxEQW7PYCqvU-VoWBmtDUn5lCFgHSx05q7ANjDF36z9mEfFWJuX14_xnS-GO8oWsnwtfuS3m7mNaHPbLiFCM_8swNvK_bcGwIAwFq_oXxBS4oPnRrcxCcPwJNTSUVrhF7moXcX7FjXugM8-2rpfD2BEi2lwe8-ClCl-l_I7HZLtxChtm23rYFnFPggELdtkHLnRF8-vTtvlKujcWo364aDiC4jawd2DpBwg6_3DiGl9vs4IUvBQa5pEa6BySdKROSG4IzZjiYkqONoZiZWwe0lf3vQDmxEOj5bwt-a4RHq2WpRcdloXGtBAOSQFFQqnisRoMM6lRTsRMAovVRHAy5o3xGfT9U2y-bEaZw0d7_odR_95sfth2MMqfxE4FdbJuEVmiKGxCkJLs853FmfEq5QgeISzLSRlLhxVcyeNDwjWAsxa_-ntiKiz3dnpIBBtAuxTgo7UPH_9yApfUmaa_Fa-g7z-UQ9DkKJ1FC6F4xtIqmwgJqQiDo5-SYTdtl5BXsNq00dOjadmzTbr_Ip2fjx9DtWHBElsRWK2CslRWsrA0ZtVc6yF8ZEHyvcB2npa1gr_jYx-zuzX5rs0VtVcz8mjfUc4tYMeZUSu0otMnYTOIZcTdntrSM9F_BF4D5RzCsnBimD2NCpDUOkjCtrMEAcBkZXehAbwdD9v94G_dtSiVn6d5d7Ez2GCMyvCAJFVguwoJCC8nW6OtvNog0Y1za-CHEWxSp0-XKaOSX6xSsEtjNQ2ROFTxUs8tpfrGNUC7VRDIdeMtPAaNRF8WUcGuZfh_wgsmMBuLwANoWFlXRKXxQrfTX3EZOnXWkpwF9hyhOavwWcyooDiB0tSdeaRSEIdNkS5BYlQLOuwsSoHmT_nGI7qNeNv4OhEbL61CLnv3awvAbvC0W2zz8NAR9aOMGG84WNxw_VBAN4E9-PM3Okv8_Z4nzu2dQQ6PWCvc0o6hlwMojcvrs1uBc_0rrlVMX8pPbuu2XzQd2TaloP4ksbM0xiEd2UWJ8AEq4K6Quhrr5ktuT58NrGpl3FRByVt_x-Fl_YY3DmDjbLjQdmuVfFzjYTAN3IZYyCqI8L47_gp_lMWrn3donNrRgb3DI27Cxk7t3STLkGnJ_YWsUwFp5TbG0tG6dDKy72F12la8VvAy6R07nbiC6rWYgJqr7dKbFjjpGFsp00Sb2hMf5l1O6nY68MX1c5cmiByQ7eVVpNrg22gbx--rZcUJdgmiUFv4qnzLvmu2qwWrvC2jwlRzF3_HekdYeonzDmlX3kIPzOfnykzLyw7L9NLWK7xIdDFR6fhzI54jYlJJRQ45sNNptbZUMNQEgNOyLs2jLNlovq5JPVTwio38refOQ66IOJXl1XS7aDS85DXhQHXLy6tqO98xvZbw7GTIEAmfG2P3ESxr80EFI1VNaLmBxvyiDkMKfyr8paOmmpK-OYfBrHTefEV8yXg1Vm1qJJ_NVpimSiUNCTI9Pjp0XmPUxszCO-9GC6kyv5gFReDSk7B3HJUqnRO-_5H6HtWD5bt5t5S6SVyOFyr_psUBeDM57lFV9cK6vWxzBMsAsQC7FZVXbqYLfri2zrXuU7SzKnE9PuqZi-1Kopshyw1fdQRkdci8gLLreEOdnkqBq8mJCqKcYPED77vsC69C3A2wgLrPfzAOxF425voZ_FJ6ozP41dMbbsVthcUwTqBRBySf83RNdSLz9MNJhQaZKaj2nTwhxQnxQYO_fqRuCbESbWmiwT9lzScGaJ-BwHsCR4V90pBwVUHkv3YEbSIZ0Nopb5wpyE111k5Uj2aEnZrEolKGxluN_GETzMZlPdPvm1uUky5O6ZPf35QEO9pYtW-aIwR_tm-l-XhzHxmzDhjnd6LmRsjC0xk3vzSaC57p564bpkld5MHFqHcoO7DJsqeQb-hunvV9mM0pdogKk&cid=CAASJeRog3A0-auf_8vFwKQI42ir3DfXY6QYUlx8qM27UhcxhGUVXQo&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 07:50:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
295360
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Sep 2023 07:50:57 GMT
/
d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/ Frame 740A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=turn_dmp&google_cm
  • https://d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/?mpuid=CAESEKgbcBaDpP1KoF7syjQhQPQ&google_cver=1
43 B
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/?mpuid=CAESEKgbcBaDpP1KoF7syjQhQPQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD5_-oBGMaErZkBMAE&v=APEucNUhX6lIqcRzgt9NjS2CvtaEaqxnBmcVQmC4-tyD59AeKA8uoNI8t059uiPYW6wQ4UYDHT93vmiK17WbaRTNLMxXmM5YEv_K0DPYkQmOiy-6QZuvLWz9H7B4Eks-_J3HSX6pmXMg0GH-HyOFoiVsv9I0oCruuapTWp9EvI_hBfqGPKbf8mp50G-nqn4QHyS-5OThGDCOnUqCNwl6fByyw_v2yKHezQ
Protocol
H2
Server
2001:678:cb4:bbbb::13 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:36 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type
image/gif
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzI0MTMwODU4/rnd/?mpuid=CAESEKgbcBaDpP1KoF7syjQhQPQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
309
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 740A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELuyIHG8n7H_nO2kAFsLzoU&google_cver=1
43 B
848 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELuyIHG8n7H_nO2kAFsLzoU&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD5_-oBGMaErZkBMAE&v=APEucNUhX6lIqcRzgt9NjS2CvtaEaqxnBmcVQmC4-tyD59AeKA8uoNI8t059uiPYW6wQ4UYDHT93vmiK17WbaRTNLMxXmM5YEv_K0DPYkQmOiy-6QZuvLWz9H7B4Eks-_J3HSX6pmXMg0GH-HyOFoiVsv9I0oCruuapTWp9EvI_hBfqGPKbf8mp50G-nqn4QHyS-5OThGDCOnUqCNwl6fByyw_v2yKHezQ
Protocol
H3
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
7460d34f1d5a8ffa-FRA
pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c7KbBe%2FULELjnQ7g6CtDh417XF6ZJTmVTUKIeebzipV0F7f4%2BgXqRTPKLPVoSDqs3Qo9kKPRz9B0UOMXnwfHJTDYMDGGsoFn7OCZeBuL4wrMLFRLG7FAZ%2FDKQwDH3XF660a%2Bzse%2F1X%2F4ow%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELuyIHG8n7H_nO2kAFsLzoU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 740A
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxY3oOwda2xciwnHsx5sKwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELuyIHG8n7H_nO2kAFsLzoU&google_cver=1
43 B
846 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELuyIHG8n7H_nO2kAFsLzoU&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM66ChD5_-oBGMaErZkBMAE&v=APEucNUhX6lIqcRzgt9NjS2CvtaEaqxnBmcVQmC4-tyD59AeKA8uoNI8t059uiPYW6wQ4UYDHT93vmiK17WbaRTNLMxXmM5YEv_K0DPYkQmOiy-6QZuvLWz9H7B4Eks-_J3HSX6pmXMg0GH-HyOFoiVsv9I0oCruuapTWp9EvI_hBfqGPKbf8mp50G-nqn4QHyS-5OThGDCOnUqCNwl6fByyw_v2yKHezQ
Protocol
H3
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
7460d34fde6b8ffa-FRA
pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ainMYXvoAbOISUKW1VUK8qjTqDwylZmIvpEDnT1qj577X9X%2F9w1PHSD%2Fttf7uO9Kkvk8ULEw6VbfZcKorrTGFLuFbJLTbGb3uin%2BNTb%2BGyiMxo7XiEwPZz0FBkoXSGDL9RJ8C72FmpPfxg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELuyIHG8n7H_nO2kAFsLzoU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adj
bid.g.doubleclick.net/xbbe/creative/ Frame A8DD
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/bgd/266706/51196687/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1...
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPo...
54 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPoAOEfWSQRb1FS8g5QshTSMp-Glay2oFYHNqniZ0AC8Gok_db-ZH6z-zY1fnkdWkALY0Yqq2qvEzsN08i9mhq5cezI2yo6sX02rES-RMAoCZ_4PFyrcROs2mnLxbbfLlxl5dzpijP1T7DqlQVD3Wn6uD6n6kz4PPZnCk4ttEyFUSfrT1-HRFfzTiIjWAN_BRL_sFDpoUibHp1fSUYD4UTyR3ezd0iOuM_emesnde2D6ol3E58gxXZRNaLRrQGGkLkH3ClqZ9Gsc7L_sfj1yU9FTQJnTY4Qm_XMDcHQQ35hQ1_7B1u--vdtfHwClAaDzgZjXVolr2aKDA_4HNK9sOXcFaum5D2xlGt8wpMOdqPz7LT7QX6n-1wiemGwjkJ1g1DjSoYOT6BJaS9rnF-vxB5QLbqn8PAxizjb0byjkLE80m16Jbpvoy1rovD7RkPehwyNP_jEgicD9vxUO_bzGUGCmBy8reJEK8qqz12xNB4gQwtx3ceYvVY-fydR7GCVdLMVu0r4F2uk2guiqab7xANaOf1A5FSDieqkeLcC9AtdoTC3RbWOywy8PBacU_CaOEo4XZ5puvapW-1vQZHSHIPqcuXxszJ_y-ZcJP9REFEOTzrDhPXSfSpv73EQVw9pFnwKRMroNPwUSSzJgMXU2CNoqf-ArEDyqy9M0KOpoCrZgO_9fu3z4yx-QF-e_66xkTkykbTHjQJ3ONAIuyHmqrLajj-QYH-OICYshQIvUpzE-1l5JpYYQUJb6jyJC9PggAjZ2ObL8GwrUoP95mJfwBI19dmyOOZlAnmnG5v_0gfyrMNFcOSgyWBbpOtWKkM1meAYe8UdPm1Hi89earDGKKiJ7ZFzSIMwvSEt2vF9pskMIRAwUv9itVQCJwHYNenYECnh96t5b2KN3rFSbWTV0nb5RPiD4LpV3WudCLQiu_DfsT2JhzsH33OQR58Ef9hnc-il127ln0-C4XpMmu1BtsGNi-Jas8gxODoLngZ5lTQBC9d3uin5kVpgUx-dj4O7idZsh9TnwPmTwza1euHNY1XJ6mkNcx9Aks-vMGNp4Nw2i-rbOHfpjTict1O3mtGulkhwOHIpxXVoUKrhCLjGGDLrMTDd3AnI5G9AgIgPzm2cCjdaEGV0PwAg2PYg41eVQMMF3bn107EYlA-epZcQEssKXYjrtCrHf7Qb4uL8gNzzz2-vebW6k2G9MMSP_Hi9BRJn-i07i_Edc7yamhs6JPc2fdBbahQ2M5YV5GuvdjccCMLSk9NAbD2kApQUWOZPgVukXkCYssqqeMZcKwAeVntKEnxIRuEdycaa2lL9mhHL1_ABi8SF-xaVZrS3gbN0RDy5Z-J6JzLeYsbXlaxiRBQD5elWL7s3x1l6i9Dy9ytV-s6j9M61Flbs3W4HKItUskbiag_dK8oBxcOPhR3V4ye5qjTPyRqwGUGmDjd4eXz5uASUBTadBXgnc2L42mcuGxM-0KUX-VJiUF46cKdtwSdPjHQoxP4r70uEViyaQ2OMd3cgZUdGTAdixIf8IKobAOjbOO34Qi1RUGeQiKKACutnnOX0cYCdEnpiRxLeHUOOUVFif-9C8DfNVee3IpE7X8hldZVchkBHE0j3BpJfjm3vBD3r0uYEJCvpiXu2k1OJRCSFrX312lGPEvUpLF98ZyjHuq6WIIb6kMzTQuai_78BZajdhwQoHd9Tl1uNTzIlKRup_7eAV_oLeuGy7XjcvfJFfu3h2O20y68bMpiN4cBPEKxLOt9JS8mrERuakI--DTLtkkFPNBoPtz0rhvgC1ArIBFSZBdTusZubUM2VkaZS5beo-e6ZyHdhUGqu4071_eYbc_TxCYxnxESGH86EQA_SXvoGts97bRaUKnQxxQ3fQmQ7P3UwORKGybz48R9MQo90yAyjziCfN9l0nCwjyDfJE9jY0ldJX-ckUikkkfQZKA3MYdrjHnmSQSyRn_tdG7YhmQZR0aPrKQTlqU5C3aHeFICo9LlyZcFGncTPW1AESrWIEPtPQ7PciHtJRsIJNFrrtI36galk57Kzdku-pmLoJNYCvRZok09TvjcUCO--mr2WxwJGJWnwP-umGMEx-881jLeLG_O0Qi7MDk5AIkI62LVdV5BsJsvpxZbqIjoa25380kqHclc_nI5VXrlEslQplKDyaNDL4oquGo-CH05sHAttN1mQ143f8s_ofa7-f6wMSSsaJIFCyYeH59k62jluugJDj9BNpv6WUDjaQ1IkYM7YZqrDS22m5s3D9HxMwKatMYtVVcPwO-gnx9vkxY63K3sPCAURSAT_SNSeJJJHQ9k1JGo4PtB7y9_wZZWNcNBXTPXriW5vi-zq-RipPRXDAYnHLifiQT-AGyC_pxm8iJaWL0FQYxp6YHGM7ob20tU7whB8SBfWo3wkeUhMxcoeUXtHdazoHQzyFGzhl30tcs6LOFr3jLrsdAlC2uy8YWVAFPNd4IVjjpjMABAOGHyfTZ8FIILCWMiKHkTIIirzg0Px8cmMDUc-SpDMlxnDXZht2SwVEwtRXE1hBa0_u818YWcBgRbWr6uQx5q9fIOhx7S9okDGp0Hk7icVMkgVGbgZn8vycnHicHgUroxKEOMi_L6JcZ8BSe8LQNl7kV1zbr5pEUDzKN3DIKTEQ4fkjIhXxWq0BSRwpaW2UObpaKDHgLcEuXr10t7roCwQs_7wV2Ntz-1WRweD1zDdTIwkMJi-_QIilTD095UHrujAHnh97BJIbfe7hiYB4ix8EnjKVunw-xtu64-4bYbr0uXzjlwfLMqCa3H53RLoFpKiPOvZl6FnwwnaLjlof1N9pubOZAar2Dc9tJ7vdOWUhLYUJ4qPMRvUZ63puguD-1ik63rOyT1QX-bJxQ2Wjx3ItAaNkhZMLtdI0QjER2GDBkNoKbWfN4JWSSbfnyeNAJpp9tKRbD5dRc4RjwDI1PrJ5AHdn3IPv0HuBoRsuwdvZLmpAip1yqpxczR6rT4sSCt52-Aur4WnbiXk4p3IzVJw-i1YKcXpcikxYSBG_SjS_zPkSqGM47d6rk8DZD7HCjAOVSAQqCyLliPf_OAOz9_7fFLyF2RCHBn1Omszypkokk2E-6l7y0q_VdF9vHrRBcZFLa5VHT6Kz7AD2ZwC-dMpZehKvU4Y7rOt_MnbpswUT-_WU9dFXR91vPnNCJntHHrDqv8tkBMcx9AWQCtkEEfetqD1tvdSKYG6jUYYKwRfz1EFQcnKBv1qCkzkYLaiGtIBDS0MVYP5qzibGIhiFE_Yv0OnFEpPMpP-eyVFRiq4lTTVhS9aUKC2s0xWyvvq3jv0NTZLtsE44F0Ns3lHAU6Koz7Bn8TMl2pDAIOvbG-ziR8ddZQZZ7eozt4srRXnrwzb3YC5gVdGAwwWaC2gSdcB6KimZ1t2f_rIjpMbzVfh_CQccxMkYcawuKy02mjnkHyAYCY7-dhaa4z_3RIwumPFzxyCL0ZGFFbCSxBPYM8JWsASUTdAtmT5WeNUToY0uhGQU8IInS9uxEaKQgAEiXkaINwNPmrn__LxcCkCONoq9w312OkGFJcfKjNu1IXMYRlFV0KYAE&cry=1
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
108.177.15.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wr-in-f157.1e100.net
Software
cafe /
Resource Hash
b8182b2f55eee5cef155ee6901e60b9a3950cd08863ca9644b4ebf775e2cc18a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21221
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
app06.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPoAOEfWSQRb1FS8g5QshTSMp-Glay2oFYHNqniZ0AC8Gok_db-ZH6z-zY1fnkdWkALY0Yqq2qvEzsN08i9mhq5cezI2yo6sX02rES-RMAoCZ_4PFyrcROs2mnLxbbfLlxl5dzpijP1T7DqlQVD3Wn6uD6n6kz4PPZnCk4ttEyFUSfrT1-HRFfzTiIjWAN_BRL_sFDpoUibHp1fSUYD4UTyR3ezd0iOuM_emesnde2D6ol3E58gxXZRNaLRrQGGkLkH3ClqZ9Gsc7L_sfj1yU9FTQJnTY4Qm_XMDcHQQ35hQ1_7B1u--vdtfHwClAaDzgZjXVolr2aKDA_4HNK9sOXcFaum5D2xlGt8wpMOdqPz7LT7QX6n-1wiemGwjkJ1g1DjSoYOT6BJaS9rnF-vxB5QLbqn8PAxizjb0byjkLE80m16Jbpvoy1rovD7RkPehwyNP_jEgicD9vxUO_bzGUGCmBy8reJEK8qqz12xNB4gQwtx3ceYvVY-fydR7GCVdLMVu0r4F2uk2guiqab7xANaOf1A5FSDieqkeLcC9AtdoTC3RbWOywy8PBacU_CaOEo4XZ5puvapW-1vQZHSHIPqcuXxszJ_y-ZcJP9REFEOTzrDhPXSfSpv73EQVw9pFnwKRMroNPwUSSzJgMXU2CNoqf-ArEDyqy9M0KOpoCrZgO_9fu3z4yx-QF-e_66xkTkykbTHjQJ3ONAIuyHmqrLajj-QYH-OICYshQIvUpzE-1l5JpYYQUJb6jyJC9PggAjZ2ObL8GwrUoP95mJfwBI19dmyOOZlAnmnG5v_0gfyrMNFcOSgyWBbpOtWKkM1meAYe8UdPm1Hi89earDGKKiJ7ZFzSIMwvSEt2vF9pskMIRAwUv9itVQCJwHYNenYECnh96t5b2KN3rFSbWTV0nb5RPiD4LpV3WudCLQiu_DfsT2JhzsH33OQR58Ef9hnc-il127ln0-C4XpMmu1BtsGNi-Jas8gxODoLngZ5lTQBC9d3uin5kVpgUx-dj4O7idZsh9TnwPmTwza1euHNY1XJ6mkNcx9Aks-vMGNp4Nw2i-rbOHfpjTict1O3mtGulkhwOHIpxXVoUKrhCLjGGDLrMTDd3AnI5G9AgIgPzm2cCjdaEGV0PwAg2PYg41eVQMMF3bn107EYlA-epZcQEssKXYjrtCrHf7Qb4uL8gNzzz2-vebW6k2G9MMSP_Hi9BRJn-i07i_Edc7yamhs6JPc2fdBbahQ2M5YV5GuvdjccCMLSk9NAbD2kApQUWOZPgVukXkCYssqqeMZcKwAeVntKEnxIRuEdycaa2lL9mhHL1_ABi8SF-xaVZrS3gbN0RDy5Z-J6JzLeYsbXlaxiRBQD5elWL7s3x1l6i9Dy9ytV-s6j9M61Flbs3W4HKItUskbiag_dK8oBxcOPhR3V4ye5qjTPyRqwGUGmDjd4eXz5uASUBTadBXgnc2L42mcuGxM-0KUX-VJiUF46cKdtwSdPjHQoxP4r70uEViyaQ2OMd3cgZUdGTAdixIf8IKobAOjbOO34Qi1RUGeQiKKACutnnOX0cYCdEnpiRxLeHUOOUVFif-9C8DfNVee3IpE7X8hldZVchkBHE0j3BpJfjm3vBD3r0uYEJCvpiXu2k1OJRCSFrX312lGPEvUpLF98ZyjHuq6WIIb6kMzTQuai_78BZajdhwQoHd9Tl1uNTzIlKRup_7eAV_oLeuGy7XjcvfJFfu3h2O20y68bMpiN4cBPEKxLOt9JS8mrERuakI--DTLtkkFPNBoPtz0rhvgC1ArIBFSZBdTusZubUM2VkaZS5beo-e6ZyHdhUGqu4071_eYbc_TxCYxnxESGH86EQA_SXvoGts97bRaUKnQxxQ3fQmQ7P3UwORKGybz48R9MQo90yAyjziCfN9l0nCwjyDfJE9jY0ldJX-ckUikkkfQZKA3MYdrjHnmSQSyRn_tdG7YhmQZR0aPrKQTlqU5C3aHeFICo9LlyZcFGncTPW1AESrWIEPtPQ7PciHtJRsIJNFrrtI36galk57Kzdku-pmLoJNYCvRZok09TvjcUCO--mr2WxwJGJWnwP-umGMEx-881jLeLG_O0Qi7MDk5AIkI62LVdV5BsJsvpxZbqIjoa25380kqHclc_nI5VXrlEslQplKDyaNDL4oquGo-CH05sHAttN1mQ143f8s_ofa7-f6wMSSsaJIFCyYeH59k62jluugJDj9BNpv6WUDjaQ1IkYM7YZqrDS22m5s3D9HxMwKatMYtVVcPwO-gnx9vkxY63K3sPCAURSAT_SNSeJJJHQ9k1JGo4PtB7y9_wZZWNcNBXTPXriW5vi-zq-RipPRXDAYnHLifiQT-AGyC_pxm8iJaWL0FQYxp6YHGM7ob20tU7whB8SBfWo3wkeUhMxcoeUXtHdazoHQzyFGzhl30tcs6LOFr3jLrsdAlC2uy8YWVAFPNd4IVjjpjMABAOGHyfTZ8FIILCWMiKHkTIIirzg0Px8cmMDUc-SpDMlxnDXZht2SwVEwtRXE1hBa0_u818YWcBgRbWr6uQx5q9fIOhx7S9okDGp0Hk7icVMkgVGbgZn8vycnHicHgUroxKEOMi_L6JcZ8BSe8LQNl7kV1zbr5pEUDzKN3DIKTEQ4fkjIhXxWq0BSRwpaW2UObpaKDHgLcEuXr10t7roCwQs_7wV2Ntz-1WRweD1zDdTIwkMJi-_QIilTD095UHrujAHnh97BJIbfe7hiYB4ix8EnjKVunw-xtu64-4bYbr0uXzjlwfLMqCa3H53RLoFpKiPOvZl6FnwwnaLjlof1N9pubOZAar2Dc9tJ7vdOWUhLYUJ4qPMRvUZ63puguD-1ik63rOyT1QX-bJxQ2Wjx3ItAaNkhZMLtdI0QjER2GDBkNoKbWfN4JWSSbfnyeNAJpp9tKRbD5dRc4RjwDI1PrJ5AHdn3IPv0HuBoRsuwdvZLmpAip1yqpxczR6rT4sSCt52-Aur4WnbiXk4p3IzVJw-i1YKcXpcikxYSBG_SjS_zPkSqGM47d6rk8DZD7HCjAOVSAQqCyLliPf_OAOz9_7fFLyF2RCHBn1Omszypkokk2E-6l7y0q_VdF9vHrRBcZFLa5VHT6Kz7AD2ZwC-dMpZehKvU4Y7rOt_MnbpswUT-_WU9dFXR91vPnNCJntHHrDqv8tkBMcx9AWQCtkEEfetqD1tvdSKYG6jUYYKwRfz1EFQcnKBv1qCkzkYLaiGtIBDS0MVYP5qzibGIhiFE_Yv0OnFEpPMpP-eyVFRiq4lTTVhS9aUKC2s0xWyvvq3jv0NTZLtsE44F0Ns3lHAU6Koz7Bn8TMl2pDAIOvbG-ziR8ddZQZZ7eozt4srRXnrwzb3YC5gVdGAwwWaC2gSdcB6KimZ1t2f_rIjpMbzVfh_CQccxMkYcawuKy02mjnkHyAYCY7-dhaa4z_3RIwumPFzxyCL0ZGFFbCSxBPYM8JWsASUTdAtmT5WeNUToY0uhGQU8IInS9uxEaKQgAEiXkaINwNPmrn__LxcCkCONoq9w312OkGFJcfKjNu1IXMYRlFV0KYAE&cry=1
cache-control
no-cache
content-length
0
server
nginx
sca.17.5.12.js
static.adsafeprotected.com/ Frame F715 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.5.12.js
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:dc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Sat, 16 Jul 2022 09:09:25 GMT
content-encoding
gzip
age
4437853
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 19 Aug 2021 16:31:24 GMT
server
AmazonS3
etag
W/"9304f57298c3834ff107ea7ccb547996"
vary
Accept-Encoding
x-amz-version-id
9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via
1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA53-C1
content-type
application/javascript
x-amz-cf-id
HggS2JxZfGtGYKpRqXuaPPtk0eFh_6nj10I_SnAbA-8jwnncIw48eg==
dt
dt.adsafeprotected.com/ Frame 2F18 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=747557&asId=41a422a5-cf3e-e596-caf8-963a01ab86d2&tv=%7Bc:nmC6MW,pingTime:-2,time:334,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:192,bdZ:398,beA:420,beZ:421,mfA:618,cmA:620,inA:620,inZ:623,prA:625,prZ:631,si:636,poA:638,poZ:654,cmZ:654,mfZ:654,loA:683,loZ:685,ltA:754,ltZ:754,mdA:421,mdZ:547%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:160,h:600,t:216%7D,%7Bpiv:0,vs:o,r:l,t:260%7D,%7Bpiv:100,vs:i,r:,t:288%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:46,o:288,n:260,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:216,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B58~1,0~0%5D,as:%5B58~160.600%5D%7D%7D,%7Bsl:o,t:260,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B28~0%5D,as:%5B28~160.600%5D%7D%7D,%7Bsl:i,t:288,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B46~100%5D,as:%5B46~160.600%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15*.747557-55375942%7C151%7C1521%7C16%7C171,idMap:15*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:IMG.qs,sinceFw:116,readyFired:true%7D&br=c
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
dt25.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
view.aspx
pb.media01.eu/ Frame B562
Redirect Chain
  • https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=78794700131074401084714012073002&t=htlp
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=78794700131074401084714012073002&actionid=981741&produktid=&dt_url=
0
629 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=78794700131074401084714012073002&actionid=981741&produktid=&dt_url=
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=xhwrmj44o767&nw=20&renderingType=javascript&namespace=94d1c6f0ef&subid=&uid=a66399ec8c9c8825&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=980x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNTQ3nzcWY6mnN6mxgAeSsozYD7XN-YNXvNu5q-UM8C4QASCVm8ohYJXKkYKgB8gBCakCO4LHDD-ksD6oAwGqBPcBT9DNUaFsZoyFcwor6BXIeV_bfSuxMOSDUHOQMIjw8aX5us5iEHhI9WEZC0LJFh4EY4p7gURTNq90q6_Q0KB8hwdz5fzquWtkJzW_taBBTPUSF9IBqhxSkn9Mxm_txmYmLXlJZlw2SOWBuDnIYl-PTkIkv24JkwAuwyjwxbpLAjlOReJ8b1TZ4GGbwDZqQRBNcdiqP2iK_T851__KQgFyhYAO0X2qgOYcWEjLjwp_UvYdf5qI7GBkUWNd2rZUmJIdb19Ul4QJ-N5tj7WZx3A7O7paYH8RQVErZv3DNbDGHqK0mHVpT2siWe6OQ9dI3JwjKRaD59rNQ8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tOTkzODU2NTgyMjAzNDY4MIAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g%26sig%3DAOD64_2SJJnOk3TlLJZyhOvZ7mmfWkwMlw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CBUoRSY4W3DKUg8HTru_ZFbHcsGTkbCuhfsJ-Gf6Yq2Y-5bgWn4rCJQZs9VMbRa7zcGQ22oZCQeMSHH_LqOBUJ3wLackIwH7_8hXQ7U5sSvQ9ulKQRjl_AoeZ1jnr_oX9W_VuPW4E0OIxSvirHfNb57KE8nw%26cry%3D1%26dbm_d%3DAKAmf-DYNuD88jcOhSR0kjngTTcloYxQheKZfCmhNEwEyewIHhz5J52MLlQpdRhgZJ24TsqFJblxUrVMnpiaf8mtqwqsHSriJIC0cVIFRru2m4RAcYjw8GsQK1lD5bR9OexjHVqdKFhvJZd85Tn7PSmQyhy5HiZMpdC9mbVqalMAIz17UWMWxhOlHZJJkW_XKyhrBa_Ff8AnHKhLPIj93mwANsG202bQ_DogiikUk45qULIb7moBUKveXKCArKgslv_NRuBOLhQ28mDieKopSsh_6r_IZGThkwmqXdLkf4cPezO29Ry5mAns4zoP9UgVX95PX2Dg6unHWn6CnONmuNXqraQeGb6hC5dsLp5l_kBHla-ycvSzTb7kZ-NDMTLpfn0oXzd0HiPs7FYzjkVTkF8feSPY94kGHQR1dN0TJIaq2sh6jCUrqTKnCpKbd_0O6dlPqJ-ZAFwvukItim0bXounP8d3YudZnrcs6Q9Ak0u4gIdngyGKOkVxZxRJP7Ai-Aam2Yt-Rou9ZgvWFiqz22lmhYqrYyTvDTTgM362WqR9vGfki8nA8QbFJM_taDwuH0mg8a_enV13_C9pXbLWUipjDH0KoqbnL9eDvwLahNKPqVBZypUatOdoDKOFPkq9mkura67QLg0t%26adurl%3D&documentReferer=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.hawtcelebs.com&random=1631178079905&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods
GET,POST
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Mon, 05 Sep 2022 17:53:36 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Mon, 05 Sep 2022 07:53:36 GMT
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma
no-cache
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-xss-protection
1; mode=block

Redirect headers

Content-Length
0
Content-Type
application/javascript
Date
Mon, 05 Sep 2022 17:53:37 GMT
Host
pv.medialead.de
Keep-Alive
timeout=20
Location
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=78794700131074401084714012073002&actionid=981741&produktid=&dt_url=
Proxy-Host
pv.medialead.de
Server
nginx/1.17.5
Strict-Transport-Security
max-age=15768000
X-IPLB-Instance
40028
X-IPLB-Request-ID
5413AFB7:A91E_91EFC182:01BB_631637A1_9007465:1F22E
htlp
futalis.de/ Frame F279
Redirect Chain
  • https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=78794700131074401084714012073002&ra_cnt_active=1&ra_cnt=1
  • https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1578472959
350 B
409 B 		Document
General
Check archive.org
Download Go to
Full URL
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1578472959
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=xhwrmj44o767&nw=20&renderingType=javascript&namespace=94d1c6f0ef&subid=&uid=a66399ec8c9c8825&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=980x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNTQ3nzcWY6mnN6mxgAeSsozYD7XN-YNXvNu5q-UM8C4QASCVm8ohYJXKkYKgB8gBCakCO4LHDD-ksD6oAwGqBPcBT9DNUaFsZoyFcwor6BXIeV_bfSuxMOSDUHOQMIjw8aX5us5iEHhI9WEZC0LJFh4EY4p7gURTNq90q6_Q0KB8hwdz5fzquWtkJzW_taBBTPUSF9IBqhxSkn9Mxm_txmYmLXlJZlw2SOWBuDnIYl-PTkIkv24JkwAuwyjwxbpLAjlOReJ8b1TZ4GGbwDZqQRBNcdiqP2iK_T851__KQgFyhYAO0X2qgOYcWEjLjwp_UvYdf5qI7GBkUWNd2rZUmJIdb19Ul4QJ-N5tj7WZx3A7O7paYH8RQVErZv3DNbDGHqK0mHVpT2siWe6OQ9dI3JwjKRaD59rNQ8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tOTkzODU2NTgyMjAzNDY4MIAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g%26sig%3DAOD64_2SJJnOk3TlLJZyhOvZ7mmfWkwMlw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CBUoRSY4W3DKUg8HTru_ZFbHcsGTkbCuhfsJ-Gf6Yq2Y-5bgWn4rCJQZs9VMbRa7zcGQ22oZCQeMSHH_LqOBUJ3wLackIwH7_8hXQ7U5sSvQ9ulKQRjl_AoeZ1jnr_oX9W_VuPW4E0OIxSvirHfNb57KE8nw%26cry%3D1%26dbm_d%3DAKAmf-DYNuD88jcOhSR0kjngTTcloYxQheKZfCmhNEwEyewIHhz5J52MLlQpdRhgZJ24TsqFJblxUrVMnpiaf8mtqwqsHSriJIC0cVIFRru2m4RAcYjw8GsQK1lD5bR9OexjHVqdKFhvJZd85Tn7PSmQyhy5HiZMpdC9mbVqalMAIz17UWMWxhOlHZJJkW_XKyhrBa_Ff8AnHKhLPIj93mwANsG202bQ_DogiikUk45qULIb7moBUKveXKCArKgslv_NRuBOLhQ28mDieKopSsh_6r_IZGThkwmqXdLkf4cPezO29Ry5mAns4zoP9UgVX95PX2Dg6unHWn6CnONmuNXqraQeGb6hC5dsLp5l_kBHla-ycvSzTb7kZ-NDMTLpfn0oXzd0HiPs7FYzjkVTkF8feSPY94kGHQR1dN0TJIaq2sh6jCUrqTKnCpKbd_0O6dlPqJ-ZAFwvukItim0bXounP8d3YudZnrcs6Q9Ak0u4gIdngyGKOkVxZxRJP7Ai-Aam2Yt-Rou9ZgvWFiqz22lmhYqrYyTvDTTgM362WqR9vGfki8nA8QbFJM_taDwuH0mg8a_enV13_C9pXbLWUipjDH0KoqbnL9eDvwLahNKPqVBZypUatOdoDKOFPkq9mkura67QLg0t%26adurl%3D&documentReferer=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.hawtcelebs.com&random=1631178079905&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
lb-1.futalis.de
Software
/
Resource Hash
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
350
content-type
text/html; charset=utf-8

Redirect headers

content-length
0
content-type
text/html; charset=utf-8
date
Mon, 05 Sep 2022 17:53:37 GMT
location
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1578472959
p3p
policyref="https://www.retailads.net//w3c/p3p.xml",CP="NOI CUR OUR STP"
server
Apache
request_content.php
hal90002.redintelligence.net/ Frame 27BF 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal90002.redintelligence.net/request_content.php?s=78794700131074401084714012073002&a=869ad90c
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=xhwrmj44o767&nw=20&renderingType=javascript&namespace=94d1c6f0ef&subid=&uid=a66399ec8c9c8825&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=980x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNTQ3nzcWY6mnN6mxgAeSsozYD7XN-YNXvNu5q-UM8C4QASCVm8ohYJXKkYKgB8gBCakCO4LHDD-ksD6oAwGqBPcBT9DNUaFsZoyFcwor6BXIeV_bfSuxMOSDUHOQMIjw8aX5us5iEHhI9WEZC0LJFh4EY4p7gURTNq90q6_Q0KB8hwdz5fzquWtkJzW_taBBTPUSF9IBqhxSkn9Mxm_txmYmLXlJZlw2SOWBuDnIYl-PTkIkv24JkwAuwyjwxbpLAjlOReJ8b1TZ4GGbwDZqQRBNcdiqP2iK_T851__KQgFyhYAO0X2qgOYcWEjLjwp_UvYdf5qI7GBkUWNd2rZUmJIdb19Ul4QJ-N5tj7WZx3A7O7paYH8RQVErZv3DNbDGHqK0mHVpT2siWe6OQ9dI3JwjKRaD59rNQ8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQPIIG2FkeC1zdWJzeW4tOTkzODU2NTgyMjAzNDY4MIAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoT_8MlmHS9DUNSV9yLn9_7kgRm3iHqQ_fij_TUgWoV6jY5chj5g%26sig%3DAOD64_2SJJnOk3TlLJZyhOvZ7mmfWkwMlw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CBUoRSY4W3DKUg8HTru_ZFbHcsGTkbCuhfsJ-Gf6Yq2Y-5bgWn4rCJQZs9VMbRa7zcGQ22oZCQeMSHH_LqOBUJ3wLackIwH7_8hXQ7U5sSvQ9ulKQRjl_AoeZ1jnr_oX9W_VuPW4E0OIxSvirHfNb57KE8nw%26cry%3D1%26dbm_d%3DAKAmf-DYNuD88jcOhSR0kjngTTcloYxQheKZfCmhNEwEyewIHhz5J52MLlQpdRhgZJ24TsqFJblxUrVMnpiaf8mtqwqsHSriJIC0cVIFRru2m4RAcYjw8GsQK1lD5bR9OexjHVqdKFhvJZd85Tn7PSmQyhy5HiZMpdC9mbVqalMAIz17UWMWxhOlHZJJkW_XKyhrBa_Ff8AnHKhLPIj93mwANsG202bQ_DogiikUk45qULIb7moBUKveXKCArKgslv_NRuBOLhQ28mDieKopSsh_6r_IZGThkwmqXdLkf4cPezO29Ry5mAns4zoP9UgVX95PX2Dg6unHWn6CnONmuNXqraQeGb6hC5dsLp5l_kBHla-ycvSzTb7kZ-NDMTLpfn0oXzd0HiPs7FYzjkVTkF8feSPY94kGHQR1dN0TJIaq2sh6jCUrqTKnCpKbd_0O6dlPqJ-ZAFwvukItim0bXounP8d3YudZnrcs6Q9Ak0u4gIdngyGKOkVxZxRJP7Ai-Aam2Yt-Rou9ZgvWFiqz22lmhYqrYyTvDTTgM362WqR9vGfki8nA8QbFJM_taDwuH0mg8a_enV13_C9pXbLWUipjDH0KoqbnL9eDvwLahNKPqVBZypUatOdoDKOFPkq9mkura67QLg0t%26adurl%3D&documentReferer=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.hawtcelebs.com&random=1631178079905&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.47.10.4.46.clients.your-server.de
Software
Apache /
Resource Hash
d0f4a17af99311617e3d593f05df671cd644aa0df7f4384b0998a2f4b85be8b6

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
2059
Content-Type
text/html; charset=utf-8
Date
Mon, 05 Sep 2022 17:53:37 GMT
Expires
Mon, 05 Sep 2022 18:53:37 +0200
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
native.png
ad-server.eu/wm/pb/ Frame A677
Redirect Chain
  • https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=78794700131074401084714012073002
  • https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=78794700131074401084714012073002
  • https://ad-server.eu/wm/pb/native.png
68 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-server.eu/wm/pb/native.png
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Server
54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:57:44 GMT
Last-Modified
Sat, 21 Dec 2019 23:06:59 GMT
Server
nginx/1.4.6 (Ubuntu)
ETag
"5dfea593-44"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
68

Redirect headers

Date
Mon, 05 Sep 2022 17:53:37 GMT
Server
nginx/1.17.5
Host
pv.medialead.de
X-IPLB-Request-ID
5413AFB7:A938_91EFC182:01BB_631637A1_8F8BD2E:2A469
X-IPLB-Instance
40027
Strict-Transport-Security
max-age=15768000
Content-Type
application/go
Location
https://ad-server.eu/wm/pb/native.png
Keep-Alive
timeout=20
Content-Length
0
Proxy-Host
pv.medialead.de
cshow.php
www.awin1.com/ Frame A677 		43 B
702 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=78794700131074401084714012073002&pv=1
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-239-217.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 17:53:37 GMT
Strict-Transport-Security
max-age=86400
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control
no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set
default
Node
Helix
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0
truncated
/ Frame A677 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c15c300c0571e83adf008397552a55b42f77c5e88eff850bfb2c9904d8dbb1d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
dt
dt.adsafeprotected.com/ Frame A8DD 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=266706&asId=25860387-9ce7-c6ec-2a96-56ce88f843cc&tv=%7Bc:nmC6Nu,pingTime:-3,time:79,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:22%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:79,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B73~0%5D,as:%5B73~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
dt02.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame A8DD 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=266706&asId=25860387-9ce7-c6ec-2a96-56ce88f843cc&tv=%7Bc:nmC6Nw,pingTime:-6,time:81,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:81,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B74~0%5D,as:%5B74~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:www.hawtcelebs.com*&br=c
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
dt06.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame A8DD 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=266706&asId=25860387-9ce7-c6ec-2a96-56ce88f843cc&tv=%7Bc:nmC6Os,pingTime:-2,time:139,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:280,beZ:281,mfA:282,cmA:284,inA:284,inZ:289,prA:289,prZ:297,si:303,poA:304,poZ:324,cmZ:324,mfZ:324,loA:360,loZ:363,ltA:418,ltZ:418%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:22%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:139,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B132~0%5D,as:%5B132~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,sinceFw:113,readyFired:false%7D&br=c
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
dt23.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame B57D 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
295360
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 02 Sep 2022 07:50:57 GMT
expires
Sat, 02 Sep 2023 07:50:57 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
4f3c866c9211a9e36f887c707d480c31.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/4f3c866c9211a9e36f887c707d480c31.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2772b2939434a835dec4f5a233b58c541f80ecf225cb426db708388fb1f2b17f
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
19400
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1166
x-xss-protection
0
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
server
sffe
date
Mon, 05 Sep 2022 12:30:17 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 05 Sep 2023 12:30:17 GMT
b9f158a6c6c03c27aa0e28644e1bf489.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		370 B
277 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/b9f158a6c6c03c27aa0e28644e1bf489.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a509f4d3b48e9f9b0db4fae9fc717188c11f6eb03d97a934c38ee4d3a093c19d
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
19400
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
245
x-xss-protection
0
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
server
sffe
date
Mon, 05 Sep 2022 12:30:17 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 05 Sep 2023 12:30:17 GMT
7205d951d3bb56fcf8187a252d4e6e69.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/7205d951d3bb56fcf8187a252d4e6e69.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a630a9548dd7747fdddf7d25ccbf03d122c963492175a965de46743669003f10
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
19400
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11754
x-xss-protection
0
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
server
sffe
date
Mon, 05 Sep 2022 12:30:17 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 05 Sep 2023 12:30:17 GMT
57394ceda331faa00a5d31c6be65796a.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/57394ceda331faa00a5d31c6be65796a.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da5b6618ff476171445c5be42fdef76a522a24e05423f4ebe42aa5f7ff6339da
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
19400
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1061
x-xss-protection
0
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
server
sffe
date
Mon, 05 Sep 2022 12:30:17 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 05 Sep 2023 12:30:17 GMT
imagesof54gtuv7sfmftfur3dt.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/imagesof54gtuv7sfmftfur3dt.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e155ef1ed6e2d9fe76dcc54f4b1e4439132744317fc0e7c1786564b01c2391a
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
19400
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2256
x-xss-protection
0
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
server
sffe
date
Mon, 05 Sep 2022 12:30:17 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 05 Sep 2023 12:30:17 GMT
0ea914a086c670d717e7cb534ad1e4dc.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		2 KB
941 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/0ea914a086c670d717e7cb534ad1e4dc.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e09409f410bb7e7d99014fc8ad9ef5def48af70ca6820526b796ec824155ddaf
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
19400
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
908
x-xss-protection
0
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
server
sffe
date
Mon, 05 Sep 2022 12:30:17 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 05 Sep 2023 12:30:17 GMT
9d46a47f5711aa74697947d5b8b99085.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		393 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/9d46a47f5711aa74697947d5b8b99085.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9744cb08ddfd011e1b31e36846253082d81265eb3516abfafc436d35592e2250
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
19400
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
261
x-xss-protection
0
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
server
sffe
date
Mon, 05 Sep 2022 12:30:17 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 05 Sep 2023 12:30:17 GMT
8417c15b6338850cb1d8680d17baed52.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/8417c15b6338850cb1d8680d17baed52.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c925207bab7130d92d636a73d967c28cd7648918576dec1ae5f8800c602cbe7d
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
19400
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16429
x-xss-protection
0
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
server
sffe
date
Mon, 05 Sep 2022 12:30:17 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 05 Sep 2023 12:30:17 GMT
129554cae5ce5cbf73691dac25674bd5.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/ Frame 4E62 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/129554cae5ce5cbf73691dac25674bd5.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
790a2fb876a78daf76683bbbc32c371c73140c045931649a3d85fe8677cb8e20
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
19400
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22754
x-xss-protection
0
last-modified
Thu, 11 Aug 2022 12:45:15 GMT
server
sffe
date
Mon, 05 Sep 2022 12:30:17 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 05 Sep 2023 12:30:17 GMT
TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v49/ Frame 4E62 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/oswald/v49/TK3iWkUHHAIjg752GT8G.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:200,300,regular,500,600,700&cb=1660221761
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35c92598a5f32c018dc630f57b183b0284c211ce9c222e5b36840a62115262f1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 21:13:14 GMT
x-content-type-options
nosniff
age
592823
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25372
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:24:05 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 29 Aug 2023 21:13:14 GMT
css
fonts.googleapis.com/ Frame 27BF 		4 KB
651 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=78794700131074401084714012073002&a=869ad90c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 16:08:02 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 05 Sep 2022 17:53:37 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 05 Sep 2022 17:53:37 GMT
/
hal9000.redintelligence.net/scale/ Frame 27BF 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=78794700131074401084714012073002&a=869ad90c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.164.102.130.94.clients.your-server.de
Software
Apache /
Resource Hash
8fef4c5dbdb726de212237f0acbbdf4dfd9b2bc8e96cfc123ec7ccd84641fc8b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:37 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
16246
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 27BF 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=78794700131074401084714012073002&a=869ad90c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.164.102.130.94.clients.your-server.de
Software
Apache /
Resource Hash
759f8986297c16dd4f9373c590865aa43a31723d91df0e4e7de50b0312add3f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:37 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
16855
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 27BF 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=78794700131074401084714012073002&a=869ad90c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.164.102.130.94.clients.your-server.de
Software
Apache /
Resource Hash
8ff6faae8270e109e39ce50052fd76b0401de6c834df465ed17e2a7062e4340c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:37 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
12988
Vary
Accept-Encoding
Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame A0AE 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B_XnRoDcWY97jGtej9u8Pw9mp2AQAAAAAOAHgBAI&bg=!hYalhsLNAAZTikH4c4o7ACkAdvg8Wi1Et6afcRsj9n0soy4Dxr7vTke8VZQfiGtN_rdUuo3aEMYrNAIAAAG2UgAAAAJoAQeZAy2u1G1-YXGUNqRnCHbgpvRlsVOlohy-MosxvE5Z2hJA5_cmyIPxeHZ7z8IBps9ugPCeLf9Vo4Dy_ledYKFCYwcTE39XbdB2lPHUJb5S06ZqPWNM4LfU5fZKN8oMiNxu44tpClDYRokUidRC6asxDDZo1oZmsN9tR9PfQE9TWFOT91rfSehXdA7sxJFx7-1YNaIT7xBF-Y3__OiGcAJP_iTh0jFVhd7-4r7UdwWzHWVZMRLZS4SYr7ilv6DBtVVhUgmyHBFDM69zXAE1-ij-vkBJ6TGOp_ZqeEOg2iELhNf9aKrMjhENHERCoF-yFUAx3iU9WY7yDdrKzveh0NNQq932slezgvwn6tDj3MNwbGcZgp101UI5kL-Cjzk8DMyyT1xz9UF6g-AydGl6liLWLJZHU24ZtNK1T0UsWj9nZz_ZszlzA4LSIAlxGFtnaYx0BuNa-lnHQM83wGbbPllAL5ngPMT8Y4e9UKW_IN3Oz8o5xkMnFnSKaYVyhDrFkrHNDED6RUmYoh5xsIUVa6_KIS8qjYdVC7b9M3d1gFesXGO9nA4UMdVhF315kPOUjEgY3r4lIAHPlTBQz1jjRiYCDhO8dKvTty_pFQMsftD1P2Y-ubGQG6mP4076lmUTvfmqhokx_UldH7o1fyN3PzgcX9RE8wo42cDD4Eg3KhK0Wri01JOpY2eAoAo7tAuhE-i8lJkvGoliqlYSMZeT46N5nMMHr2v5besQPq63vf552RZkrOOS2u9j9O5EdDsvWz_oY6ErNJMoOwYeZbULDqX5TIPlTfD62sQNyACMSBSX25D1leRuhwaEOpitHy5kM07uo2Q3s7IFcCaufn0Qd_fvXhppEI3vduowRqeXP14JE-E6lCdL4zigxA6ms2D2M-pNnc3sqQoS5aNsvqCUF9xBr4VFtN7QE5Q10_lnGpaoGbuQ8Ne0VA66zQqeRc8pzlR3jcOYHSMJ7MHhROHQIm3AqugLp3tewAECCvc4sGQTm2gy_iaOmM5uvM8wKk1Kyts83xS77Pkc5kLyiVPaNU9E85MWxzzGh1NIL38QaowdLgNQIXpN7NARnmDS9mMWjqA
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5965 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDHmmoDcWY96tG8i6x_APkvKR4AIAAAAAOAHgBAI&bg=!FhWlFVHNAAZTikH4c4o7ACkAdvg8Whr40et4ynZHyMAGE_fjYOvd6kut4ajqNmzI3sqbvM1pgsXkTAIAAAGPUgAAAAJoAQeZAwBwo7Ehi1weyJdCZJh1Uq4Np3nO5JZWZwIeEEuwgMP_Vg7GYS_NCsU2VcETgJ08QyFwWKBwTRAxk_XfijTiAxpkeuc7o46Dbl_wHYExeRzlqYeJALWKNK4NnPyrVWb7fAj5PuAPPO1c416YS2Z6TyY5VgX3ru_oLbJn78ZHXoRchdsPzhEvl6Dx84xjIeK5Enj14Iy-lj0MwcAIrpX-cizyLG2gtJR3jZnPSbZTXyJwPpBBG2zgZX4PAtqMGl_lllJ5OF90XP7lkbKhX27NRMCcKr6kBXozBKlfEJnT9fvC9xuB_nlzVb0hfJIVeuEaDXF-4pS8lHerpqUw-E1AHGPIHMPxnOaxGhzywKujAMzVtH8mbz9tiG2zcbDaFWdQ73EwEzMq3WBy69Oa3d3RQyoWuYKbeSsXUXYipkkmu9k-seLiSW__kEycpAsRwG5uqPyAQonA-PTuKGulZgdmLy4Z8WcNyScSC9uvpLolKzjiRT5X8HIv2AqN8UBHo0Xv05VYzAG9sLHQn3ELDZ9SbN6auSnxouVydzx4bMhOrMtDzviMAKyHltddeIv8Y1Fsk0a9OnLGtc3yvL6-Ti-tEC2OQd_GzFT6fER8X7G0i1eqK8wCy_3wKSTRspiWwOBFXKxCwZFwG0b_TOso0AMyMi2i2GTuQxdV44YPtYilmw4HXKeQMmkRFXEYgTrM2FAf9PVlULqZfutzKgXdvv-xVoUVmDRdjE0sXnJQmutC7Oizcpp01pzxz8qu4b7aalJzH6HNs4BkNYn_TK8hdiTtQzwBix0JKkVLxoaTZY1S8WKQZn6s5w2BVnf1yjzQ6Z1Ig6ztWFercL4Xh5mqRl4zSM67RTnNeATsSwI8Wuu4seHbCiE8jyv8foA7DFZpuihd8DQ8y750d_Iep3Il7jxT5-VMbFWJQv2DxYJKzetXbwr-YWrivSe8moRlEuTP8p-UU1PaMXijnnTX1zXdSlIBCkDgiXWQ2l_-tBGFTG6FuMaa3DU-_rG5jECpR2cwbkECOp4
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
viewability
hal90002.redintelligence.net/ Frame 27BF 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal90002.redintelligence.net/viewability?s=78794700131074401084714012073002&a=8ccc0094&vb=m
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=78794700131074401084714012073002&a=869ad90c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.47.10.4.46.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/request_content.php?s=78794700131074401084714012073002&a=869ad90c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:37 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
pagead2.googlesyndication.com/bg/ Frame B57D 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74c50cc0a947464285c66df6e20bbfb2137624119faf6ad94489cb3f5bcc8aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 14:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13594
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15929
x-xss-protection
0
last-modified
Mon, 29 Aug 2022 10:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 14:07:03 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5EBC 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BINJZoDcWY7v4GaWwx_APxamwoAsAAAAAOAHgBAI&bg=!vr2lvfnNAAZTikH4c4o7ACkAdvg8Wu_ltC-5HKU8bngpccpVDcnhRHoSroo1V8xYCc3rNS7d31mbgwIAAAGFUgAAAAJoAQeZAun6GdbcHfyNOkATlSM0OZXjq-ciVoCTItCxJI4mT1SHdT4OuaeJ4onF49ScvCvJFuJQU50Cprn67_1Mj36zO8CFOOHsgJqzwWmDShkoi0WcbT5BsIWrU582Dx23FqU0H7F7l2pV9Sa4F9gowFPOZg6GKWt6BHYpS85j9_R5ZKorInEj0QIp5xGeqK-5bFNoyTcZxSO1T6iKDFbjxUzhiunmggGqX8J-uBG8gMgLvU7TC9caOrsk7kJ5cRvRpl9g1zP3zz9zlQBQq11QjfHtzhRQGlPTdkvDvWKoo8XcG6IBZEFPjn3TnF4I3Rpkd9IQ37TKwupYwOTb0jEUkxbyAO8QhlnuKHytkpnMLRdywjFCoRrph16xg9KIluV-fsmJIWUNgAz9qdfcN6QDQjONM33O79FD2_P2yv1qwOsPaPidLOyT4x3_1PshDQaUFtdcPPQxh1CN2VdVD76RAJfmedsXlW3CjyzI8GKw_dUWHROw58sPu8xQTjwQ-VNJbYEueM6BjMMsOF2b3dFP8BWjDQufVKo0UyTE7ipoXOtGeS01jhSmf2jaLDHfk0GD-o2EzXaDPGxYwbZhpw9_T5NLls9en0A15PRYGOC_T0XNo78RL98eNwarMa4hoSeRk3q_YtOjzmrb83Zxzaw5nd065kR-B1E680qZ6qtAoz9IgJljHxpi5Ql8DI9jLpUtst8x_gXJ-97p0FdjIPksgNPM5UxddpieAMz8loB2iT_xPGLjLhxYKKUVckyNBRj9VOiBRu0syL1QdSZwG9t1R8gvhNUogmHYeq5Q-Dtm770hHZRNd1jghNn222hGtb-bYy-Z_SNHGx4xj8MWET55T7sjpDVMLi3bfu7W85YZdqNvHUULNdMjeNPpxObSHBrs8PAX1MQRjqvLNoA6FNPQ7PW1LNLxVO3EyD-FrLm8UNj3liU7f9B-NzxQ9bISw4E8LhiKnql25uic-Ae2R2MwGkXccl5l5TssPeSg9A4a
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ts.js
cdn.retailads.net/ Frame F279 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.retailads.net/ts.js
Requested by
Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1578472959
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://futalis.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:37 GMT
last-modified
Fri, 21 Jan 2022 14:35:51 GMT
server
Apache
accept-ranges
bytes
etag
"14aa-5d6188919baaa"
content-length
5290
content-type
application/javascript
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 27BF 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal90002.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 08:45:42 GMT
x-content-type-options
nosniff
age
551275
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13052
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:09:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Aug 2023 08:45:42 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 27BF 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal90002.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:26:22 GMT
x-content-type-options
nosniff
age
426435
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13036
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:04:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 31 Aug 2023 19:26:22 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/ Frame A8DD 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/abg_lite.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/266706/51196687/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPoAOEfWSQRb1FS8g5QshTSMp-Glay2oFYHNqniZ0AC8Gok_db-ZH6z-zY1fnkdWkALY0Yqq2qvEzsN08i9mhq5cezI2yo6sX02rES-RMAoCZ_4PFyrcROs2mnLxbbfLlxl5dzpijP1T7DqlQVD3Wn6uD6n6kz4PPZnCk4ttEyFUSfrT1-HRFfzTiIjWAN_BRL_sFDpoUibHp1fSUYD4UTyR3ezd0iOuM_emesnde2D6ol3E58gxXZRNaLRrQGGkLkH3ClqZ9Gsc7L_sfj1yU9FTQJnTY4Qm_XMDcHQQ35hQ1_7B1u--vdtfHwClAaDzgZjXVolr2aKDA_4HNK9sOXcFaum5D2xlGt8wpMOdqPz7LT7QX6n-1wiemGwjkJ1g1DjSoYOT6BJaS9rnF-vxB5QLbqn8PAxizjb0byjkLE80m16Jbpvoy1rovD7RkPehwyNP_jEgicD9vxUO_bzGUGCmBy8reJEK8qqz12xNB4gQwtx3ceYvVY-fydR7GCVdLMVu0r4F2uk2guiqab7xANaOf1A5FSDieqkeLcC9AtdoTC3RbWOywy8PBacU_CaOEo4XZ5puvapW-1vQZHSHIPqcuXxszJ_y-ZcJP9REFEOTzrDhPXSfSpv73EQVw9pFnwKRMroNPwUSSzJgMXU2CNoqf-ArEDyqy9M0KOpoCrZgO_9fu3z4yx-QF-e_66xkTkykbTHjQJ3ONAIuyHmqrLajj-QYH-OICYshQIvUpzE-1l5JpYYQUJb6jyJC9PggAjZ2ObL8GwrUoP95mJfwBI19dmyOOZlAnmnG5v_0gfyrMNFcOSgyWBbpOtWKkM1meAYe8UdPm1Hi89earDGKKiJ7ZFzSIMwvSEt2vF9pskMIRAwUv9itVQCJwHYNenYECnh96t5b2KN3rFSbWTV0nb5RPiD4LpV3WudCLQiu_DfsT2JhzsH33OQR58Ef9hnc-il127ln0-C4XpMmu1BtsGNi-Jas8gxODoLngZ5lTQBC9d3uin5kVpgUx-dj4O7idZsh9TnwPmTwza1euHNY1XJ6mkNcx9Aks-vMGNp4Nw2i-rbOHfpjTict1O3mtGulkhwOHIpxXVoUKrhCLjGGDLrMTDd3AnI5G9AgIgPzm2cCjdaEGV0PwAg2PYg41eVQMMF3bn107EYlA-epZcQEssKXYjrtCrHf7Qb4uL8gNzzz2-vebW6k2G9MMSP_Hi9BRJn-i07i_Edc7yamhs6JPc2fdBbahQ2M5YV5GuvdjccCMLSk9NAbD2kApQUWOZPgVukXkCYssqqeMZcKwAeVntKEnxIRuEdycaa2lL9mhHL1_ABi8SF-xaVZrS3gbN0RDy5Z-J6JzLeYsbXlaxiRBQD5elWL7s3x1l6i9Dy9ytV-s6j9M61Flbs3W4HKItUskbiag_dK8oBxcOPhR3V4ye5qjTPyRqwGUGmDjd4eXz5uASUBTadBXgnc2L42mcuGxM-0KUX-VJiUF46cKdtwSdPjHQoxP4r70uEViyaQ2OMd3cgZUdGTAdixIf8IKobAOjbOO34Qi1RUGeQiKKACutnnOX0cYCdEnpiRxLeHUOOUVFif-9C8DfNVee3IpE7X8hldZVchkBHE0j3BpJfjm3vBD3r0uYEJCvpiXu2k1OJRCSFrX312lGPEvUpLF98ZyjHuq6WIIb6kMzTQuai_78BZajdhwQoHd9Tl1uNTzIlKRup_7eAV_oLeuGy7XjcvfJFfu3h2O20y68bMpiN4cBPEKxLOt9JS8mrERuakI--DTLtkkFPNBoPtz0rhvgC1ArIBFSZBdTusZubUM2VkaZS5beo-e6ZyHdhUGqu4071_eYbc_TxCYxnxESGH86EQA_SXvoGts97bRaUKnQxxQ3fQmQ7P3UwORKGybz48R9MQo90yAyjziCfN9l0nCwjyDfJE9jY0ldJX-ckUikkkfQZKA3MYdrjHnmSQSyRn_tdG7YhmQZR0aPrKQTlqU5C3aHeFICo9LlyZcFGncTPW1AESrWIEPtPQ7PciHtJRsIJNFrrtI36galk57Kzdku-pmLoJNYCvRZok09TvjcUCO--mr2WxwJGJWnwP-umGMEx-881jLeLG_O0Qi7MDk5AIkI62LVdV5BsJsvpxZbqIjoa25380kqHclc_nI5VXrlEslQplKDyaNDL4oquGo-CH05sHAttN1mQ143f8s_ofa7-f6wMSSsaJIFCyYeH59k62jluugJDj9BNpv6WUDjaQ1IkYM7YZqrDS22m5s3D9HxMwKatMYtVVcPwO-gnx9vkxY63K3sPCAURSAT_SNSeJJJHQ9k1JGo4PtB7y9_wZZWNcNBXTPXriW5vi-zq-RipPRXDAYnHLifiQT-AGyC_pxm8iJaWL0FQYxp6YHGM7ob20tU7whB8SBfWo3wkeUhMxcoeUXtHdazoHQzyFGzhl30tcs6LOFr3jLrsdAlC2uy8YWVAFPNd4IVjjpjMABAOGHyfTZ8FIILCWMiKHkTIIirzg0Px8cmMDUc-SpDMlxnDXZht2SwVEwtRXE1hBa0_u818YWcBgRbWr6uQx5q9fIOhx7S9okDGp0Hk7icVMkgVGbgZn8vycnHicHgUroxKEOMi_L6JcZ8BSe8LQNl7kV1zbr5pEUDzKN3DIKTEQ4fkjIhXxWq0BSRwpaW2UObpaKDHgLcEuXr10t7roCwQs_7wV2Ntz-1WRweD1zDdTIwkMJi-_QIilTD095UHrujAHnh97BJIbfe7hiYB4ix8EnjKVunw-xtu64-4bYbr0uXzjlwfLMqCa3H53RLoFpKiPOvZl6FnwwnaLjlof1N9pubOZAar2Dc9tJ7vdOWUhLYUJ4qPMRvUZ63puguD-1ik63rOyT1QX-bJxQ2Wjx3ItAaNkhZMLtdI0QjER2GDBkNoKbWfN4JWSSbfnyeNAJpp9tKRbD5dRc4RjwDI1PrJ5AHdn3IPv0HuBoRsuwdvZLmpAip1yqpxczR6rT4sSCt52-Aur4WnbiXk4p3IzVJw-i1YKcXpcikxYSBG_SjS_zPkSqGM47d6rk8DZD7HCjAOVSAQqCyLliPf_OAOz9_7fFLyF2RCHBn1Omszypkokk2E-6l7y0q_VdF9vHrRBcZFLa5VHT6Kz7AD2ZwC-dMpZehKvU4Y7rOt_MnbpswUT-_WU9dFXR91vPnNCJntHHrDqv8tkBMcx9AWQCtkEEfetqD1tvdSKYG6jUYYKwRfz1EFQcnKBv1qCkzkYLaiGtIBDS0MVYP5qzibGIhiFE_Yv0OnFEpPMpP-eyVFRiq4lTTVhS9aUKC2s0xWyvvq3jv0NTZLtsE44F0Ns3lHAU6Koz7Bn8TMl2pDAIOvbG-ziR8ddZQZZ7eozt4srRXnrwzb3YC5gVdGAwwWaC2gSdcB6KimZ1t2f_rIjpMbzVfh_CQccxMkYcawuKy02mjnkHyAYCY7-dhaa4z_3RIwumPFzxyCL0ZGFFbCSxBPYM8JWsASUTdAtmT5WeNUToY0uhGQU8IInS9uxEaKQgAEiXkaINwNPmrn__LxcCkCONoq9w312OkGFJcfKjNu1IXMYRlFV0KYAE&cry=1&adsafe_url=https%3A%2F%2Fwww.hawtcelebs.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:25860387-9ce7-c6ec-2a96-56ce88f843cc,c:nmC6MA,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-b5678d7-4b7lh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:23,oid:aabf362c-2d43-11ed-9feb-6ac3184d5c1c,v:19.8.346,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
35700fd4dc1a4008ab66bc0e57c19689f6daca9368bfd2a6beea1b86dc0159d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:51:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
123
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11778
x-xss-protection
0
server
cafe
etag
15541287485089275602
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:51:34 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/elements/html/ Frame A8DD 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/elements/html/omrhp.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/266706/51196687/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPoAOEfWSQRb1FS8g5QshTSMp-Glay2oFYHNqniZ0AC8Gok_db-ZH6z-zY1fnkdWkALY0Yqq2qvEzsN08i9mhq5cezI2yo6sX02rES-RMAoCZ_4PFyrcROs2mnLxbbfLlxl5dzpijP1T7DqlQVD3Wn6uD6n6kz4PPZnCk4ttEyFUSfrT1-HRFfzTiIjWAN_BRL_sFDpoUibHp1fSUYD4UTyR3ezd0iOuM_emesnde2D6ol3E58gxXZRNaLRrQGGkLkH3ClqZ9Gsc7L_sfj1yU9FTQJnTY4Qm_XMDcHQQ35hQ1_7B1u--vdtfHwClAaDzgZjXVolr2aKDA_4HNK9sOXcFaum5D2xlGt8wpMOdqPz7LT7QX6n-1wiemGwjkJ1g1DjSoYOT6BJaS9rnF-vxB5QLbqn8PAxizjb0byjkLE80m16Jbpvoy1rovD7RkPehwyNP_jEgicD9vxUO_bzGUGCmBy8reJEK8qqz12xNB4gQwtx3ceYvVY-fydR7GCVdLMVu0r4F2uk2guiqab7xANaOf1A5FSDieqkeLcC9AtdoTC3RbWOywy8PBacU_CaOEo4XZ5puvapW-1vQZHSHIPqcuXxszJ_y-ZcJP9REFEOTzrDhPXSfSpv73EQVw9pFnwKRMroNPwUSSzJgMXU2CNoqf-ArEDyqy9M0KOpoCrZgO_9fu3z4yx-QF-e_66xkTkykbTHjQJ3ONAIuyHmqrLajj-QYH-OICYshQIvUpzE-1l5JpYYQUJb6jyJC9PggAjZ2ObL8GwrUoP95mJfwBI19dmyOOZlAnmnG5v_0gfyrMNFcOSgyWBbpOtWKkM1meAYe8UdPm1Hi89earDGKKiJ7ZFzSIMwvSEt2vF9pskMIRAwUv9itVQCJwHYNenYECnh96t5b2KN3rFSbWTV0nb5RPiD4LpV3WudCLQiu_DfsT2JhzsH33OQR58Ef9hnc-il127ln0-C4XpMmu1BtsGNi-Jas8gxODoLngZ5lTQBC9d3uin5kVpgUx-dj4O7idZsh9TnwPmTwza1euHNY1XJ6mkNcx9Aks-vMGNp4Nw2i-rbOHfpjTict1O3mtGulkhwOHIpxXVoUKrhCLjGGDLrMTDd3AnI5G9AgIgPzm2cCjdaEGV0PwAg2PYg41eVQMMF3bn107EYlA-epZcQEssKXYjrtCrHf7Qb4uL8gNzzz2-vebW6k2G9MMSP_Hi9BRJn-i07i_Edc7yamhs6JPc2fdBbahQ2M5YV5GuvdjccCMLSk9NAbD2kApQUWOZPgVukXkCYssqqeMZcKwAeVntKEnxIRuEdycaa2lL9mhHL1_ABi8SF-xaVZrS3gbN0RDy5Z-J6JzLeYsbXlaxiRBQD5elWL7s3x1l6i9Dy9ytV-s6j9M61Flbs3W4HKItUskbiag_dK8oBxcOPhR3V4ye5qjTPyRqwGUGmDjd4eXz5uASUBTadBXgnc2L42mcuGxM-0KUX-VJiUF46cKdtwSdPjHQoxP4r70uEViyaQ2OMd3cgZUdGTAdixIf8IKobAOjbOO34Qi1RUGeQiKKACutnnOX0cYCdEnpiRxLeHUOOUVFif-9C8DfNVee3IpE7X8hldZVchkBHE0j3BpJfjm3vBD3r0uYEJCvpiXu2k1OJRCSFrX312lGPEvUpLF98ZyjHuq6WIIb6kMzTQuai_78BZajdhwQoHd9Tl1uNTzIlKRup_7eAV_oLeuGy7XjcvfJFfu3h2O20y68bMpiN4cBPEKxLOt9JS8mrERuakI--DTLtkkFPNBoPtz0rhvgC1ArIBFSZBdTusZubUM2VkaZS5beo-e6ZyHdhUGqu4071_eYbc_TxCYxnxESGH86EQA_SXvoGts97bRaUKnQxxQ3fQmQ7P3UwORKGybz48R9MQo90yAyjziCfN9l0nCwjyDfJE9jY0ldJX-ckUikkkfQZKA3MYdrjHnmSQSyRn_tdG7YhmQZR0aPrKQTlqU5C3aHeFICo9LlyZcFGncTPW1AESrWIEPtPQ7PciHtJRsIJNFrrtI36galk57Kzdku-pmLoJNYCvRZok09TvjcUCO--mr2WxwJGJWnwP-umGMEx-881jLeLG_O0Qi7MDk5AIkI62LVdV5BsJsvpxZbqIjoa25380kqHclc_nI5VXrlEslQplKDyaNDL4oquGo-CH05sHAttN1mQ143f8s_ofa7-f6wMSSsaJIFCyYeH59k62jluugJDj9BNpv6WUDjaQ1IkYM7YZqrDS22m5s3D9HxMwKatMYtVVcPwO-gnx9vkxY63K3sPCAURSAT_SNSeJJJHQ9k1JGo4PtB7y9_wZZWNcNBXTPXriW5vi-zq-RipPRXDAYnHLifiQT-AGyC_pxm8iJaWL0FQYxp6YHGM7ob20tU7whB8SBfWo3wkeUhMxcoeUXtHdazoHQzyFGzhl30tcs6LOFr3jLrsdAlC2uy8YWVAFPNd4IVjjpjMABAOGHyfTZ8FIILCWMiKHkTIIirzg0Px8cmMDUc-SpDMlxnDXZht2SwVEwtRXE1hBa0_u818YWcBgRbWr6uQx5q9fIOhx7S9okDGp0Hk7icVMkgVGbgZn8vycnHicHgUroxKEOMi_L6JcZ8BSe8LQNl7kV1zbr5pEUDzKN3DIKTEQ4fkjIhXxWq0BSRwpaW2UObpaKDHgLcEuXr10t7roCwQs_7wV2Ntz-1WRweD1zDdTIwkMJi-_QIilTD095UHrujAHnh97BJIbfe7hiYB4ix8EnjKVunw-xtu64-4bYbr0uXzjlwfLMqCa3H53RLoFpKiPOvZl6FnwwnaLjlof1N9pubOZAar2Dc9tJ7vdOWUhLYUJ4qPMRvUZ63puguD-1ik63rOyT1QX-bJxQ2Wjx3ItAaNkhZMLtdI0QjER2GDBkNoKbWfN4JWSSbfnyeNAJpp9tKRbD5dRc4RjwDI1PrJ5AHdn3IPv0HuBoRsuwdvZLmpAip1yqpxczR6rT4sSCt52-Aur4WnbiXk4p3IzVJw-i1YKcXpcikxYSBG_SjS_zPkSqGM47d6rk8DZD7HCjAOVSAQqCyLliPf_OAOz9_7fFLyF2RCHBn1Omszypkokk2E-6l7y0q_VdF9vHrRBcZFLa5VHT6Kz7AD2ZwC-dMpZehKvU4Y7rOt_MnbpswUT-_WU9dFXR91vPnNCJntHHrDqv8tkBMcx9AWQCtkEEfetqD1tvdSKYG6jUYYKwRfz1EFQcnKBv1qCkzkYLaiGtIBDS0MVYP5qzibGIhiFE_Yv0OnFEpPMpP-eyVFRiq4lTTVhS9aUKC2s0xWyvvq3jv0NTZLtsE44F0Ns3lHAU6Koz7Bn8TMl2pDAIOvbG-ziR8ddZQZZ7eozt4srRXnrwzb3YC5gVdGAwwWaC2gSdcB6KimZ1t2f_rIjpMbzVfh_CQccxMkYcawuKy02mjnkHyAYCY7-dhaa4z_3RIwumPFzxyCL0ZGFFbCSxBPYM8JWsASUTdAtmT5WeNUToY0uhGQU8IInS9uxEaKQgAEiXkaINwNPmrn__LxcCkCONoq9w312OkGFJcfKjNu1IXMYRlFV0KYAE&cry=1&adsafe_url=https%3A%2F%2Fwww.hawtcelebs.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:25860387-9ce7-c6ec-2a96-56ce88f843cc,c:nmC6MA,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-b5678d7-4b7lh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:23,oid:aabf362c-2d43-11ed-9feb-6ac3184d5c1c,v:19.8.346,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:48:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
334
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 17:48:03 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame A8DD 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsub7SE8fDEFcOS2NrrjPNtyDP22v9OIoPwbGu_GBoz4j9BXkMvAOxWOgu4rLDnn1WlaAtFLNcCQMewcPHruTQuIimISkcF2xP83lCFNYepHYGkAmRdp1Mtt8u2LuEKChxos0dP6HMbgxtTkVAM_qazGRXD-oarF1enjBD3qBg&sai=AMfl-YQ9gPWTwrwjLAwU-Or0Z_00xj1lFdi9qHw0DqnMMYy9fbt0K7CfszUBVlaUoebGqTV3Q7fL148g88Rrj6nGdAvZnJs1OK9w-wUPoOmVvLc6ioswELv45sllxSCr&sig=Cg0ArKJSzJ6kJRmffZ1eEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220831.65494&adurl=
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/266706/51196687/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPoAOEfWSQRb1FS8g5QshTSMp-Glay2oFYHNqniZ0AC8Gok_db-ZH6z-zY1fnkdWkALY0Yqq2qvEzsN08i9mhq5cezI2yo6sX02rES-RMAoCZ_4PFyrcROs2mnLxbbfLlxl5dzpijP1T7DqlQVD3Wn6uD6n6kz4PPZnCk4ttEyFUSfrT1-HRFfzTiIjWAN_BRL_sFDpoUibHp1fSUYD4UTyR3ezd0iOuM_emesnde2D6ol3E58gxXZRNaLRrQGGkLkH3ClqZ9Gsc7L_sfj1yU9FTQJnTY4Qm_XMDcHQQ35hQ1_7B1u--vdtfHwClAaDzgZjXVolr2aKDA_4HNK9sOXcFaum5D2xlGt8wpMOdqPz7LT7QX6n-1wiemGwjkJ1g1DjSoYOT6BJaS9rnF-vxB5QLbqn8PAxizjb0byjkLE80m16Jbpvoy1rovD7RkPehwyNP_jEgicD9vxUO_bzGUGCmBy8reJEK8qqz12xNB4gQwtx3ceYvVY-fydR7GCVdLMVu0r4F2uk2guiqab7xANaOf1A5FSDieqkeLcC9AtdoTC3RbWOywy8PBacU_CaOEo4XZ5puvapW-1vQZHSHIPqcuXxszJ_y-ZcJP9REFEOTzrDhPXSfSpv73EQVw9pFnwKRMroNPwUSSzJgMXU2CNoqf-ArEDyqy9M0KOpoCrZgO_9fu3z4yx-QF-e_66xkTkykbTHjQJ3ONAIuyHmqrLajj-QYH-OICYshQIvUpzE-1l5JpYYQUJb6jyJC9PggAjZ2ObL8GwrUoP95mJfwBI19dmyOOZlAnmnG5v_0gfyrMNFcOSgyWBbpOtWKkM1meAYe8UdPm1Hi89earDGKKiJ7ZFzSIMwvSEt2vF9pskMIRAwUv9itVQCJwHYNenYECnh96t5b2KN3rFSbWTV0nb5RPiD4LpV3WudCLQiu_DfsT2JhzsH33OQR58Ef9hnc-il127ln0-C4XpMmu1BtsGNi-Jas8gxODoLngZ5lTQBC9d3uin5kVpgUx-dj4O7idZsh9TnwPmTwza1euHNY1XJ6mkNcx9Aks-vMGNp4Nw2i-rbOHfpjTict1O3mtGulkhwOHIpxXVoUKrhCLjGGDLrMTDd3AnI5G9AgIgPzm2cCjdaEGV0PwAg2PYg41eVQMMF3bn107EYlA-epZcQEssKXYjrtCrHf7Qb4uL8gNzzz2-vebW6k2G9MMSP_Hi9BRJn-i07i_Edc7yamhs6JPc2fdBbahQ2M5YV5GuvdjccCMLSk9NAbD2kApQUWOZPgVukXkCYssqqeMZcKwAeVntKEnxIRuEdycaa2lL9mhHL1_ABi8SF-xaVZrS3gbN0RDy5Z-J6JzLeYsbXlaxiRBQD5elWL7s3x1l6i9Dy9ytV-s6j9M61Flbs3W4HKItUskbiag_dK8oBxcOPhR3V4ye5qjTPyRqwGUGmDjd4eXz5uASUBTadBXgnc2L42mcuGxM-0KUX-VJiUF46cKdtwSdPjHQoxP4r70uEViyaQ2OMd3cgZUdGTAdixIf8IKobAOjbOO34Qi1RUGeQiKKACutnnOX0cYCdEnpiRxLeHUOOUVFif-9C8DfNVee3IpE7X8hldZVchkBHE0j3BpJfjm3vBD3r0uYEJCvpiXu2k1OJRCSFrX312lGPEvUpLF98ZyjHuq6WIIb6kMzTQuai_78BZajdhwQoHd9Tl1uNTzIlKRup_7eAV_oLeuGy7XjcvfJFfu3h2O20y68bMpiN4cBPEKxLOt9JS8mrERuakI--DTLtkkFPNBoPtz0rhvgC1ArIBFSZBdTusZubUM2VkaZS5beo-e6ZyHdhUGqu4071_eYbc_TxCYxnxESGH86EQA_SXvoGts97bRaUKnQxxQ3fQmQ7P3UwORKGybz48R9MQo90yAyjziCfN9l0nCwjyDfJE9jY0ldJX-ckUikkkfQZKA3MYdrjHnmSQSyRn_tdG7YhmQZR0aPrKQTlqU5C3aHeFICo9LlyZcFGncTPW1AESrWIEPtPQ7PciHtJRsIJNFrrtI36galk57Kzdku-pmLoJNYCvRZok09TvjcUCO--mr2WxwJGJWnwP-umGMEx-881jLeLG_O0Qi7MDk5AIkI62LVdV5BsJsvpxZbqIjoa25380kqHclc_nI5VXrlEslQplKDyaNDL4oquGo-CH05sHAttN1mQ143f8s_ofa7-f6wMSSsaJIFCyYeH59k62jluugJDj9BNpv6WUDjaQ1IkYM7YZqrDS22m5s3D9HxMwKatMYtVVcPwO-gnx9vkxY63K3sPCAURSAT_SNSeJJJHQ9k1JGo4PtB7y9_wZZWNcNBXTPXriW5vi-zq-RipPRXDAYnHLifiQT-AGyC_pxm8iJaWL0FQYxp6YHGM7ob20tU7whB8SBfWo3wkeUhMxcoeUXtHdazoHQzyFGzhl30tcs6LOFr3jLrsdAlC2uy8YWVAFPNd4IVjjpjMABAOGHyfTZ8FIILCWMiKHkTIIirzg0Px8cmMDUc-SpDMlxnDXZht2SwVEwtRXE1hBa0_u818YWcBgRbWr6uQx5q9fIOhx7S9okDGp0Hk7icVMkgVGbgZn8vycnHicHgUroxKEOMi_L6JcZ8BSe8LQNl7kV1zbr5pEUDzKN3DIKTEQ4fkjIhXxWq0BSRwpaW2UObpaKDHgLcEuXr10t7roCwQs_7wV2Ntz-1WRweD1zDdTIwkMJi-_QIilTD095UHrujAHnh97BJIbfe7hiYB4ix8EnjKVunw-xtu64-4bYbr0uXzjlwfLMqCa3H53RLoFpKiPOvZl6FnwwnaLjlof1N9pubOZAar2Dc9tJ7vdOWUhLYUJ4qPMRvUZ63puguD-1ik63rOyT1QX-bJxQ2Wjx3ItAaNkhZMLtdI0QjER2GDBkNoKbWfN4JWSSbfnyeNAJpp9tKRbD5dRc4RjwDI1PrJ5AHdn3IPv0HuBoRsuwdvZLmpAip1yqpxczR6rT4sSCt52-Aur4WnbiXk4p3IzVJw-i1YKcXpcikxYSBG_SjS_zPkSqGM47d6rk8DZD7HCjAOVSAQqCyLliPf_OAOz9_7fFLyF2RCHBn1Omszypkokk2E-6l7y0q_VdF9vHrRBcZFLa5VHT6Kz7AD2ZwC-dMpZehKvU4Y7rOt_MnbpswUT-_WU9dFXR91vPnNCJntHHrDqv8tkBMcx9AWQCtkEEfetqD1tvdSKYG6jUYYKwRfz1EFQcnKBv1qCkzkYLaiGtIBDS0MVYP5qzibGIhiFE_Yv0OnFEpPMpP-eyVFRiq4lTTVhS9aUKC2s0xWyvvq3jv0NTZLtsE44F0Ns3lHAU6Koz7Bn8TMl2pDAIOvbG-ziR8ddZQZZ7eozt4srRXnrwzb3YC5gVdGAwwWaC2gSdcB6KimZ1t2f_rIjpMbzVfh_CQccxMkYcawuKy02mjnkHyAYCY7-dhaa4z_3RIwumPFzxyCL0ZGFFbCSxBPYM8JWsASUTdAtmT5WeNUToY0uhGQU8IInS9uxEaKQgAEiXkaINwNPmrn__LxcCkCONoq9w312OkGFJcfKjNu1IXMYRlFV0KYAE&cry=1&adsafe_url=https%3A%2F%2Fwww.hawtcelebs.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:25860387-9ce7-c6ec-2a96-56ce88f843cc,c:nmC6MA,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-b5678d7-4b7lh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:23,oid:aabf362c-2d43-11ed-9feb-6ac3184d5c1c,v:19.8.346,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
4967592552062421272
s0.2mdn.net/simgad/ Frame A8DD 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/4967592552062421272
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fbe2288d381bae5e1faa467c6fe5119f3c982aa6265700f5f3cbd7dca3049cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 16:14:53 GMT
x-content-type-options
nosniff
age
437924
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10269
x-xss-protection
0
last-modified
Thu, 14 Jul 2022 10:14:37 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 31 Aug 2023 16:14:53 GMT
JI0Pcydj_YJwFyiv8pAtPmsHnnPx6gDBxLt0n0XpIm8.js
pagead2.googlesyndication.com/bg/ Frame 4E62 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/JI0Pcydj_YJwFyiv8pAtPmsHnnPx6gDBxLt0n0XpIm8.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
248d0f732763fd82701728aff2902d3e6b079e73f1ea00c1c4bb749f45e9226f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:36:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1034
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15957
x-xss-protection
0
last-modified
Mon, 29 Aug 2022 10:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 17:36:23 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame A8DD 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsub7SE8fDEFcOS2NrrjPNtyDP22v9OIoPwbGu_GBoz4j9BXkMvAOxWOgu4rLDnn1WlaAtFLNcCQMewcPHruTQuIimISkcF2xP83lCFNYepHYGkAmRdp1Mtt8u2LuEKChxos0dP6HMbgxtTkVAM_qazGRXD-oarF1enjBD3qBg&sai=AMfl-YQ9gPWTwrwjLAwU-Or0Z_00xj1lFdi9qHw0DqnMMYy9fbt0K7CfszUBVlaUoebGqTV3Q7fL148g88Rrj6nGdAvZnJs1OK9w-wUPoOmVvLc6ioswELv45sllxSCr&sig=Cg0ArKJSzJ6kJRmffZ1eEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=48&vt=11&dtpt=47&dett=2&cstd=0&cisv=r20220831.65494&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/266706/51196687/xbbe/creative/adj?p=APEucNWmQplYe58ZnzMp36vCfoC0dirwsr6dqbj1bpmHsbSsFpajX6I&d=CokBAKAmf-BHikT4G_wI9qvfx_qK2I5YOV6wfYhwOAEI9B7Qdxd3ygOFQaVF0ti1Fipf4e_HZpvAvPPSdMyOAoiPoAOEfWSQRb1FS8g5QshTSMp-Glay2oFYHNqniZ0AC8Gok_db-ZH6z-zY1fnkdWkALY0Yqq2qvEzsN08i9mhq5cezI2yo6sX02rES-RMAoCZ_4PFyrcROs2mnLxbbfLlxl5dzpijP1T7DqlQVD3Wn6uD6n6kz4PPZnCk4ttEyFUSfrT1-HRFfzTiIjWAN_BRL_sFDpoUibHp1fSUYD4UTyR3ezd0iOuM_emesnde2D6ol3E58gxXZRNaLRrQGGkLkH3ClqZ9Gsc7L_sfj1yU9FTQJnTY4Qm_XMDcHQQ35hQ1_7B1u--vdtfHwClAaDzgZjXVolr2aKDA_4HNK9sOXcFaum5D2xlGt8wpMOdqPz7LT7QX6n-1wiemGwjkJ1g1DjSoYOT6BJaS9rnF-vxB5QLbqn8PAxizjb0byjkLE80m16Jbpvoy1rovD7RkPehwyNP_jEgicD9vxUO_bzGUGCmBy8reJEK8qqz12xNB4gQwtx3ceYvVY-fydR7GCVdLMVu0r4F2uk2guiqab7xANaOf1A5FSDieqkeLcC9AtdoTC3RbWOywy8PBacU_CaOEo4XZ5puvapW-1vQZHSHIPqcuXxszJ_y-ZcJP9REFEOTzrDhPXSfSpv73EQVw9pFnwKRMroNPwUSSzJgMXU2CNoqf-ArEDyqy9M0KOpoCrZgO_9fu3z4yx-QF-e_66xkTkykbTHjQJ3ONAIuyHmqrLajj-QYH-OICYshQIvUpzE-1l5JpYYQUJb6jyJC9PggAjZ2ObL8GwrUoP95mJfwBI19dmyOOZlAnmnG5v_0gfyrMNFcOSgyWBbpOtWKkM1meAYe8UdPm1Hi89earDGKKiJ7ZFzSIMwvSEt2vF9pskMIRAwUv9itVQCJwHYNenYECnh96t5b2KN3rFSbWTV0nb5RPiD4LpV3WudCLQiu_DfsT2JhzsH33OQR58Ef9hnc-il127ln0-C4XpMmu1BtsGNi-Jas8gxODoLngZ5lTQBC9d3uin5kVpgUx-dj4O7idZsh9TnwPmTwza1euHNY1XJ6mkNcx9Aks-vMGNp4Nw2i-rbOHfpjTict1O3mtGulkhwOHIpxXVoUKrhCLjGGDLrMTDd3AnI5G9AgIgPzm2cCjdaEGV0PwAg2PYg41eVQMMF3bn107EYlA-epZcQEssKXYjrtCrHf7Qb4uL8gNzzz2-vebW6k2G9MMSP_Hi9BRJn-i07i_Edc7yamhs6JPc2fdBbahQ2M5YV5GuvdjccCMLSk9NAbD2kApQUWOZPgVukXkCYssqqeMZcKwAeVntKEnxIRuEdycaa2lL9mhHL1_ABi8SF-xaVZrS3gbN0RDy5Z-J6JzLeYsbXlaxiRBQD5elWL7s3x1l6i9Dy9ytV-s6j9M61Flbs3W4HKItUskbiag_dK8oBxcOPhR3V4ye5qjTPyRqwGUGmDjd4eXz5uASUBTadBXgnc2L42mcuGxM-0KUX-VJiUF46cKdtwSdPjHQoxP4r70uEViyaQ2OMd3cgZUdGTAdixIf8IKobAOjbOO34Qi1RUGeQiKKACutnnOX0cYCdEnpiRxLeHUOOUVFif-9C8DfNVee3IpE7X8hldZVchkBHE0j3BpJfjm3vBD3r0uYEJCvpiXu2k1OJRCSFrX312lGPEvUpLF98ZyjHuq6WIIb6kMzTQuai_78BZajdhwQoHd9Tl1uNTzIlKRup_7eAV_oLeuGy7XjcvfJFfu3h2O20y68bMpiN4cBPEKxLOt9JS8mrERuakI--DTLtkkFPNBoPtz0rhvgC1ArIBFSZBdTusZubUM2VkaZS5beo-e6ZyHdhUGqu4071_eYbc_TxCYxnxESGH86EQA_SXvoGts97bRaUKnQxxQ3fQmQ7P3UwORKGybz48R9MQo90yAyjziCfN9l0nCwjyDfJE9jY0ldJX-ckUikkkfQZKA3MYdrjHnmSQSyRn_tdG7YhmQZR0aPrKQTlqU5C3aHeFICo9LlyZcFGncTPW1AESrWIEPtPQ7PciHtJRsIJNFrrtI36galk57Kzdku-pmLoJNYCvRZok09TvjcUCO--mr2WxwJGJWnwP-umGMEx-881jLeLG_O0Qi7MDk5AIkI62LVdV5BsJsvpxZbqIjoa25380kqHclc_nI5VXrlEslQplKDyaNDL4oquGo-CH05sHAttN1mQ143f8s_ofa7-f6wMSSsaJIFCyYeH59k62jluugJDj9BNpv6WUDjaQ1IkYM7YZqrDS22m5s3D9HxMwKatMYtVVcPwO-gnx9vkxY63K3sPCAURSAT_SNSeJJJHQ9k1JGo4PtB7y9_wZZWNcNBXTPXriW5vi-zq-RipPRXDAYnHLifiQT-AGyC_pxm8iJaWL0FQYxp6YHGM7ob20tU7whB8SBfWo3wkeUhMxcoeUXtHdazoHQzyFGzhl30tcs6LOFr3jLrsdAlC2uy8YWVAFPNd4IVjjpjMABAOGHyfTZ8FIILCWMiKHkTIIirzg0Px8cmMDUc-SpDMlxnDXZht2SwVEwtRXE1hBa0_u818YWcBgRbWr6uQx5q9fIOhx7S9okDGp0Hk7icVMkgVGbgZn8vycnHicHgUroxKEOMi_L6JcZ8BSe8LQNl7kV1zbr5pEUDzKN3DIKTEQ4fkjIhXxWq0BSRwpaW2UObpaKDHgLcEuXr10t7roCwQs_7wV2Ntz-1WRweD1zDdTIwkMJi-_QIilTD095UHrujAHnh97BJIbfe7hiYB4ix8EnjKVunw-xtu64-4bYbr0uXzjlwfLMqCa3H53RLoFpKiPOvZl6FnwwnaLjlof1N9pubOZAar2Dc9tJ7vdOWUhLYUJ4qPMRvUZ63puguD-1ik63rOyT1QX-bJxQ2Wjx3ItAaNkhZMLtdI0QjER2GDBkNoKbWfN4JWSSbfnyeNAJpp9tKRbD5dRc4RjwDI1PrJ5AHdn3IPv0HuBoRsuwdvZLmpAip1yqpxczR6rT4sSCt52-Aur4WnbiXk4p3IzVJw-i1YKcXpcikxYSBG_SjS_zPkSqGM47d6rk8DZD7HCjAOVSAQqCyLliPf_OAOz9_7fFLyF2RCHBn1Omszypkokk2E-6l7y0q_VdF9vHrRBcZFLa5VHT6Kz7AD2ZwC-dMpZehKvU4Y7rOt_MnbpswUT-_WU9dFXR91vPnNCJntHHrDqv8tkBMcx9AWQCtkEEfetqD1tvdSKYG6jUYYKwRfz1EFQcnKBv1qCkzkYLaiGtIBDS0MVYP5qzibGIhiFE_Yv0OnFEpPMpP-eyVFRiq4lTTVhS9aUKC2s0xWyvvq3jv0NTZLtsE44F0Ns3lHAU6Koz7Bn8TMl2pDAIOvbG-ziR8ddZQZZ7eozt4srRXnrwzb3YC5gVdGAwwWaC2gSdcB6KimZ1t2f_rIjpMbzVfh_CQccxMkYcawuKy02mjnkHyAYCY7-dhaa4z_3RIwumPFzxyCL0ZGFFbCSxBPYM8JWsASUTdAtmT5WeNUToY0uhGQU8IInS9uxEaKQgAEiXkaINwNPmrn__LxcCkCONoq9w312OkGFJcfKjNu1IXMYRlFV0KYAE&cry=1&adsafe_url=https%3A%2F%2Fwww.hawtcelebs.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:25860387-9ce7-c6ec-2a96-56ce88f843cc,c:nmC6MA,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-b5678d7-4b7lh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJyl+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:23,oid:aabf362c-2d43-11ed-9feb-6ac3184d5c1c,v:19.8.346,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 18F9 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
44491
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 05:32:06 GMT
etag
48472445140208031
expires
Tue, 06 Sep 2022 05:32:06 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame A8DD 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6812ab9716f06389dfc1736a8cda1a96ceb48608bad1c2705539ff837879763

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
dt
dt.adsafeprotected.com/ Frame 2F18 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=747557&asId=41a422a5-cf3e-e596-caf8-963a01ab86d2&tv=%7Bc:nmC6U4,pingTime:-10,time:776,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNS4wLjUxOTUuMTAyIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1662400417531%7C%7C8478d62a312f47eb64f619262f11ec50%7C%7C56c24cb524127a0f41136c1e5c39617f%7C%7C5315083566862f263461ae2b5a17f536%7C%7C615db0bf495fa35586ef2372a46fff67%7C%7Cb982599789059db7a82c4731577e5be7%7C%7C0f04d25b7620e3843fd5d2afe0978484%7C%7C5c294256cd46672eb006f54bddfc59dd%7C%7C1629390669,im:%7Bimprf:%7Bttecl:726,ecd:151,tsecr:130%7D%7D%7D
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
dt07.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 18F9
Redirect Chain
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBK5Un_ixY1Ues2gFNxZ_hY&google_cver=1&google_push=AehlK4BlRC3kJ4QDNwftADAUdoq7h2aiJRWmtGAgxhTSm5mCfO02oEpXYLQk5RDdaJbHY5sQuMC3XlCYpT1cQkDcy7-2wQ2y5g
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=OTEyMzQ5MDUwOTE0MjAyMjcyNg==&gdpr=&gdpr_consent=
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBK5Un_ixY1Ues2gFNxZ_hY&google_cver=1
43 B
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBK5Un_ixY1Ues2gFNxZ_hY&google_cver=1
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type
image/gif
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBK5Un_ixY1Ues2gFNxZ_hY&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
current
dclk-match.dotomi.com/match/bounce/ Frame 18F9 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEL4TmBQCx95TT7-c6WVHTiA&google_cver=1&google_push=AehlK4DVBKzPsb317B4gNFGDB_zlCU7GJN47eMYMvY9leViW-KCejVBkP77w5vLO3HGgTGdClyFrFkM8G8-D8LnXNjyUlt8_gg
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame 18F9
Redirect Chain
  • https://um.simpli.fi/gp_match?google_gid=CAESEIcX5iS83gRMf-_y0R6QzzE&google_cver=1&google_push=AehlK4AL56_RsjbBOFI3QPnkUSmN-yeQV8Z7Vn-NY_973AB0SxdpajRVMgA3YFUmX2qE7IOF_3UclL0VWhUQCqbmwMSFnDPlXVM
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5D9933849A804BA5AAB6492B629A2880&google_push=AehlK4AL56_RsjbBOFI3QPnkUSmN-yeQV8Z7Vn-NY_973AB0SxdpajRVMgA3YFUmX2qE7IOF_3UclL0VWhUQCqb...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5D9933849A804BA5AAB6492B629A2880&google_push=AehlK4AL56_RsjbBOFI3QPnkUSmN-yeQV8Z7Vn-NY_973AB0SxdpajRVMgA3YFUmX2qE7IOF_3UclL0VWhUQCqbmwMSFnDPlXVM
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5D9933849A804BA5AAB6492B629A2880&google_push=AehlK4AL56_RsjbBOFI3QPnkUSmN-yeQV8Z7Vn-NY_973AB0SxdpajRVMgA3YFUmX2qE7IOF_3UclL0VWhUQCqbmwMSFnDPlXVM
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 04 Sep 2022 17:53:37 GMT
pixel
cm.g.doubleclick.net/ Frame 18F9
Redirect Chain
  • https://ads.yieldmo.com/exptsync?google_gid=CAESEISw_C7TK7orspKMwQW7GY8&google_cver=1&google_push=AehlK4Ax1goZsNZOaTeHtdHxo_Mf7Es0jUp8MlPxsASD793TcVo9dtkZIfZ1SEefc2z3A_m1pLnFohsq94aZuGYSizQhhVPpgrE
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AehlK4Ax1goZsNZOaTeHtdHxo_Mf7Es0jUp8MlPxsASD793TcVo9dtkZIfZ1SEefc2z3A_m1pLnFohsq94aZuGYSizQhhVPpgrE&google_hm=ZzRmMTJmYWRlYThjNGQ5Z...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AehlK4Ax1goZsNZOaTeHtdHxo_Mf7Es0jUp8MlPxsASD793TcVo9dtkZIfZ1SEefc2z3A_m1pLnFohsq94aZuGYSizQhhVPpgrE&google_hm=ZzRmMTJmYWRlYThjNGQ5ZWUzNzY=
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
location
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AehlK4Ax1goZsNZOaTeHtdHxo_Mf7Es0jUp8MlPxsASD793TcVo9dtkZIfZ1SEefc2z3A_m1pLnFohsq94aZuGYSizQhhVPpgrE&google_hm=ZzRmMTJmYWRlYThjNGQ5ZWUzNzY=
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
0
sync
ssbsync.smartadserver.com/api/ Frame 18F9 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEJvaiWzcEt0HIrnfdfWFUUo&google_cver=1&google_push=AehlK4DBz-n4_fnJEyqRCGMJurxJD0TeJ22LNQFMcJTQ4m4DaysGYs-8E9XYMi6FaQO8zHxwjFFHmIKNuNHt79Ikzh_cCL34fro
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.102 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:37 GMT
content-length
0
um
cs.emxdgt.com/ Frame 18F9 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.emxdgt.com/um?ssp=google_ob&google_gid=CAESEJ9ivJDWSfcKETEGcOBsDS8&google_cver=1&google_push=AehlK4BYa5CzVPi5tuKfNZ09PX2bHOhTnqJzwURt5umC5fNjUQJA8UBXkvYt6IlK-Tx6O5XeMK2uWfJOCs3YTKmWzX_QNVj8U23N
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.71.169.66 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-169-66.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:37 GMT
content-length
0
content-type
text/html
/
b1sync.zemanta.com/usersync/googleadx/ Frame 18F9
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEHS_dmz2JkYF92pkPd9zIw8&google_cver=1&google_push=AehlK4Cekq608RvqsGXjEz7XLQJDWnSrVhL29N9-JzbtxazFSouYOzjI_WOIrY1fROps6r5RSur7_FF9ufz7f...
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEHS_dmz2JkYF92pkPd9zIw8&google_push=AehlK4Cekq608RvqsGXjEz7XLQJDWnSrVhL29N9-JzbtxazFSouYOzjI_WOIrY1fROps6r5RSur7_FF9ufz7f...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AehlK4Cekq608RvqsGXjEz7XLQJDWnSrVhL29N9-JzbtxazFSouYOzjI_WOIrY1fROps6r5RSur7_FF9ufz7fMyKGIZlHFy3TY2W&google_hm=cjItS3VPMnFXQS1MTFRP...
  • https://b1sync.zemanta.com/usersync/googleadx/?google_error=5
26 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b1sync.zemanta.com/usersync/googleadx/?google_error=5
Protocol
HTTP/1.1
Server
64.202.112.63 Lovettsville, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:38 GMT
Content-Length
26
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://b1sync.zemanta.com/usersync/googleadx/?google_error=5
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
258
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 18F9 		0
13 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IiScTcmCRAlY4zsad2RzyOWdiLsKPrcvENSSdNdheWzZL1QcuuqkWt82R8-1XUBhhurpwDLqU
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:37 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
activeview
pagead2.googlesyndication.com/pcs/ Frame 3468 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss2kyO1m21odi5-7wUm0lkedxpkXOVlP30jqKTAZcYF4Mnxiea3--xqAk-p6JYlKiLl3fcR2XU4VTebyYTnAlxEPOTOlhskkdlqFb_DBBVDTaTj88IWxvdDj4JIDnIkT-Cgkbo8DnE&sai=AMfl-YQYCImdaRGPN2Y9-LnnUhWYiZZKAfx0nUrClubN1JA_EPn5VFcMxPz4OY6tjbAxjcObZohNc2NVEERAi1uNLhhiwZQeYVDryWKLBHYAW1Efc41u47i1sPpbWbjx-Is&sig=Cg0ArKJSzH85Sl8B-uZBEAE&id=lidar2&mcvt=1001&p=1110,436,1200,1164&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220831&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=3331030943&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662400416242&rpt=381&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 2F18 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssST5D6MH452lTHpcaFcQn8DA52rxgWg5vPGcVRBfMnn1reTxmNHJC1eqhkM6_CPsLCmqxcgnyaAsw_6ux3Gkbe_j1WPpcRB51iFQtdrv3usVHZIRYQymzvjGG0ZuS-3eC-jZ7lvp8&sai=AMfl-YTEXmslsLtLbuB9KHzCOrWbztKiPyohKrtq0s0chZL8SVuGmdWST1zF0UdxwmjCcLgSfp2yYoTYJxUX56t0pTi-HsR-pwyZDYsCOFgdo07bKrw_CdRAwafCSlLS8Ng&sig=Cg0ArKJSzCd_vYnHvFFVEAE&cid=CAASJ-RoxOBMqlCy_GP8qJJK3szF92RAOufYOzU1cJgsfUMvQ1Q4JyRDwSAN&id=lidar2&mcvt=1004&p=400,272,1000,432&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20220831&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=933870500&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662400416336&rpt=310&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame A8DD 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=266706&asId=25860387-9ce7-c6ec-2a96-56ce88f843cc&tv=%7Bc:nmC6Wt,time:636,type:e,im:%7Bpci:%7Btdr:540%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:636,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B629~0%5D,as:%5B629~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:511,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-server-name
dt20.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
gen_204
pagead2.googlesyndication.com/pagead/ Frame B57D 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5miOoDcWY8W0N-6g9u8PwdeAwAcAAAAAOAHgBAI&bg=!1dal1pLNAAZTikH4c4o7ACkAdvg8WlHlDM87uAdwE7Wxei94YV_n_OeZcMGuTyzdWCkmJU4FXuj4_wIAAADzUgAAAAJoAQeZAuy1joMI6qzrpaII5xtu19sQwH2LlOrHLmrNpwbyOJWrWOQXqflMsc6UtnJrsMkSaFUu7d8Ir-kI4q_DLfYBm0qlPLXMxINzzCGpoGj0E6rcvZKHS4cOs3Rv_R1Mw8dIlAOTSYE2DOV2DkYg5lQEk9QIiLnRsj1KmHsnUNaWNqYxotrnyYihNdsBcxZKbCApUKj6afDAWY7nhmpwuiGsQ7BDSgm-DEhJJ6z_ywZQd7xyOp3D3Ax3vgMEsmjG-9Bl7X3zY5KwKPWMV40V-96opTP2SeO901eAq1PaTWz_xT6VWv9K1UcVZm3k9iXaOv2WFqyvfB3F5Kh6pMXJ8CUuVRqgi7pgByLiZKp_nNuXUEbhEIuzkStRQOGRfFm3hmISck4ANxYj2qq8HKB4lDEcO6vJAQGypzkGnqUzEU3DhJJiBS_JSXkuXWvaO1PVkjUMPluZGCtaHExMng1ZQBhijpWpcZS4DdDc__LAGEwinJr3N7DsM80em2UuQfabrZGsHad-zHfAZh4dkS4zox_7clgcnKTwf8rxC0md5Z8UxieATHLsglhx9wiIlfB49x9k7DrzMkEXiykA3dmcY9rT63-8lVDMKeasZ8uUz_3SDTrKzgXo3EjDQ1vJLzgKTl3hgkDYzNykY_FKnWV1znu0eUP1qrMdUoF-T06cySZhEWkrl6CdZ5Sfxu0I9vKc2Zmg1CXbOhFxOZ_lRX1HQu4hyKyueUDBukOM-LFZzz_YL1l6qr5wRkojXCG1MoT8rw0SpNTKiBPA8-PjB9EAA3Y6hRkuSCCusg99xW3BpU3yLfflMxdgXrsClLSjWbXm0eG8XXQvqKh7ajsVv_ZXm3NQVT7UPulwvfVoe59RJJ1KdGXd03RdqV2dULZeUjhSaAcXuRT7wjnSVnrgxOuKB7VGfROpkbbTYOzvQIyx_839JwXgeSkCxiPAyRtBILdb27YhJ75RSWyGORq7V3DTH4hVjs1rSRKNkKD9DOw9bbB3
Requested by
Host: 76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
URL: https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 12D8 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssFSQZ9Om_QdRTiK9jvLwDSR4GENstniXdwHdiQ0ry7Ye7QowDK_yrFoLZpVaPUb0tdtfg67zfImluYHmLr6Q6UN5MZ2I_idBtHtUmPKRK3yVrLHkJ62wvrXZ32vvudUWnwDKo4MTM&sai=AMfl-YT6Ya3lnbhWUh_wxzfQCkCOhMFK6VZpOwsLdsKh6L04EHHDguWxLhWwdi719QWULCsafpXCoa4TV8SmGx4drjHyuJPFYje-HJ1fMrzpb3-UYIBcP4zrTw7o7g2edQ4&sig=Cg0ArKJSzJj0jUX35Id7EAE&cid=CAASJ-RoZvhQxpian2Jp3-jrJ6DrLe_V6YtINQemI5aFIL6Kai9JExuH4w&id=lidar2&mcvt=1000&p=760,1288,800,1329&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220831&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=977961488&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662400416230&rpt=432&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:37 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
choice.js
quantcast.mgr.consensu.org/choice/274pYeudnKvDs/www.hawtcelebs.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/choice/274pYeudnKvDs/www.hawtcelebs.com/choice.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:ac00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
747e8f5454d77ac3ee2339c3490cb7b805d59d7fedd4cc0682ae6ed9c33b7d25

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
gzip
last-modified
Tue, 09 Feb 2021 19:08:19 GMT
server
AmazonS3
age
36
etag
W/"9de17307c4f74768ad3438dca5916747"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1c5b98f7bd5001d6fe1040daa237afc6.cloudfront.net (CloudFront)
cache-control
max-age=900
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
7rNliejAzcPpUS5Tooomd6U3XSA1BUwAQeh4jtyyMrlHgowVbizSYQ==
036e05035cbef88431e89138f2969605.json
services.vlitag.com/cli/ 		42 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.vlitag.com/cli/036e05035cbef88431e89138f2969605.json?hn=https://www.hawtcelebs.com
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97b618e87e984d8ba90dd9c1cd24f05b2ebfbb86c4df375e6e925c51cb2cf1b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
cf-cache-status
BYPASS
server
cloudflare
x-robots-tag
noindex, nofollow, noarchive, nosnippet
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
private, no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
7460d3554e369a18-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
42
expires
Fri, 01 Jan 1990 00:00:00 GMT
style.css
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/ Frame 9E2B 		2 KB
476 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
06088b6c97afefd5ed093b317cde3f3244db86e4ad054ee13cfd35624505d843
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
447
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-10995097-8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
2861
date
Mon, 05 Sep 2022 17:05:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Mon, 05 Sep 2022 19:05:57 GMT
rtads
api.whizzco.com/demand/v1/ 		386 B
697 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/demand/v1/rtads
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:3c4d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8662ca4bbed9b82502df0283b2ffcad71297c5ed7255a5acdc47392d0de8dacc

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lx5a5nOrtTenDOfD7w69BE2XzFvrA3I7XlqZjr9Tee6WG%2BtYFZggwWZQOw%2BS%2BnO4pJcvZu%2F2ZEO69nJmQILxdE29xzvVzOESq%2FKhkWlkAqNljroXWvvgZVhwJmjHYhh56WKlBi3WLQ75cgnnvoo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.hawtcelebs.com
access-control-allow-credentials
true
cf-ray
7460d3579c849280-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
rtads
api.whizzco.com/demand/v1/ 		386 B
694 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/demand/v1/rtads
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:3c4d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cfe9d2a70f9919f53598025d888d804010cf399d2d67248dd207b3009b9e20fd

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RCz4JYqG726iZdJ4hNjbWHpckuYJjDLPqPHCe%2Bavm5PhhkAMeP%2BeFmAJ3TKDVGWNcfqAhES1Ljl7kDKw5AaRcOmFnIbEhMhivkNXT246AFDvDB0JP8Z%2BF4i0JXiX6E6n7rCj6vWi1P9zAyOS73U%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.hawtcelebs.com
access-control-allow-credentials
true
cf-ray
7460d3568ab89280-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
img.fetch
udmserve.net/udm/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://udmserve.net/udm/img.fetch?sid=17047;tid=1;ev=1;dt=8;
Requested by
Host: bid.underdog.media
URL: https://bid.underdog.media/inpageLoader.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
68.71.249.118 Toronto, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:37 GMT
Connection
Keep-Alive
P3p
NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Content-Length
1
Content-Type
application/x-javascript
widget_v3.js
cdn.whizzco.com/scripts/widget/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.whizzco.com/scripts/widget/widget_v3.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:3c4d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f31ed4edda66b286ae5e18c8a4e87d66bd6e87869a0ed339788cd5b97ba65c28

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
via
1.1 0d4b487d54766de7560aa02de852bbf8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6501
x-cache
Hit from cloudfront
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 29 Jun 2022 11:01:29 GMT
server
cloudflare
etag
W/"25c382bb07747b1cf6e92ca18709afe2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZN2%2Bj0dSPv4We6PTABqH5H4cJ8DaJPXz1dmD08p%2BYkztQ%2Fu7RfuAEzuopgY%2FSa5XnuGPUgp5jvU8ZDsf4sHwGX42N9d4KIsBP6ahdJXpD3xjGLWhuT0rAxWfBv0X6rzUbyRXl7GL5wUJX4BlCyk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
x-amz-cf-pop
FRA56-C2
cf-ray
7460d35548259280-FRA
x-amz-cf-id
OQrLOFrsIVBj6E3alae1colO98I7wtYBINq_cExJM09P8Iz3kU1blQ==
js15_as.js
s10.histats.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:47:13 GMT
content-encoding
br
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip
137.74.120.0/27
etag
"-375139978"
x-cacheable
Matched cache
content-type
application/javascript; charset=UTF-8
x-cdn-pop
sbg
accept-ranges
bytes
content-length
4364
x-request-id
664602039
/
t.dtscout.com/i/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&j=
Requested by
Host: waust.at
URL: https://waust.at/c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.114.209.61 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns515688.ip-167-114-209.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:38 GMT
X-T
0.904
Server
nginx/1.10.3 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
no-cache
Connection
close
X-S
mtl1
Expires
Mon, 05 Sep 2022 17:53:37 GMT
e.js
live.demand.supply/x/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.demand.supply/x/e.js?ce=fs&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20vbG9yaS1oYXJ2ZXktYXJyaXZlcy1hdC1reWxpZXMtY29zbWV0aWMtZXZlbnQtYXQtdWx0YS1iZWF1dHktaW4td2VzdHdvb2QtMDgtMjQtMjAyMi8=
Requested by
Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.0.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01GA7CT1JJKHVHP0PEM8BDC7G3
date
Mon, 05 Sep 2022 17:53:37 GMT
cf-cache-status
HIT
age
1083321
cf-polished
origSize=2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1
cf-bgj
minify
server
cloudflare
etag
"5ecd4befd56aa15b2eb9a01d037ae72a-ssl"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=2592000,stale-if-error=604800
accept-ranges
bytes
cf-ray
7460d353ff4b9945-FRA
rrv7.js
bid.underdog.media/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bid.underdog.media/rrv7.js
Requested by
Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.13.11.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:e000:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
80897a36c678f0d100c834f87cf84c8714280fca3b4b6d54789e7fe623c3cdac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 16:10:15 GMT
content-encoding
gzip
last-modified
Mon, 05 Sep 2022 16:00:04 GMT
server
AmazonS3
age
6203
etag
"51625e157b00ff257202f1c33f98f7cf"
x-cache
Hit from cloudfront
content-type
application/x-javascript
via
1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
cache-control
max-age=7200
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
2422
x-amz-cf-id
ISWxc8pTjPWWNEnae782I2iGHEbOffPq7m8R7QfaOXHmEia0nt5EIw==
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022083101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2baba68f09aecd7f95e6d229d960917c11413ab8d53d5b2b658d5c2ea6eab50f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 17:53:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11090
x-xss-protection
0
/
whos.amung.us/pingjs/ 		30 B
184 B 		Script
General
Check archive.org
Download Go to
Full URL
https://whos.amung.us/pingjs/?k=a9etg89wet&t=LORI%20HARVEY%20Arrives%20at%20Kylie%E2%80%99s%20Cosmetic%20Event%20at%20Ulta%20Beauty%20in%20Westwood%2008242&c=c&x=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&y=&a=0&d=2.014&v=27&r=9923
Requested by
Host: waust.at
URL: https://waust.at/c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
efb8441e1d1a942b1e1c4f7429807697dd3de9d75e79f4d810d23e9ea2e20cb6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7460d35549cc91dd-FRA
content-type
text/javascript;charset=UTF-8
txt2@2x.png
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/txt2@2x.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4bec36848b4a5b17b25b7b18ddba27a18bea080c37930a4c49e2ddef3f0d95c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3849
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
txt3@2x.png
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/txt3@2x.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fbe68d2096a22ed9e9c11b8479ab4b14da08bc7c880dbb96d157675fd4b07466
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3133
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
txt4@2x.png
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/txt4@2x.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5883c35c5c29d4a5673e0dc4aadc41edeae09d0568d9866cc6aaf772d9a13aa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2329
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
txt5@2x.png
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/txt5@2x.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc82d793e3df1253015d924a000cbd4117c937feb63a9d5a282a3aaf33f8fbca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5719
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
stoerer@2x.png
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/stoerer@2x.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eadd50c6c9f17bbd3e3092c3496f79427c2393e6775300c2c8bc875046c4e117
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1555
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
logo2.svg
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/logo2.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60f0f055fc233f379cbcb4136087ea4d530b57731cce0d2998ae9ba45f6eae13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1053
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
bg2@2x.jpg
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/bg2@2x.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
870ccfae9a88437d68df37822b45c72403af9c00ab70a63613372c29a8e4dcff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32819
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
bg3@2x.jpg
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/bg3@2x.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0ae639e0cde2de5bc87a9be00c1cdba547d96a341ec868df34a53892aedcc700
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46161
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
legals@2x.png
s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/ Frame 9E2B 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/img/legals@2x.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a794c35044ca9879e32662eff76289949b2b993196b8e295ccdb29d243d72c5e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8390757050450291665/50-IWE-Sondermodelle-HalfPage-300x600-Range/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:20:42 GMT
x-content-type-options
nosniff
age
37975
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12865
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 14:41:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 07:20:42 GMT
dt
dt.adsafeprotected.com/ Frame 2F18 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=747557&asId=41a422a5-cf3e-e596-caf8-963a01ab86d2&tv=%7Bc:nmC72l,pingTime:1,time:1289,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:160,h:600,t:216%7D,%7Bpiv:0,vs:o,r:l,t:260%7D,%7Bpiv:100,vs:i,r:,t:288%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:288,n:260,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:216,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B58~1,0~0%5D,as:%5B58~160.600%5D%7D%7D,%7Bsl:o,t:260,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B28~0%5D,as:%5B28~160.600%5D%7D%7D,%7Bsl:i,t:288,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~160.600%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:269,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15*.747557-55375942%7C151%7C1521%7C16%7C17.266706-51196687%7C171,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-server-name
dt07.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame 2F18 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=747557&asId=41a422a5-cf3e-e596-caf8-963a01ab86d2&tv=%7Bc:nmC72l,pingTime:1,time:1289,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:160,h:600,t:216%7D,%7Bpiv:0,vs:o,r:l,t:260%7D,%7Bpiv:100,vs:i,r:,t:288%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:288,n:260,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:216,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B58~1,0~0%5D,as:%5B58~160.600%5D%7D%7D,%7Bsl:o,t:260,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B28~0%5D,as:%5B28~160.600%5D%7D%7D,%7Bsl:i,t:288,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~160.600%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:269,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15*.747557-55375942%7C151%7C1521%7C16%7C17.266706-51196687%7C171,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-server-name
dt05.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083101.js?cb=31069312
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 05 Sep 2022 17:53:38 GMT
rtads
api.whizzco.com/demand/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/demand/v1/rtads
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:c1dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.hawtcelebs.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, HEAD, OPTIONS
access-control-allow-origin
https://www.hawtcelebs.com
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7460d3554d1f9b63-FRA
content-length
0
date
Mon, 05 Sep 2022 17:53:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NjfOtbhs1%2Fe9Jbx8LoI%2Bfg55tV5evHm801Ew7S7bLN3H9q76Y06qzr1YGjHRA3nNXOe8WZ%2FFSoa0MjFdxAWtYXoj517W6%2BvOjsnF4b1FFBHHQMCvpQuosSi6yx%2BAoHbP1r%2FXrUoqf%2Fy%2Fu37omvA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
rtads
api.whizzco.com/demand/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/demand/v1/rtads
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:c1dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.hawtcelebs.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, HEAD, OPTIONS
access-control-allow-origin
https://www.hawtcelebs.com
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7460d3554d219b63-FRA
content-length
0
date
Mon, 05 Sep 2022 17:53:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6FxCs9u7WVO61ESr9MNBSCLwwEiPJdIUD%2Fn1RfNTCftDMjKk04u6zqyJrgnQu%2Bst5Pkd3VDTA0OK9L0tXwSCaZo6PJBIA6JTte0zDiLPXXXNARXw4%2FuXaeU5p560GvdFgJ8QFBMeDTCOZn2ZK1A%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
dt
dt.adsafeprotected.com/ Frame A8DD 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=266706&asId=25860387-9ce7-c6ec-2a96-56ce88f843cc&tv=%7Bc:nmC73I,pingTime:-10,time:1085,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNS4wLjUxOTUuMTAyIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1662400417531%7C%7C8478d62a312f47eb64f619262f11ec50%7C%7C56c24cb524127a0f41136c1e5c39617f%7C%7C5315083566862f263461ae2b5a17f536%7C%7C615db0bf495fa35586ef2372a46fff67%7C%7Cb982599789059db7a82c4731577e5be7%7C%7C0f04d25b7620e3843fd5d2afe0978484%7C%7C5c294256cd46672eb006f54bddfc59dd%7C%7C1629390669,sca:%7Bspg:41a422a5-cf3e-e596-caf8-963a01ab86d2%7D%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-server-name
dt24.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
quant.js
secure.quantserve.com/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/274pYeudnKvDs/www.hawtcelebs.com/choice.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
32cf0a8fe53899cf276cb12df8c8f5f1558bfb49a803502eda8296818dafef6f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
gzip
etag
"3K3nn1ChiYCKxJYFUmbsHw=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 12 Sep 2022 17:53:38 GMT
rules-p-274pYeudnKvDs.js
rules.quantcount.com/ 		209 B
690 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-274pYeudnKvDs.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:c800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
622b74d92de99976237a5e7bb3b9ad30946dc327776687f379925b889a3ccc5f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:52:54 GMT
via
1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront)
age
47
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
209
last-modified
Sat, 20 Aug 2022 00:04:52 GMT
server
AmazonS3
etag
"6f22be833c0331be41d8b63f5350f98c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-pop
FRA56-P2
accept-ranges
bytes
x-amz-cf-id
-oVOYrerT1Msm4sVTYS9VjJeC6gJOBqTCOplaKNNC8vDdIlEo0PJbg==
cmp2.js
quantcast.mgr.consensu.org/tcfv2/ 		177 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/274pYeudnKvDs/www.hawtcelebs.com/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:ac00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
64f2f1f02fc851d4d6bdaab153f5511584d04c8fbe30742a2acedc68f955d547

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:52:53 GMT
content-encoding
br
age
47
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Tue, 02 Aug 2022 14:10:55 GMT
server
AmazonS3
etag
W/"805f78a1dab7fe51dfcd464bfbbbcf04"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 1c5b98f7bd5001d6fe1040daa237afc6.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-meta-qc-ineu
True
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
Xa99vTpJIIeIV1MEh95SCkldS5rexHt04pHDs2m5TxYRcDNJWi_VsQ==
pixel;r=1867137520;source=choice;rf=3;a=p-274pYeudnKvDs;url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F;uht=2;fpan=0;fpa...
pixel.quantserve.com/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1867137520;source=choice;rf=3;a=p-274pYeudnKvDs;url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F;uht=2;fpan=0;fpa=P0-1939739575-1662400416343;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;cm=;gdpr=0;ref=;d=hawtcelebs.com;dst=0;et=1662400418136;tzo=0;ogl=;sxl=1;sxc=1;ses=1ba60270-749b-4fd1-a543-7a7ab2cb6d83
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
0.php
s4.histats.com/stats/ 		51 B
185 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?1890596&@f16&@g1&@h1&@i1&@j1662400418141&@k0&@l1&@mLORI%20HARVEY%20Arrives%20at%20Kylie%E2%80%99s%20Cosmetic%20Event%20at%20Ulta%20Beauty%20in%20Westwood%2008%2F24%2F2022%20%E2%80%93%20HawtCelebs&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:183857597&@b3:1662400418&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.27.80.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns558056.ip-198-27-80.net
Software
/
Resource Hash
aa6a905eb7934dbc86046cbce12a7acbe70e164aee97cc22bdc3f0d0b6f8f1e0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:38 GMT
Connection
close
Content-Length
51
Content-Type
text/html;charset=UTF-8
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1150634113&t=pageview&_s=1&dl=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&ul=en-us&de=UTF-8&dt=LORI%20HARVEY%20Arrives%20at%20Kylie%E2%80%99s%20Cosmetic%20Event%20at%20Ulta%20Beauty%20in%20Westwood%2008%2F24%2F2022%20%E2%80%93%20HawtCelebs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=304568909&gjid=687392489&cid=2047397849.1662400416&tid=UA-10995097-8&_gid=1080799578.1662400418&_r=1&gtm=2ou8v0&z=107522650
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C913 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hawtcelebs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3619
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 16:53:19 GMT
expires
Tue, 05 Sep 2023 16:53:19 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 764D 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5eee320d1f273041599430af56fea5fb24fe0dfa95fc24a0254d6d8fea0578ea
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-pj7xXFMKL2uoPhP2FSCUdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hawtcelebs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-pj7xXFMKL2uoPhP2FSCUdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 17:53:38 GMT
expires
Mon, 05 Sep 2022 17:53:38 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
pixel
pxl.qccerttest.com/ 		35 B
547 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pxl.qccerttest.com/pixel?r=769312202;fpan=0;fpa=P0-1939739575-1662400416343;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;ref=;cm=;gdpr=0;d=hawtcelebs.com;dst=0;et=1662400418184;tzo=0;url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F;ogl=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:600:11:615:7240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 02:29:19 GMT
via
1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
55460
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000
content-length
35
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Aug 2022 16:01:04 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"55d25e9dc950d5db4d53a3b195c046c6"
vary
Accept-Encoding, Origin
content-type
image/gif
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
x-amz-cf-id
BcRsNu9a5Fy4BT59pZCNkeeLyhDa9o0X_71ir6u5h5-0D4y6tB7bCw==
cmp-list.json
test.cmp.quantcast.com/GVL-v2/ 		10 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://test.cmp.quantcast.com/GVL-v2/cmp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:8200:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cd0564106c40c0d22e2b8fd12f552d0beb6bc1f44d0e9e1a744ff86a811d1ebb

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 03:00:35 GMT
content-encoding
gzip
age
53584
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Thu, 01 Sep 2022 19:55:38 GMT
server
AmazonS3
etag
W/"6956b949229e4f70c6801a6ba073ae1e"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
7JVvY2BjkVZ63YlCse_n1XAdPqJrPXIl
via
1.1 816b7f4e336674d9d7828ef4700482e8.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA60-P4
content-type
application/json
x-amz-cf-id
vE1iOd4--Q5ljD4Ndh-UQGTcXyx8Rzg-bN20rEDn8LGDxnqooFvbOw==
dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
pagead2.googlesyndication.com/bg/ Frame C913 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74c50cc0a947464285c66df6e20bbfb2137624119faf6ad94489cb3f5bcc8aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 14:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13595
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15929
x-xss-protection
0
last-modified
Mon, 29 Aug 2022 10:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 14:07:03 GMT
/
t.dtscout.com/pv/ 		51 B
319 B 		Script
General
Check archive.org
Download Go to
Full URL
https://t.dtscout.com/pv/?_a=v&_h=hawtcelebs.com&_ss=25709ivtna&_pv=1&_ls=0&_u1=1&_u3=1&_cc=de&_pl=d&_cbid=4xjd&_cb=_dtspv.c
Requested by
Host: t.dtscout.com
URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&j=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.114.209.61 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns515688.ip-167-114-209.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9e8489d17b92714a6051efe7cde72157a687dddaf04d7b8d971861c5227736b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:38 GMT
X-T
0.175
Server
nginx/1.10.3 (Ubuntu)
Transfer-Encoding
chunked
X-C
0
Content-Type
application/javascript
Cache-Control
no-cache
Connection
close
Expires
Mon, 05 Sep 2022 17:53:37 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 764D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022083101&jk=2233394363979607&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
tc.js
cdn.tynt.com/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.tynt.com/tc.js
Requested by
Host: waust.at
URL: https://waust.at/c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.173 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
937458495c30f567aeafe715f0164bfe061ab17aee4a34aabbf191f69a6d32ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 21 Jul 2022 14:57:29 GMT
server
cloudflare
age
96949
etag
W/"62d96959-4599"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7460d35698ee5caa-FRA
expires
Thu, 08 Sep 2022 17:53:38 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a682ad13e1535e4077c573179247c072d7891ad507c73b7466163562f6c2fa8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/gif
collect
stats.g.doubleclick.net/j/ 		4 B
444 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-10995097-8&cid=2047397849.1662400416&jid=304568909&gjid=687392489&_gid=1080799578.1662400418&_u=YAhAAUAAAAAAAC~&z=1744168634
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 05 Sep 2022 17:53:38 GMT
content-type
text/plain
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
vl.json
services.vlitag.com/vld/1661918462/ 		13 B
269 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.vlitag.com/vld/1661918462/vl.json?page_url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
cf-cache-status
HIT
last-modified
Fri, 02 Sep 2022 05:01:15 GMT
server
cloudflare
x-robots-tag
noindex, nofollow, noarchive, nosnippet
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cf-ray
7460d356685e9a18-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13
036e05035cbef88431e89138f2969605.json
services.vlitag.com/obj/1661918462/ 		34 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.vlitag.com/obj/1661918462/036e05035cbef88431e89138f2969605.json?cc=DE&hn=https://www.hawtcelebs.com
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6594daa4a32cee545d09e8e20b8b4a486b83bc9efb70b23c0cbb00a6c0d523af

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 31 Aug 2022 04:01:28 GMT
server
cloudflare
age
481929
x-robots-tag
noindex, nofollow, noarchive, nosnippet
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
public, immutable, max-age=31536000
cf-ray
7460d356685f9a18-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cmp2ui-en.js
cmp.quantcast.com/tcfv2/43/ 		247 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp.quantcast.com/tcfv2/43/cmp2ui-en.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:f400:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
efc4dde25a5a7430ac92a98e5ea5a91ce49f3c45e8791581c999da75221b1264

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 08:51:37 GMT
content-encoding
br
age
32521
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Tue, 02 Aug 2022 14:10:37 GMT
server
AmazonS3
etag
W/"cdd513c37d4fc734e0fb03e5d9e813a7"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
AFDPT8FXAsUyAitassN3bZdWw-9dN1EBVkTwFqfBibS0Vxspb3yQ5w==
vendor-list-trimmed-v1.json
cmp.quantcast.com/GVL-v2/ 		344 KB
42 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:f400:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
318a7d79cfb6e344178edb59d37bd784b530d4cd6369719dacfdb2c6671b3437

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 03:00:39 GMT
content-encoding
br
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
53580
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Mon, 05 Sep 2022 03:00:33 GMT
server
AmazonS3
etag
W/"e3b01197d3c5fa12af2d7fb54c4ebbc9"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
YdmqGQQnQgPFvzkrCVVNnejakqvdQayeFGNFgc1ZnYupMC1s8CDBrw==
google-atp-list.json
cmp.quantcast.com/tcfv2/ 		152 KB
36 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cmp.quantcast.com/tcfv2/google-atp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:f400:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6953a02cce2f1567279e384ff55658bf8acc64ae72afe6afbe1da9ba9a41cb18

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 03:00:29 GMT
content-encoding
br
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
53590
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Mon, 05 Sep 2022 03:00:26 GMT
server
AmazonS3
etag
W/"483e3c223f50692e326e740a4b72be5b"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
cwj9kEk8XxjapH_jWp4_uD6DAC1r6jddC_pLnwSSg-r5d7Yi55wbmQ==
prebid-7.11.0.js
assets.vlitag.com/prebid/default/ 		526 KB
155 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.vlitag.com/prebid/default/prebid-7.11.0.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1c8a6645bbd557b6f18a1250e649337822e02189e85bfd404320ba52b11c690
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
981717
cf-polished
origSize=540102
cf-ray
7460d356ca7e6993-FRA
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Mon, 22 Aug 2022 07:32:45 GMT
server
cloudflare
etag
W/"6303311d-83dc6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=16070400
x-robots-tag
noindex, nofollow
expires
Thu, 25 Aug 2022 09:41:34 GMT
gpt.js
www.googletagservices.com/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d162942e00d8e9beb4aad8a89aa7cd40336e4c5875d4cce97d4cf4bfd883db21
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28557
x-xss-protection
0
server
sffe
etag
"1324 / 272 of 1000 / last-modified: 1662156382"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Mon, 05 Sep 2022 17:53:38 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ 		376 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7cda432fd42a7521a36ef8ea1cf96b14d1049e16f25c32d9fb78d71113267c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128229
x-xss-protection
0
expires
Mon, 05 Sep 2022 17:53:38 GMT
sf_host.min.js
assets.vlitag.com/plugins/safeframe/src/js/ 		38 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.vlitag.com/plugins/safeframe/src/js/sf_host.min.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
981717
cf-ray
7460d356ca7c6993-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 01 Nov 2019 05:04:50 GMT
server
cloudflare
etag
W/"5dbbbcf2-9806"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=16070400
x-robots-tag
noindex, nofollow
expires
Thu, 25 Aug 2022 09:41:34 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		166 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-4-10.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
37bdde71eda05551adae1974b43916d2fc58ca04bc1b8325aab65e2668152b66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 05 Sep 2022 17:36:19 GMT
via
1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront), 1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
last-modified
Thu, 01 Sep 2022 20:50:55 GMT
server
AmazonS3
age
1040
etag
W/"d9d3c87337955401df6a2e4474e61700"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-pop
FRA60-P1, FRA56-P6
content-encoding
gzip
x-amz-cf-id
p5kcLNm8Ocbd0ImB00hCUOoEVpBuV4SFQGSuvk5KAMfWWnAh9MiVSQ==
generate_204
tpc.googlesyndication.com/ Frame C913 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?NlvAdQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-10995097-8&cid=2047397849.1662400416&jid=304568909&_u=YAhAAUAAAAAAAC~&z=1201369105
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-10995097-8&cid=2047397849.1662400416&jid=304568909&_u=YAhAAUAAAAAAAC~&z=1201369105
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
audit-tcfv2.cmp.quantcast.com/ 		2 B
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://audit-tcfv2.cmp.quantcast.com/?log=%7B%22accountId%22%3A%22274pYeudnKvDs%22%2C%22domain%22%3A%22www.hawtcelebs.com%22%2C%22publisher%22%3A%22HawtCelebs%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.43%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%224rHc6iLEBI7fi7DodmBOXQ%22%2C%22clientTimestamp%22%3A1662400418487%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-p8nh7gtqs27byxhekl56%22%7D
Requested by
Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/43/cmp2ui-en.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.0.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-0-23.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 05 Sep 2022 17:53:38 GMT
content-length
2
content-type
text/plain; charset=utf-8
p
ic.tynt.com/b/ 		0
227 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1662400418523&dn=TC&iso=0&us_privacy=1---&t=LORI%20HARVEY%20Arrives%20at%20Kylie%E2%80%99s%20Cosmetic%20Event%20at%20Ulta%20Beauty%20in%20Westwood%2008%2F24%2F2022%20%E2%80%93%20HawtCelebs&cu=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
activeview
pagead2.googlesyndication.com/pcs/ Frame A8DD 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuzg9ZqjCePIfBzu041MzmtuBidzGH35XpN0ARoobTQYpC1tAl_hnUcLo8BUDNgF-KFRbTBTWsLGTpkxhSZpw3tahkjKyx8PaiXA4mhDZgZdpXtnnhB_fdIiIpTJdfoEAuO6frtzQ&sai=AMfl-YTsfcEJkS39MDdQSg3pY8vQj2cMRCqFMNUmJ4m7yvPRI8AYBeUsEKr8E3p5X-K6mtUZNKlEghJnwyZPk5q8l1HHEqAFz4E75gEie5UE_YLv8YTs_VzXcSMHTNCR&sig=Cg0ArKJSzFFuBux1YZehEAE&cid=CAASJeRog3A0-auf_8vFwKQI42ir3DfXY6QYUlx8qM27UhcxhGUVXQo&id=lidar2&mcvt=1015&p=380,1029,630,1329&mtos=1015,1015,1015,1015,1015&tos=1015,0,0,0,0&v=20220831&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2371207207&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662400416766&rpt=737&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-4-10.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id
tKimXuvhjexkvOlm5D.ynBWfUtiJgbbH
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
51390
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Wed, 24 Aug 2022 19:06:24 GMT
server
AmazonS3
date
Mon, 05 Sep 2022 03:37:09 GMT
vary
Accept-Encoding,Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA56-P6
x-amz-cf-id
winW7x02V8KB9ol1BUCNMKLATK6ZRTA4FhiKDCZIOAWAdmVf8WuCHg==
config
c.amazon-adsystem.com/cdn/prod/ 		0
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.hawtcelebs.com&pubid=9cf0c4f1-7630-476b-9141-f4472e005192
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-4-10.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 16:48:06 GMT
via
1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
server
Server
age
3932
x-cache
Hit from cloudfront
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-P6
x-amz-cf-id
pEbi_mg7ggaHDR54GsFcMhC2HzbqSOjqJW94uN4MHS1Cnvj1dHIL6w==
latest.json
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220905
Requested by
Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-7.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c515a9e91122b2d91367af628d94eeb7d734454ad32986a50b2144a53ee743d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
10361
x-jsd-version
1.0.1454
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
834
etag
W/"664-v7b9c+2B8TZhTaUVA2QiWV88GeE"
x-served-by
cache-fra19160-FRA, cache-hhn4025-HHN
x-jsd-version-type
version
date
Mon, 05 Sep 2022 17:53:38 GMT
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
492 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&pid=m7AD1wpIiYjUV&cb=0&ws=1600x1200&v=22.8.252032&t=1000&slots=%5B%7B%22sd%22%3A%22vi_7872651_7%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22Amazon%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%2C%7B%22sd%22%3A%22vi_7872651_8%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22Amazon%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&schain=1.0%2C1!interdogmedia.com%2C63%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-4-10.fra56.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
via
1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P6
x-amz-rid
288SX1KV05MRGKD402KQ
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
O2vIbHmaW7Jb-LffFcxFSHDUb3JEoVvBkfFawFs-22_mSpNhjuYRbw==
cc.jpeg
px.vliplatform.com/bi-v4/ 		0
545 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNKMRrtNrtl0zghRzdNAqTUttTy-MywP-PMYr-MBUK-eraATUYqPAwrRdzNwqfftkRlmNaKAbaARwlNqdqmgfRkjmNaKAbaARrdzNqdqmgfRwkjNARmNKYUZTRleNplRedhNgfRedh_ygkdqzNtdhznRedh_lgxketNgzitkRedh_znhtNurhkRxltk_qeethzNfgRzey_ctkNcY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:9e3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
cf-cache-status
MISS
last-modified
Mon, 05 Sep 2022 17:53:38 GMT
server
cloudflare
x-robots-tag
noindex, nofollow, noarchive, nosnippet
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5y0sGmOfPDHeYp5bns5L3%2FEUlDy8ul1KG2K8VxNIWY%2Bsm72i34dnUrO%2BfozmCyZnGYTOceCaO7Dj4gx06cdv5lDgQ%2BnKHjhkE296zeqM7gF9mJsPaLqF6Q57eepjB3jm35R9AMq7%2BOIoFNHAQk56Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d358999792c5-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
cc.jpeg
px.vliplatform.com/bi-v4/ 		0
280 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNKMRrtNrtl0zghRzdNywTZryAZ-UrtT-PqZa-MeeU-qAwrqrAqaqTTRdzNwqfftkRlmNKYMbaARwlNqdqmgfRkjmNKYMbaARrdzNqdqmgfRwkjNARmNKYUZTRleNplRedhNgfRedh_ygkdqzNtdhznRedh_lgxketNgzitkRedh_znhtNurhkRxltk_qeethzNfgRzey_ctkNcY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:9e3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
cf-cache-status
MISS
last-modified
Mon, 05 Sep 2022 17:53:38 GMT
server
cloudflare
x-robots-tag
noindex, nofollow, noarchive, nosnippet
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YvRsQxf8wWrOn6W1cnqzk8D%2F4YMNXGJURl%2F2U5eBhE3MYA%2Fbfg3S3SOBXE3XTZyIVOCuM1bIzSQLpXk0kjwPu%2B7sYfU6x%2BTCYxkbo%2BpuGuapxLPEGKW5wk4p%2FUrFvRDZyidkwhnDvQf8Kn%2FBCWJL4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d358999a92c5-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
494 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&pid=m7AD1wpIiYjUV&cb=1&ws=1600x1200&v=22.8.252032&t=1000&slots=%5B%7B%22sd%22%3A%22vi_78390_1%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22Amazon%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&schain=1.0%2C1!interdogmedia.com%2C63%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-4-10.fra56.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
via
1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P6
x-amz-rid
DESB1J93CV51S5RWY3G8
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.hawtcelebs.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
NhG3d6FU6OFHpcQWqSAfQeXv9JIS4lqvNOVSfaIv80-WUtQObVDL9Q==
1572962830.jpg
assets.vlitag.com/widget/2019/11/05/ 		192 KB
192 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.vlitag.com/widget/2019/11/05/1572962830.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31370f14534e5bb78d3da68b6cf0e72369feea1bd68aaeac1b61d07094aa1deb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
981720
cf-polished
degrade=85, origSize=227959, status=webp_bigger
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
196267
x-xss-protection
1; mode=block
last-modified
Tue, 05 Nov 2019 14:07:11 GMT
server
cloudflare
etag
"5dc1820f-37a77"
x-robots-tag
noindex, nofollow
vary
Accept-Encoding
content-type
image/jpeg
expires
Thu, 25 Aug 2022 09:41:35 GMT
cache-control
max-age=16070400
accept-ranges
bytes
cf-ray
7460d358d83d6949-FRA
cf-bgj
imgq:85,h2pri
1596163502.jpg
assets.vlitag.com/widget/2020/07/30/ 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.vlitag.com/widget/2020/07/30/1596163502.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5db53bf6a77148dae0aece6b6512e4a6bf94603af72e449a0f23ed03e8b96ff3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
981716
cf-polished
qual=85, origFmt=jpeg, origSize=140376
content-disposition
inline; filename="1596163502.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
106784
x-xss-protection
1; mode=block
last-modified
Fri, 31 Jul 2020 02:45:02 GMT
server
cloudflare
etag
"5f2385ae-22458"
x-robots-tag
noindex, nofollow
vary
Accept
content-type
image/webp
expires
Thu, 25 Aug 2022 09:41:37 GMT
cache-control
max-age=16070400
accept-ranges
bytes
cf-ray
7460d358e8406949-FRA
cf-bgj
imgq:85,h2pri
1648753746.png
assets.vlitag.com/widget/2022/03/31/ 		141 KB
141 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.vlitag.com/widget/2022/03/31/1648753746.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4eb2060150d9fc24ee035cb939a77e9d386616cbb36979dce9cf9276492e1ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
981716
cf-polished
origFmt=png, origSize=241444
content-disposition
inline; filename="1648753746.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
144498
x-xss-protection
1; mode=block
last-modified
Thu, 31 Mar 2022 19:09:07 GMT
server
cloudflare
etag
"6245fc53-3af24"
x-robots-tag
noindex, nofollow
vary
Accept
content-type
image/webp
expires
Thu, 25 Aug 2022 09:41:34 GMT
cache-control
max-age=16070400
accept-ranges
bytes
cf-ray
7460d358e8426949-FRA
cf-bgj
imgq:85,h2pri
1648753124.png
assets.vlitag.com/widget/2022/03/31/ 		395 KB
396 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.vlitag.com/widget/2022/03/31/1648753124.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49250ed8e3698633fe130e218b05ca9f44a8acb04833bd280c2ad570ffcc3cf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
981716
cf-polished
origFmt=png, origSize=658743
content-disposition
inline; filename="1648753124.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
404536
x-xss-protection
1; mode=block
last-modified
Thu, 31 Mar 2022 18:58:44 GMT
server
cloudflare
etag
"6245f9e4-a0d37"
x-robots-tag
noindex, nofollow
vary
Accept
content-type
image/webp
expires
Thu, 25 Aug 2022 09:41:35 GMT
cache-control
max-age=16070400
accept-ranges
bytes
cf-ray
7460d358e8436949-FRA
cf-bgj
imgq:85,h2pri
1592801729.jpg
assets.vlitag.com/widget/2020/06/22/ 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.vlitag.com/widget/2020/06/22/1592801729.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8341f341848ee9eec71870d976b0895ef1084190c2e0b0349d2ba1c9b9ef64e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
981716
cf-polished
qual=85, origFmt=jpeg, origSize=103053
content-disposition
inline; filename="1592801729.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
75514
x-xss-protection
1; mode=block
last-modified
Mon, 22 Jun 2020 04:55:29 GMT
server
cloudflare
etag
"5ef039c1-1928d"
x-robots-tag
noindex, nofollow
vary
Accept
content-type
image/webp
expires
Thu, 25 Aug 2022 09:41:34 GMT
cache-control
max-age=16070400
accept-ranges
bytes
cf-ray
7460d358e8466949-FRA
cf-bgj
imgq:85,h2pri
1572962870.jpg
assets.vlitag.com/widget/2019/11/05/ 		107 KB
107 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.vlitag.com/widget/2019/11/05/1572962870.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45fe766308841d0d4a2068ef014d83df899ef6623f6bb4bde509431657b1c707
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
981716
cf-polished
qual=85, origFmt=jpeg, origSize=151033
content-disposition
inline; filename="1572962870.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
109336
x-xss-protection
1; mode=block
last-modified
Tue, 05 Nov 2019 14:07:50 GMT
server
cloudflare
etag
"5dc18236-24df9"
x-robots-tag
noindex, nofollow
vary
Accept
content-type
image/webp
expires
Thu, 25 Aug 2022 09:41:37 GMT
cache-control
max-age=16070400
accept-ranges
bytes
cf-ray
7460d358e8486949-FRA
cf-bgj
imgq:85,h2pri
cc.jpeg
px.vliplatform.com/bi-v4/ 		0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNKMRrtNrtl0zghRzdNeMKeratM-qMPe-PBTA-MBaB-qBAYtMKAqZPaRdzNwqfftkRlmNBAAbYZARwlNqdqmgfRkjmNBAAbYZARrdzNqdqmgfRwkjNARmNBaARleNplRedhNgfRedh_ygkdqzNtdhznRedh_lgxketNgzitkRedh_znhtNurhkRxltk_qeethzNfgRzey_ctkNcY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:9e3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
cf-cache-status
MISS
last-modified
Mon, 05 Sep 2022 17:53:38 GMT
server
cloudflare
x-robots-tag
noindex, nofollow, noarchive, nosnippet
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQuOcCBQL0z3PH3pC%2FLmNDz6FSFmVKtzrHH2rg05VMcGD6nyI88tl6rgNFgDB9gwBb2D6ry0oDMnoUSsl3Npm84RwlYQDBMci6dmDBGWQBzGAxoFAX%2FBegekt%2F%2BtVcAIdcooX0YB%2FFLUPCJTyTREwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7460d358999c92c5-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
delivery.js
assets.revcontent.com/master/ 		155 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/delivery.js
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2225c74da04e2da63eb7666209ac922d50784f93773ab1f31ea12a133a06f721

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
gzip
last-modified
Tue, 23 Aug 2022 14:54:49 GMT
server
AmazonS3
x-amz-request-id
YNCQRYJK43P52MTB
etag
"04a82cce7022f8312a52dea52a5aea23"
x-hw
1662400418.cds249.fr8.hn,1662400418.cds146.fr8.c
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=60
accept-ranges
bytes
content-length
50192
x-amz-id-2
tO161s+sGrttTsWK5jo1eZnYDQNg2crKnBLpbi7mveGgDnUbXzaYfYBy6Jm9ksEBnFl2i9oTCQQ=
tshow
api.whizzco.com/dtracking/v1/ 		15 B
459 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/dtracking/v1/tshow
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c1dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjFQBjtfhx08x9yhRgX%2FpXG6bnfllnbzc%2FXBTbrJ%2BPXh1oVvIihOjvOVrg9iahLQ907HIfhF9VWGlszyDK%2BY977W8JhFnV12xih6%2B0pWwa6cacL9JpOCzsmF%2B0rmdfBocvf9jdTq98LUhB8yE0M%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.hawtcelebs.com
access-control-allow-credentials
true
cf-ray
7460d35a0a5691f9-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
15
tshow
api.whizzco.com/dtracking/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/dtracking/v1/tshow
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c1dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.hawtcelebs.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, HEAD, OPTIONS
access-control-allow-origin
https://www.hawtcelebs.com
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7460d358d8d691f9-FRA
content-length
0
date
Mon, 05 Sep 2022 17:53:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjNnNuH9b9gakHorzJ60X%2Bbb3l4DnY52h1n%2FAonLXZy8D7UYLGK7874tjHe2xp62j%2FP%2FxgUaCS1Htvb9MmInk93nk%2BqEp1%2BJsIW6JHsyI7ywi9XuY5sA4tXYMwXKb0jb1TUDY1YPXvBLYqsWmzg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
videoplayback
r3---sn-4g5lznez.googlevideo.com/
Redirect Chain
  • https://media.vlitag.com/vid/?id=aOSRX0RXaas&t=y
  • https://redirector.googlevideo.com/videoplayback?expire=1662418848&ei=QCsWY5apE5GBkgbrwq6gDQ&ip=184.164.141.146&id=o-AHRWBYn6oK3uOJEhzcIifR3DigPimH90ZsZuEDlr016A&itag=134&aitags=133%2C134%2C135%2C1...
  • https://r3---sn-4g5lznez.googlevideo.com/videoplayback?expire=1662418848&ei=QCsWY5apE5GBkgbrwq6gDQ&ip=184.164.141.146&id=o-AHRWBYn6oK3uOJEhzcIifR3DigPimH90ZsZuEDlr016A&itag=134&aitags=133%2C134%2C1...
137 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://r3---sn-4g5lznez.googlevideo.com/videoplayback?expire=1662418848&ei=QCsWY5apE5GBkgbrwq6gDQ&ip=184.164.141.146&id=o-AHRWBYn6oK3uOJEhzcIifR3DigPimH90ZsZuEDlr016A&itag=134&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=5wnH4RtFQOvgqu3Rdfcb5_MH&gir=yes&clen=10427993&otfp=1&dur=207.340&lmt=1600678288117961&keepalive=yes&fexp=24001373%2C24007246&c=WEB&rbqsm=fr&n=9eX46HM8bAvQda6&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRAIgFivQbyWI-95lSHYxm1T-RzdZICZCMfQKOu4I_BnvxsgCICOGQUmuiSFzwyQQB-1HOaaECUheEZZmhChtsztVRx8B&cms_redirect=yes&mh=3a&mip=2001:1b60:1010:2:1012:fe7:53ba:ee61&mm=31&mn=sn-4g5lznez&ms=au&mt=1662400165&mv=m&mvi=3&pl=29&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAL4q3XewwcP2cXquwnApg4eaWByTnuCWn1DA4oeByUBrAiB9BPW4OJE9BJRThya5U-O7AGTOhUpREICxlhMdCp5hGw%3D%3D
Protocol
H3
Server
2a00:1450:4001:11::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
x-restrict-formats-hint
None
last-modified
Mon, 21 Sep 2020 08:51:28 GMT
server
gvs 1.0
vary
Origin
content-type
video/mp4
Content-Range
bytes 0-10427992/10427993
client-protocol
quic
cache-control
private, max-age=18129
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
10427993
x-content-type-options
nosniff
expires
Mon, 05 Sep 2022 17:53:39 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-content-type-options
nosniff
server
ClientMapServer
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://r3---sn-4g5lznez.googlevideo.com/videoplayback?expire=1662418848&ei=QCsWY5apE5GBkgbrwq6gDQ&ip=184.164.141.146&id=o-AHRWBYn6oK3uOJEhzcIifR3DigPimH90ZsZuEDlr016A&itag=134&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=5wnH4RtFQOvgqu3Rdfcb5_MH&gir=yes&clen=10427993&otfp=1&dur=207.340&lmt=1600678288117961&keepalive=yes&fexp=24001373%2C24007246&c=WEB&rbqsm=fr&n=9eX46HM8bAvQda6&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRAIgFivQbyWI-95lSHYxm1T-RzdZICZCMfQKOu4I_BnvxsgCICOGQUmuiSFzwyQQB-1HOaaECUheEZZmhChtsztVRx8B&cms_redirect=yes&mh=3a&mip=2001:1b60:1010:2:1012:fe7:53ba:ee61&mm=31&mn=sn-4g5lznez&ms=au&mt=1662400165&mv=m&mvi=3&pl=29&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAL4q3XewwcP2cXquwnApg4eaWByTnuCWn1DA4oeByUBrAiB9BPW4OJE9BJRThya5U-O7AGTOhUpREICxlhMdCp5hGw%3D%3D
cache-control
no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1289
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v2
de.tynt.com/deb/ 		4 B
260 B 		Script
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/v2?id=w!a9etg89wet&dn=TC&cc=1&r=&us_privacy=1---
Requested by
Host: cdn.tynt.com
URL: https://cdn.tynt.com/tc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip32.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
cache-control
max-age=86400
content-type
application/javascript
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length
4
expires
Tue, 06 Sep 2022 17:53:39 GMT
tshow
api.whizzco.com/dtracking/v1/ 		15 B
458 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/dtracking/v1/tshow
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c1dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JZgecXqeBsMTPp7nNkJXUTSqYl1JsZuh2hYMyo%2Fdb4oClg%2FrrPSzK%2F8KuJ0VT953XMwgpyvbu1V5qlHVhSglis7xz8gXBmwU%2B8nVYNxghaLoaJAcEI5UlFpIlelk1vlXwqiahAClO4AcvwNQPw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.hawtcelebs.com
access-control-allow-credentials
true
cf-ray
7460d35b7c4491f9-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
15
tshow
api.whizzco.com/dtracking/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/dtracking/v1/tshow
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c1dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.hawtcelebs.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, HEAD, OPTIONS
access-control-allow-origin
https://www.hawtcelebs.com
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7460d359497191f9-FRA
content-length
0
date
Mon, 05 Sep 2022 17:53:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGxFBTrTtO1hzPXBs9PkK4VCxNgI3h7%2BTm7JcAQKksVEalfXZxabXQOYdfCi%2FzKMokpwifU0cyC2TZQ2dVwV2NBIGnqcGH4NQeLho8V2nOJK06E%2BHAINVWMdJwIgjZrNIzHRU0OKayd2CePTbic%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
dt
dt.adsafeprotected.com/ Frame A8DD 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=266706&asId=25860387-9ce7-c6ec-2a96-56ce88f843cc&tv=%7Bc:nmC7ed,pingTime:1,time:1736,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:22%7D,%7Bpiv:100,vs:i,r:,t:641%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1095,o:641,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B634~0%5D,as:%5B634~300.250%5D%7D%7D,%7Bsl:i,t:641,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1096~100%5D,as:%5B1096~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:180,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-server-name
dt07.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame A8DD 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=266706&asId=25860387-9ce7-c6ec-2a96-56ce88f843cc&tv=%7Bc:nmC7ee,pingTime:1,time:1737,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:22%7D,%7Bpiv:100,vs:i,r:,t:641%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1096,o:641,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B634~0%5D,as:%5B634~300.250%5D%7D%7D,%7Bsl:i,t:641,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1096~100%5D,as:%5B1096~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:180,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:38 GMT
x-server-name
dt05.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
pwt.js
ads.pubmatic.com/AdServer/js/pwt/160835/4933/ 		199 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.68.199 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-68-199.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5eb141717f51c44f96058d241cfd4183c21632385e0b9fa1163ca9d8f7f606d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
content-encoding
gzip
last-modified
Fri, 08 Jul 2022 20:07:19 GMT
server
Apache
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=44983
accept-ranges
bytes
content-type
application/javascript
content-length
62062
expires
Tue, 06 Sep 2022 06:23:21 GMT
p
ic.tynt.com/b/ 		0
227 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1662400418523&dn=TC&iso=0&us_privacy=1---&t=LORI%20HARVEY%20Arrives%20at%20Kylie%E2%80%99s%20Cosmetic%20Event%20at%20Ulta%20Beauty%20in%20Westwood%2008%2F24%2F2022%20%E2%80%93%20HawtCelebs&cu=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:38 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022083101&jk=2233394363979607&bg=!q6ilqOzNAAZTikH4c4o7ACkAdvg8WinOzOYHiVP819DqjrJiEkxBCs1H7pXBIl80g076hlaedS-ixgIAAAB2UgAAAAJoAQcKAFhTT3NiMjMefY1j5ZQhnRX2gU6rsNGqVXohaR5egVUUvgefFXEB7I0yy-Uq2cxNBWJMXJzx0R9VoEs4qdUuNPBb4zt1Mp9AXp6eXut5vn4L7oyMdVVatsrzmQKbka21q-jybSj5fICrQr0dQnHIoNRX8OxCV-zQvEkcAVBlErYylAt3XsXbzjObbt5IFXQubhRWmJWG5zvtsbywnCuQMZ-u9jrw_2JRytwNuVr8GHPFUbj9zhGWvP7vKJh1P0-BnUYCzDBeLwW5HWxJYL6jqMQ0C9faTWvKztKl8HW65cCoThCH79Fr84gPXOSof-u7lsQJBkvLdpmbiM0ScCELBujHraSVQLjX1ImL3QrAgWBG4ifLVinURqGQmqL4mSrw5uJywiyvmGh7Ac692MDkT2Ib8TXgw-rIkMWc0snV9kwBKGoAGJgaIe5vRw3fF_IZF2yNvYYT8pQXFrDBXztaR5gracPa7XqlJbSOxF9TZAaW1pao6Hc8-rFRGwTf5n1dQV-cbUXKlTWiieHQv9zjv-UH4PCxSYHWzm3XrbuJTeQqhJ0JJHlWdIyLg7sRsEJvkNlg6H2I-SyVw0qouqHZJ3J7F3BVuSKjVYmbxilmJi6CR_gnl8ThbRgJQpApur2JrMK4yqv9nALEbFZrgWi8SdfYGyx98IvfB6gtudCcS1joWBQqmyQmQsCkT1EK4u6N9A4383rFN10_VSaqO7oXAEWhqxAO_r9NhEHBRvP0qJ5FpG66TJ1vL8b6JEJtXjJQvsgqxHwSD6lb6c4WWfPSG4-4UwCxu7Yiqj-Z2ny1WoDPwIyaTZT8qYsEK6oON0YgbfQMXuxM0wGAEqyWwTV-fYUmwxoAdAmspgPkvyVgK_bNjvPZ4bkPG8UUbE7leLcR_MVGLngoEMq6qx763i94Gm-0MECN_9SeLq2zTGZEzsNEobS6sbGKvQRlQDT_UfEWRVlf1fhg3ZgLeRv8EqOB6MQIi5kPCdWqXvbefs49uaI-n2o3T_sbCA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
img.fetch
udmserve.net/udm/ 		1 B
470 B 		Script
General
Check archive.org
Download Go to
Full URL
https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;gdprApplies=true;consentGiven=false;consentData=
Requested by
Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.13.11.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
68.71.249.118 Toronto, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software
/
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 17:53:39 GMT
Connection
Keep-Alive
P3p
NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Content-Length
1
Content-Type
application/x-javascript
/
trends.revcontent.com/api/demand/ 		52 B
268 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/api/demand/?w=268750
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.249.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-249-27.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin
https://www.hawtcelebs.com
date
Mon, 05 Sep 2022 17:53:39 GMT
access-control-allow-credentials
true
server
Apache/2.4.25 (Debian)
content-length
52
strict-transport-security
max-age=931536000; includeSubDomains
content-type
text/html; charset=UTF-8
sync
trends.revcontent.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/sync
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.249.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-249-27.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin
https://www.hawtcelebs.com
date
Mon, 05 Sep 2022 17:53:39 GMT
access-control-allow-credentials
true
server
openresty
x-envoy-upstream-service-time
1
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
/
trends.revcontent.com/api/demand/ 		52 B
268 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/api/demand/?w=268749
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.249.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-249-27.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin
https://www.hawtcelebs.com
date
Mon, 05 Sep 2022 17:53:39 GMT
access-control-allow-credentials
true
server
Apache/2.4.25 (Debian)
content-length
52
strict-transport-security
max-age=931536000; includeSubDomains
content-type
text/html; charset=UTF-8
sync
trends.revcontent.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/sync
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.249.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-249-27.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin
https://www.hawtcelebs.com
date
Mon, 05 Sep 2022 17:53:39 GMT
access-control-allow-credentials
true
server
openresty
x-envoy-upstream-service-time
6
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
p
ic.tynt.com/b/ 		0
227 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1662400418523&dn=TC&iso=0&us_privacy=1---&t=LORI%20HARVEY%20Arrives%20at%20Kylie%E2%80%99s%20Cosmetic%20Event%20at%20Ulta%20Beauty%20in%20Westwood%2008%2F24%2F2022%20%E2%80%93%20HawtCelebs
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
p
ic.tynt.com/b/ 		0
227 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1662400418523&dn=TC&iso=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
/
trends.revcontent.com/api/delivery/ 		28 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/api/delivery/?is_blocked=undefined&w=268749&width=1600&gdpr=1&us_privacy=1---&rev_allow_cookies=0&site_url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&icr_url=&va=0&time=1662400419181&up=pc&bn=chrome&bv=105&widget_width=535&style_id=0&idhub[pubcid]=d7849a00-6674-45f0-a5ad-d270f97a1a8a
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.249.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-249-27.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
460df563c03793bff545ec740e8c71f069826370583432df4719d942848ec4ae
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:40 GMT
content-encoding
gzip
server
Apache/2.4.25 (Debian)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
strict-transport-security
max-age=931536000; includeSubDomains
content-length
10927
/
trends.revcontent.com/api/delivery/ 		15 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/api/delivery/?is_blocked=undefined&w=268750&width=1600&gdpr=1&us_privacy=1---&rev_allow_cookies=0&site_url=https%3A%2F%2Fwww.hawtcelebs.com%2Flori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022%2F&icr_url=&va=0&time=1662400419183&up=pc&bn=chrome&bv=105&widget_width=160&style_id=0&idhub[pubcid]=d7849a00-6674-45f0-a5ad-d270f97a1a8a
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.249.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-249-27.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
d89669999bf95ed45f5ea099ea0baaee77036c29d85e4cd5b2925af95250d36c
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
content-encoding
gzip
server
Apache/2.4.25 (Debian)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
strict-transport-security
max-age=931536000; includeSubDomains
content-length
6499
p
ic.tynt.com/b/ 		0
227 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1662400418523&dn=TC&iso=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
impression
trends.revcontent.com/event/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/event/impression
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.249.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-249-27.eu-west-1.compute.amazonaws.com
Software
Grizzly/2.4.4 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
https://www.hawtcelebs.com
date
Mon, 05 Sep 2022 17:53:39 GMT
access-control-allow-credentials
true
server
Grizzly/2.4.4
access-control-allow-headers
Content-Type
strict-transport-security
max-age=931536000; includeSubDomains
defaultWidget~feedWidget.delivery.js
assets.revcontent.com/master/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/defaultWidget~feedWidget.delivery.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e34129e1a48e2e59c1a205b2c61ba770d3beae93b2eab5e87486f430fe8832b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
content-encoding
gzip
last-modified
Tue, 23 Aug 2022 14:54:54 GMT
server
AmazonS3
x-amz-request-id
YNCWDF8Y4FY1N70K
etag
"8eea76427f8b9f09926cc5bba63710e8"
x-hw
1662400419.cds249.fr8.hn,1662400419.cds154.fr8.c
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=60
accept-ranges
bytes
content-length
7035
x-amz-id-2
m7yOP20seiZfyLDPQi5919kXFOtWfAupIkIWSW5U0oCbSnGdvK8QbzUiznLErymjhASZPvUNcAo=
defaultWidget.delivery.js
assets.revcontent.com/master/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/defaultWidget.delivery.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2709ac81693413404f966ce7ae2b67e1221f2d83393e2a4e6d6e5ed2cd875bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
content-encoding
gzip
last-modified
Tue, 23 Aug 2022 14:54:51 GMT
server
AmazonS3
x-amz-request-id
YNCZK8J3FF8EPDBK
etag
"29501f9509bcd26f4106cff85b0ee937"
x-hw
1662400419.cds249.fr8.hn,1662400419.cds280.fr8.c
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=60
accept-ranges
bytes
content-length
6207
x-amz-id-2
L0MORsQUDk0eBnD+SZEtn2SUcZLuEoKTV9KUKHPIWY7ImDqqwhnCuN58wMIWiRKXLzvkT2oGjBk=
commonModal.delivery.js
assets.revcontent.com/master/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/commonModal.delivery.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cc114e98a122f2eee93806ce60dda7ce34be300b094029d9949fbb4cab4ae44a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
content-encoding
gzip
last-modified
Tue, 23 Aug 2022 14:54:51 GMT
server
AmazonS3
x-amz-request-id
YNCG1MH1B34HQC68
etag
"088f118f9b4464ecf1e6e769eb87f6ab"
x-hw
1662400419.cds249.fr8.hn,1662400419.cds002.fr8.c
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=60
accept-ranges
bytes
content-length
1661
x-amz-id-2
tRSWEnIen026Ur77kWWb3MyM3hl7dbsoDw+6ZV0Sf8tGYLgHcyL2RlrHuTEqNdjzwsMZ4yUnxy4=
/
img.revcontent.com/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.revcontent.com/?url=https://cdn.revcontent.com/assets/img/full_color.png&static=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
last-modified
Thu, 02 Jun 2022 15:22:42 GMT
etag
"1654183362"
x-hw
1662400419.cds153.fr8.hn,1662400419.cds260.fr8.c
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1351
p
ic.tynt.com/b/ 		0
227 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1662400418523&dn=TC&iso=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
rc-logo.png
cdn.revcontent.com/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.revcontent.com/assets/img/rc-logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
f4241710e57486ad91102e31823e855469608e1aea362f1f0e059609c9eb9a56

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
last-modified
Thu, 01 Sep 2022 18:57:11 GMT
etag
"1662058631"
x-hw
1662400419.cds284.fr8.hn,1662400419.cds057.fr8.c
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=24961
accept-ranges
bytes
content-length
2091
56ec5cc3cbad85b65b66ae45bb17d1f9.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/56ec5cc3cbad85b65b66ae45bb17d1f9.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
6bb7ca4599a7d2657d55ba255b961b1720099113766841edb587acf54c4a2b7e
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
fastly;dur=1;cpu=0;start=2022-06-06T16:10:05.962Z;desc=hit,rtt;dur=0
content-length
5182
x-request-id
87d1d0185773f8634c136ff7807a58d6
last-modified
Mon, 06 Jun 2022 16:00:23 GMT
server
Cloudinary
etag
"fd41d4fa2ba109d5828529d05ee27ce1"
vary
Save-Data
x-hw
1662400419.cds241.fr8.hn,1662400419.cds157.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
5c65a2998e063f3aac7d9f69929e53ff.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/5c65a2998e063f3aac7d9f69929e53ff.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
99d6ebff8d1cf29a6bb79ab1b5be8506aeb9b6ef6c09cb53ae95327da78cd88b
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
fastly;dur=2;cpu=1;start=2022-07-28T18:01:48.083Z;desc=hit,rtt;dur=0
content-length
5610
x-request-id
f479976a36335d8adcf0ff23c5aaf6c8
last-modified
Thu, 28 Jul 2022 17:58:35 GMT
server
Cloudinary
etag
"4d3ada85b95894177740dddea19a4eac"
vary
Save-Data
x-hw
1662400419.cds241.fr8.hn,1662400419.cds221.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
960207ed1c3ee3397f650b9783e2db35.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/960207ed1c3ee3397f650b9783e2db35.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
09089267cfefae51012a5a5991a5e5bdd50ed38e6f6e4be1d00723f6e4ece4b8
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
fastly;dur=2;cpu=1;start=2022-05-31T18:59:19.449Z;desc=hit,rtt;dur=0
content-length
5188
x-request-id
fa34969b876c26fbd8210df2ccac3f48
last-modified
Tue, 31 May 2022 18:55:22 GMT
server
Cloudinary
etag
"836512573a9b408d992064261d429c6a"
vary
Save-Data
x-hw
1662400419.cds241.fr8.hn,1662400419.cds215.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
p
ic.tynt.com/b/ 		0
227 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1662400418523&dn=TC&iso=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:39 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
page-view
yeet.revcontent.com/yeet/events/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/page-view
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.hawtcelebs.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Date
Mon, 05 Sep 2022 17:53:40 GMT
Server
openresty
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time
1
widget-loaded
yeet.revcontent.com/yeet/events/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.hawtcelebs.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Date
Mon, 05 Sep 2022 17:53:40 GMT
Server
openresty
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time
1
page-view
yeet.revcontent.com/yeet/events/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/page-view
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
Date
Mon, 05 Sep 2022 17:53:40 GMT
x-envoy-upstream-service-time
1
Server
openresty
Connection
keep-alive
vary
Origin
widget-loaded
yeet.revcontent.com/yeet/events/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
Date
Mon, 05 Sep 2022 17:53:40 GMT
x-envoy-upstream-service-time
2
Server
openresty
Connection
keep-alive
vary
Origin
impression
trends.revcontent.com/event/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/event/impression
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.249.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-249-27.eu-west-1.compute.amazonaws.com
Software
Grizzly/2.4.4 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
https://www.hawtcelebs.com
date
Mon, 05 Sep 2022 17:53:40 GMT
access-control-allow-credentials
true
server
Grizzly/2.4.4
access-control-allow-headers
Content-Type
strict-transport-security
max-age=931536000; includeSubDomains
/
img.revcontent.com/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.revcontent.com/?url=https://cdn.revcontent.com/assets/img/full_color.png&static=true
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:40 GMT
last-modified
Thu, 02 Jun 2022 15:22:42 GMT
etag
"1654183362"
x-hw
1662400420.cds153.fr8.hn,1662400420.cds260.fr8.c
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1351
rc-logo.png
cdn.revcontent.com/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.revcontent.com/assets/img/rc-logo.png
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
f4241710e57486ad91102e31823e855469608e1aea362f1f0e059609c9eb9a56

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:40 GMT
last-modified
Thu, 01 Sep 2022 18:57:11 GMT
etag
"1662058631"
x-hw
1662400420.cds284.fr8.hn,1662400420.cds057.fr8.c
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=24960
accept-ranges
bytes
content-length
2091
38b05e26bc1dd00fa50d6e2d6f4bc8c1.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/38b05e26bc1dd00fa50d6e2d6f4bc8c1.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
7b9b97584f4a8a566a4ead722a972e0779245c0ce0eff2b383511c96cf88364f
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:40 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
fastly;dur=2;cpu=1;start=2022-06-27T18:02:50.107Z;desc=hit,rtt;dur=0
content-length
6218
x-request-id
159d7518f09448f002942fd4fec150fa
last-modified
Mon, 27 Jun 2022 18:00:57 GMT
server
Cloudinary
etag
"97454a94f9aaf8433b8f309b112a6d29"
vary
Save-Data
x-hw
1662400420.cds241.fr8.hn,1662400420.cds229.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
ac60b642ada1c1c5b7464cd7f8ac4a7a.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ac60b642ada1c1c5b7464cd7f8ac4a7a.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
b3a335cb27a4cf27e9988bf442aeca6c9961982d5359ec097bbd85cf6b4288ee
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:40 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
fastly;dur=2;cpu=1;start=2022-07-15T12:19:57.219Z;desc=hit,rtt;dur=0
content-length
7219
last-modified
Mon, 23 May 2022 17:16:08 GMT
server
Cloudinary
etag
"a79b343e64c45029fdb25a1dada8c8ae"
vary
Save-Data
x-hw
1662400420.cds241.fr8.hn,1662400420.cds290.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
62e682c5350ce6-80117344.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/62e682c5350ce6-80117344.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
238e15081c921e467bcdeffab4104df9aaba879a970d800a7a09fc13327451ff
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:40 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
fastly;dur=452;cpu=0;start=2022-08-02T21:58:31.247Z;desc=miss,rtt;dur=0,cloudinary;dur=357;start=2022-08-02T21:58:31.296Z,cld-id;desc=b7fc67d96645f3b8d1a3e4ff732fe68c
content-length
6537
x-request-id
b7fc67d96645f3b8d1a3e4ff732fe68c
last-modified
Tue, 02 Aug 2022 21:17:13 GMT
server
Cloudinary
etag
"131ed62d9214a1764117c71f11692ca3"
vary
Save-Data
x-hw
1662400420.cds241.fr8.hn,1662400420.cds098.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
56ec5cc3cbad85b65b66ae45bb17d1f9.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/56ec5cc3cbad85b65b66ae45bb17d1f9.jpg
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
6bb7ca4599a7d2657d55ba255b961b1720099113766841edb587acf54c4a2b7e
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:40 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
fastly;dur=1;cpu=0;start=2022-06-06T16:10:05.962Z;desc=hit,rtt;dur=0
content-length
5182
x-request-id
87d1d0185773f8634c136ff7807a58d6
last-modified
Mon, 06 Jun 2022 16:00:23 GMT
server
Cloudinary
etag
"fd41d4fa2ba109d5828529d05ee27ce1"
vary
Save-Data
x-hw
1662400420.cds241.fr8.hn,1662400420.cds157.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
5c65a2998e063f3aac7d9f69929e53ff.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/5c65a2998e063f3aac7d9f69929e53ff.jpg
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
99d6ebff8d1cf29a6bb79ab1b5be8506aeb9b6ef6c09cb53ae95327da78cd88b
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:40 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
fastly;dur=2;cpu=1;start=2022-07-28T18:01:48.083Z;desc=hit,rtt;dur=0
content-length
5610
x-request-id
f479976a36335d8adcf0ff23c5aaf6c8
last-modified
Thu, 28 Jul 2022 17:58:35 GMT
server
Cloudinary
etag
"4d3ada85b95894177740dddea19a4eac"
vary
Save-Data
x-hw
1662400420.cds241.fr8.hn,1662400420.cds221.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
960207ed1c3ee3397f650b9783e2db35.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto,h_150,w_225,c_fill,g_face:auto/pg_1/https://media.revcontent.com/content/images/960207ed1c3ee3397f650b9783e2db35.jpg
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
09089267cfefae51012a5a5991a5e5bdd50ed38e6f6e4be1d00723f6e4ece4b8
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:40 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
fastly;dur=2;cpu=1;start=2022-05-31T18:59:19.449Z;desc=hit,rtt;dur=0
content-length
5188
x-request-id
fa34969b876c26fbd8210df2ccac3f48
last-modified
Tue, 31 May 2022 18:55:22 GMT
server
Cloudinary
etag
"836512573a9b408d992064261d429c6a"
vary
Save-Data
x-hw
1662400420.cds241.fr8.hn,1662400420.cds215.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
widget-loaded
yeet.revcontent.com/yeet/events/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.hawtcelebs.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Date
Mon, 05 Sep 2022 17:53:40 GMT
Server
openresty
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time
1
widget-loaded
yeet.revcontent.com/yeet/events/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
Date
Mon, 05 Sep 2022 17:53:41 GMT
x-envoy-upstream-service-time
1
Server
openresty
Connection
keep-alive
vary
Origin
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.hawtcelebs.com%2F&domain=www.hawtcelebs.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2406:2600:4::b , Japan, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.hawtcelebs.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Mon, 05 Sep 2022 17:53:41 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
230722
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.hawtcelebs.com%2F&domain=www.hawtcelebs.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=AEAUv3x4aWtFQXRpTWVzaGVyNDVNRC9HeGhHMlhNQzgzbUREaU9rTXZhNW9CZlp5SHROK2V3aXh0d2U1ZTVCVFBoQzN6TXJaUk9Gd2QxY0FKYmJwSS8ybUhZTW54R2J5UEQyMjVJOTZEZHd6YjgwTHczbTZpSWJqSThRT2...
350 B
643 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=AEAUv3x4aWtFQXRpTWVzaGVyNDVNRC9HeGhHMlhNQzgzbUREaU9rTXZhNW9CZlp5SHROK2V3aXh0d2U1ZTVCVFBoQzN6TXJaUk9Gd2QxY0FKYmJwSS8ybUhZTW54R2J5UEQyMjVJOTZEZHd6YjgwTHczbTZpSWJqSThRT2ozZUM4M3FTN0ljQWZjdGIwY1ZranRmLy9KekxucWwrREgxYW5aWFFwekJ0ak1ocGZDR2xUZ0lGVlJTZEVqR3ExWlJvQ2VDUVVyQ29ta3hyaHY3MTV2R3dsa0Z2R21sUlB1ZlVKMjdyOTYwd3huaU1sY0JUYmF3NmYyMUZRWk9UenlOMXRCeVFxfA&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
339dbae95314979ef72cd445500b21923665541926d0901e03d853ae88870f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hawtcelebs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:42 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1452276
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:41 GMT
server
Kestrel
location
https://mug.criteo.com/sid?cpp=AEAUv3x4aWtFQXRpTWVzaGVyNDVNRC9HeGhHMlhNQzgzbUREaU9rTXZhNW9CZlp5SHROK2V3aXh0d2U1ZTVCVFBoQzN6TXJaUk9Gd2QxY0FKYmJwSS8ybUhZTW54R2J5UEQyMjVJOTZEZHd6YjgwTHczbTZpSWJqSThRT2ozZUM4M3FTN0ljQWZjdGIwY1ZranRmLy9KekxucWwrREgxYW5aWFFwekJ0ak1ocGZDR2xUZ0lGVlJTZEVqR3ExWlJvQ2VDUVVyQ29ta3hyaHY3MTV2R3dsa0Z2R21sUlB1ZlVKMjdyOTYwd3huaU1sY0JUYmF3NmYyMUZRWk9UenlOMXRCeVFxfA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
292657
content-length
0
expires
0
envelope
api.rlcdn.com/api/identity/ 		0
0
id
id.crwdcntrl.net/ 		63 B
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.31.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-77-31-182.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
dd1d7b23d3ae5ba280d511dc699ee1827e2792090c93f0388447e7968a237aac

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:41 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
no-cache
x-server
10.45.21.197
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
63
expires
0
rid
match.adsrvr.org/track/ 		63 B
392 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
bd554a4e8d5ed0313e8bd3e10ed9b04154593ae90401dfbd0b23dd1ea9a2560d

Request headers

Referer
https://www.hawtcelebs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 05 Sep 2022 17:53:41 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.hawtcelebs.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Wed, 05 Oct 2022 17:53:41 GMT
dt
dt.adsafeprotected.com/ Frame 2F18 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=747557&asId=41a422a5-cf3e-e596-caf8-963a01ab86d2&tv=%7Bc:nmC84T,pingTime:5,time:5291,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:160,h:600,t:216%7D,%7Bpiv:0,vs:o,r:l,t:260%7D,%7Bpiv:100,vs:i,r:,t:288%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5003,o:288,n:260,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:216,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B58~1,0~0%5D,as:%5B58~160.600%5D%7D%7D,%7Bsl:o,t:260,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B28~0%5D,as:%5B28~160.600%5D%7D%7D,%7Bsl:i,t:288,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5004~100%5D,as:%5B5004~160.600%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:193,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15*.747557-55375942%7C151%7C1521%7C16%7C17.266706-51196687%7C171,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:42 GMT
x-server-name
dt11.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame 2F18 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=747557&asId=41a422a5-cf3e-e596-caf8-963a01ab86d2&tv=%7Bc:nmC84V,pingTime:5,time:5293,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:160,h:600,t:216%7D,%7Bpiv:0,vs:o,r:l,t:260%7D,%7Bpiv:100,vs:i,r:,t:288%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5005,o:288,n:260,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:216,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B58~1,0~0%5D,as:%5B58~160.600%5D%7D%7D,%7Bsl:o,t:260,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B28~0%5D,as:%5B28~160.600%5D%7D%7D,%7Bsl:i,t:288,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5006~100%5D,as:%5B5006~160.600%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:193,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15*.747557-55375942%7C151%7C1521%7C16%7C17.266706-51196687%7C171,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:42 GMT
x-server-name
dt13.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=AEAUv3x4aWtFQXRpTWVzaGVyNDVNRC9HeGhHMlhNQzgzbUREaU9rTXZhNW9CZlp5SHROK2V3aXh0d2U1ZTVCVFBoQzN6TXJaUk9Gd2QxY0FKYmJwSS8ybUhZTW54R2J5UEQyMjVJOTZEZHd6YjgwTHczbTZpSWJqSThRT2ozZUM4M3FTN0ljQWZjdGIwY1ZranRmLy9KekxucWwrREgxYW5aWFFwekJ0ak1ocGZDR2xUZ0lGVlJTZEVqR3ExWlJvQ2VDUVVyQ29ta3hyaHY3MTV2R3dsa0Z2R21sUlB1ZlVKMjdyOTYwd3huaU1sY0JUYmF3NmYyMUZRWk9UenlOMXRCeVFxfA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Mon, 05 Sep 2022 17:53:43 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
460811
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
dt
dt.adsafeprotected.com/ Frame A8DD 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=266706&asId=25860387-9ce7-c6ec-2a96-56ce88f843cc&tv=%7Bc:nmC8gK,pingTime:5,time:5737,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:22%7D,%7Bpiv:100,vs:i,r:,t:641%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:5096,o:641,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B634~0%5D,as:%5B634~300.250%5D%7D%7D,%7Bsl:i,t:641,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5097~100%5D,as:%5B5097~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:177,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:42 GMT
x-server-name
dt02.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame A8DD 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=266706&asId=25860387-9ce7-c6ec-2a96-56ce88f843cc&tv=%7Bc:nmC8gM,pingTime:5,time:5739,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:22%7D,%7Bpiv:100,vs:i,r:,t:641%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:5098,o:641,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B634~0%5D,as:%5B634~300.250%5D%7D%7D,%7Bsl:i,t:641,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5098~100%5D,as:%5B5098~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:177,fm:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,fm2:tgAeJtG+11%7C121%7C122%7C1231%7C131%7C132%7C1411%7C14121%7C15.747557-55375942%7C151%7C1521%7C153%7C16%7C17*.266706-51196687%7C171,idMap:17*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:2ffd:4913:b6c3:d37a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 17:53:42 GMT
x-server-name
dt03.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuCsquFFpWpP_Wkg6miEN3JU7Wks1TyB0VaNSv4U7bEYFhjTVkUKwbez2F63ntykDe5Qt6H-IEJaoUtq5jmzWangp5ctL5GzImi6rziKIy9GBX-4BG8hGYgORyLvFESi517h1L6PxN20FBnJPXDJ2E2EmJUNmbGXW-9zJ1p4I7XL2DShyV3A2DAFcsP8zGHvJnwKksa7XisULSk2d87xrnDZ5vo9hY9DYgOVSHCtQAoZT03d6K2PyKYKgV5uNfsnyKLI5A-M0DoaJ1xDORjzXThrfPgFh5w4xtQG7VCbrrcKYnTIcGL0OaoGrVUErLFIY7yofZf6qtZGSoJJ90GOewY8tWgz53F941k7ypNiEw4AJDfSj9VPy37YAy31neQRwFPOie1PaNH33q-HA&sai=AMfl-YSaM57xwypGOrInY2HmooMOC1qr5YsWTaI9lw7EVLqFs-xuVYEWPD07ixLRYW9RcDo7AaZgzmdGeHf6p3QuYX12TftIWgY4AaL2gp5SA5gceMKXgPjCC-HYqU-SL3j1Jcs&sig=Cg0ArKJSzAGmmTFGBn-pEAE&uach_m=[UACH]&urlfix=1&adurl=
Domain
www.googletagservices.com
URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=13781

Verdicts & Comments Add Verdict or Comment

176 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| __cfQR string| demandSupplySc string| demandSupplyCr number| demandSupplySr object| houseAdCampaigns string| demandSupplyTi object| demandSupplyTc object| demandSupplyTcI number| demandSupplyPDI number| demandSupplyDFSS object| demandSupply object| xg object| dspbjs string| demandSupplyFS object| _app object| googletag object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing object| google_reactive_ads_global_state object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal object| udm_ads_queue boolean| udm_confiant_init object| confiant boolean| udm_edge_init object| _qoptions object| _qevents object| udm_r3Chunk object| udm_r3 function| endedHandler function| udm_process_ads_queue function| delete_udm_edge function| reload_udm_edge function| quantserve function| __qc object| ezt function| qtrack undefined| $ function| jQuery function| gtag object| dataLayer object| menuItems object| trigger number| width object| bounding number| step function| slideMenu function| __tcfapi function| __uspapi object| google_tag_manager object| regeneratorRuntime object| _PBCFG object| vitag string| tagApi object| viAPItag number| udm_inpage_sid string| GoogleAnalyticsObject function| ga function| w_event function| createElementFromHTML function| stripScripts function| generateID function| checkScriptHead function| observe_mutation function| getCpcPrediction boolean| proceed object| currentScript object| inpageDiv object| inpageDivs object| inpageScript object| udm_inpage_divs boolean| udm_inpage_initialized object| _Hasync object| _wau boolean| __cfRLUnblockHandlers object| WAU_ren function| WAU_classic function| WAU_classic_request function| WAU_r_c function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| udmRenderRates object| GoogleGcLKhOms object| udmDefinedBlockedCreativeIds function| chfh function| chfh2 string| _HST_cntval object| Histats object| gaplugins object| gaData function| __tcfapiui object| _dtspv object| x string| x1 string| x2 object| Tynt function| getEidsByVLI object| _33Across object| $sf object| vlipbChunk object| vlipb object| ADAGIO object| mnet string| nobidVersion object| nobid boolean| apstagLOADED object| apstag object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator number| google_srt function| mb function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| module$contents$ima$CompanionAdSelectionSettings_CompanionAdSelectionSettings object| module$contents$ima$AdsRenderingSettings_AdsRenderingSettings object| ima object| module$contents$ima$AdCuePoints_AdCuePoints object| module$contents$ima$AdError_AdError object| module$contents$ima$AdErrorEvent_AdErrorEvent object| module$contents$ima$AdEvent_AdEvent object| module$contents$ima$AdsManagerLoadedEvent_AdsManagerLoadedEvent object| google object| observeElementInViewport string| cnsntv2 function| Splide object| viSplide object| _HistatsCounterGraphics_0_setValues string| contentURL string| no_script_tag object| data object| wpJsonRciWidget object| ua_result function| __NEXT_PRELOADREADY object| revcontent function| renderRCWidget object| google_image_requests object| owpbjsChunk object| owpbjs object| PWT string| partnerName string| key function| dspCriteoRTUSCallback

56 Cookies

Domain/Path Name / Value
app2.cision.com/ Name: JSESSIONID
Value: 4327A7C34FE177AF09042818912C8DA2
.cision.com/ Name: __cf_bm
Value: q51XSnuq7xWJ6by3YRccXFc1bpMXNpoUJxfe_vorL3k-1662400414-0-AYofARKNZDdCE24d9NHnvbqN+R07qATp9ySRdYfOAl7CBtfJMLcgdCfFoMw6Sa35SrM2JtP+Pb2/yfXhKSFAQew=
live.demand.supply/ Name: demandSupplyTi
Value: 9e9274f6-62d5-43fe-8541-f880697213e0
.udmserve.net/ Name: dt
Value: F230C641-B511-31F1-B239-3AC9820D3406
.adnxs.com/ Name: uuid2
Value: 5007904726464245340
www.hawtcelebs.com/ Name: udmsrc
Value: %7B%7D
www.hawtcelebs.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.casalemedia.com/ Name: CMID
Value: YxY3oOwda2xciwnHsx5sKwAA
.casalemedia.com/ Name: CMPS
Value: 1119
.casalemedia.com/ Name: CMPRO
Value: 1119
.udmserve.net/ Name: apnid
Value: 5007904726464245340
www.hawtcelebs.com/ Name: qcSxc
Value: 1662400416361
.quantserve.com/ Name: mc
Value: 631637a0-5e218-d583f-f5282
.hawtcelebs.com/ Name: __qca
Value: P0-1939739575-1662400416343
.technoratimedia.com/ Name: tads_uid
Value: GDPR
.udmserve.net/ Name: indx
Value: YxY3oOwda2xciwnHsx5sKwAABF8AAAAB
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2E?]mWyS?!]tbPl1M>e)ZlrFUfJ+tGXxpGQ4>Ti_`<DNUZ41CAIu!AK)>/maaRlp5jO=h3If)y3KL9D3I?+9.w5V/
.doubleclick.net/ Name: DSID
Value: NO_DATA
.adform.net/ Name: C
Value: 1
.turn.com/ Name: uid
Value: 9123490509142022726
.doubleclick.net/ Name: IDE
Value: AHWqTUnNMLBYgky-Tg5ABbPUYumO5vn-UIo8e0OD-Ih_DrX0X1As6lHRJbAdeeVjlgw
.hawtcelebs.com/ Name: __gads
Value: ID=8365aa15c33bd7e3:T=1662400415:S=ALNI_MbxL7gXxxh-BQxRRFNztxbMi861TQ
.adform.net/ Name: uid
Value: 5634685447545029848
.redintelligence.net/ Name: 8lcfmzhxc8d6_uid
Value: 0f1b87d32736987d
.retailads.net/ Name: ppb2172
Value: 1578472959
.casalemedia.com/ Name: CMTS
Value: 5169
.futalis.de/ Name: raSIDb
Value: 1578472959
.awin1.com/ Name: awpv14098
Value: 296283|1662400417|aaf75cb0-2d43-11ed-8280-22382f38ffb2
.awin1.com/ Name: AWSESS
Value: 429086:2519595
pb.media01.eu/ Name: ASP.NET_SessionId
Value: pmw4ijvgdklrtrmnrz0xiy4q
pb.media01.eu/ Name: DTU
Value: EA9546BE689DEEE19B22FA890711452F
.simpli.fi/ Name: suid
Value: 5D9933849A804BA5AAB6492B629A2880
.yieldmo.com/ Name: yieldmo_id
Value: g4f12fadea8c4d9ee376%7C1662400417887%7C0%7C
.zemanta.com/ Name: zuid
Value: r2-KuO2qWA-LLTOzvP-u
www.hawtcelebs.com/ Name: HstCfa1890596
Value: 1662400418141
www.hawtcelebs.com/ Name: HstCla1890596
Value: 1662400418141
www.hawtcelebs.com/ Name: HstCmu1890596
Value: 1662400418141
www.hawtcelebs.com/ Name: HstPn1890596
Value: 1
www.hawtcelebs.com/ Name: HstPt1890596
Value: 1
www.hawtcelebs.com/ Name: HstCnv1890596
Value: 1
www.hawtcelebs.com/ Name: HstCns1890596
Value: 1
.hawtcelebs.com/ Name: _ga
Value: GA1.2.2047397849.1662400416
.hawtcelebs.com/ Name: _gid
Value: GA1.2.1080799578.1662400418
.hawtcelebs.com/ Name: _gat_gtag_UA_10995097_8
Value: 1
.dtscout.com/ Name: m
Value: 1
.dtscout.com/ Name: oa
Value: 1
.dtscout.com/ Name: df
Value: 1662400418
www.hawtcelebs.com/ Name: __ppIdCC
Value: gwqtxekeva_xon21006499418330
.hawtcelebs.com/ Name: _pubcid
Value: d7849a00-6674-45f0-a5ad-d270f97a1a8a
.udmserve.net/ Name: udmts
Value: 1662400419.0
www.hawtcelebs.com/ Name: _lr_retry_request
Value: true
www.hawtcelebs.com/ Name: _lr_env_src_ats
Value: false
www.hawtcelebs.com/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-09-05T17%3A53%3A41%22%7D
.hawtcelebs.com/ Name: panoramaId_expiry
Value: 1662486821133
.hawtcelebs.com/ Name: cto_bundle
Value: qWfE818lMkZ2VzBXaDhJbWN5QWtnSVE1em56ciUyQnhwZ1JWZXlVRyUyRmpuQ3l6MDhOc3JOcE5UMnh4cDl6RWJ1YlZuV21HQlhxbjdxJTJCbFBLWDl0V1UxUXVUUWd6bTduWWZWcEh2eGc4ekpaa0pWNlRwaEowTnNzSkJib3BNZng4NGRuT1J5c29E
.hawtcelebs.com/ Name: cto_bidid
Value: jM-Fvl9uc0txVFdURiUyRkZvSEdpalYwdlZCcGVlNDFNbjViWGZ5cm82VDRUdnpXbGR6SVQxT2hCWjZBZDVxektrZEYlMkZZSDZUTkJvMUNCV2lXM1RVUUwlMkZqWDBTUSUzRCUzRA

4 Console Messages

Source Level URL
Text
other warning URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8020352921880749886/index.html#t=14247881966893971540&p=https%3A%2F%2F76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
Message:
<link rel=preload> has an invalid `href` value
network error URL: https://udmserve.net/udm/img.fetch?sid=17047;tid=1;ev=1;dt=8;
Message:
Failed to load resource: the server responded with a status of 412 (Precondition Failed)
javascript error URL: https://www.hawtcelebs.com/lori-harvey-arrives-at-kylies-cosmetic-event-at-ulta-beauty-in-westwood-08-24-2022/
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=13781' from origin 'https://www.hawtcelebs.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=13781
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

76bc978a81870cdfe4fa21eb1ca94825.safeframe.googlesyndication.com
ad-server.eu
ad.turn.com
ads.pubmatic.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
api.demand.supply
api.rlcdn.com
api.whizzco.com
app2.cision.com
assets.revcontent.com
assets.vlitag.com
audit-tcfv2.cmp.quantcast.com
b1sync.zemanta.com
bid.g.doubleclick.net
bid.underdog.media
c.amazon-adsystem.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.retailads.net
cdn.revcontent.com
cdn.tynt.com
cdn.whizzco.com
cm.g.doubleclick.net
cmp.quantcast.com
confiant-integrations.global.ssl.fastly.net
cs.emxdgt.com
ct.moreover.com
d.turn.com
dclk-match.dotomi.com
de.tynt.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal90002.redintelligence.net
ib.adnxs.com
ic.tynt.com
id.crwdcntrl.net
id5-sync.com
image8.pubmatic.com
images.revcontent.com
imasdk.googleapis.com
img.revcontent.com
live.demand.supply
match.adsrvr.org
media.vlitag.com
medialead.de
mug.criteo.com
pagead2.googlesyndication.com
pb.media01.eu
pixel.quantserve.com
pv.medialead.de
px.vliplatform.com
pxl.qccerttest.com
quantcast.mgr.consensu.org
r.turn.com
r3---sn-4g5lznez.googlevideo.com
redirector.googlevideo.com
rules.quantcount.com
s0.2mdn.net
s10.histats.com
s4.histats.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
services.vlitag.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
stats.g.doubleclick.net
sync.technoratimedia.com
t.dtscout.com
test.cmp.quantcast.com
tpc.googlesyndication.com
track.adform.net
trends.revcontent.com
u12097671.ct.sendgrid.net
udmserve.net
um.simpli.fi
us-u.openx.net
waust.at
whos.amung.us
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.hawtcelebs.com
yeet.revcontent.com
api.rlcdn.com
securepubads.g.doubleclick.net
www.googletagservices.com
104.111.239.217
104.18.18.126
104.18.19.126
104.18.36.173
108.138.4.10
108.177.15.157
129.158.42.199
141.95.98.69
142.250.184.226
142.250.186.66
145.239.193.130
151.101.193.194
151.139.128.11
167.114.209.61
167.89.115.54
169.50.137.184
178.250.0.157
18.193.0.23
185.86.139.102
198.27.80.143
198.47.127.18
2.18.68.199
2001:4860:4802:32::178
2001:678:cb4:bbbb::11
2001:678:cb4:bbbb::13
2406:2600:4::b
2600:1f13:800:7782:2ffd:4913:b6c3:d37a
2600:9000:206f:600:11:615:7240:93a1
2600:9000:206f:ac00:9:46dc:4700:93a1
2600:9000:206f:f400:9:46dc:4700:93a1
2600:9000:214f:dc00:8:48e:53c0:93a1
2600:9000:214f:e000:5:c4ab:c3c0:93a1
2600:9000:223c:c800:6:44e3:f8c0:93a1
2600:9000:225e:8200:3:a4cd:8380:93a1
2606:4700:10::6816:3556
2606:4700:10::6816:3ac7
2606:4700:10::6816:4aab
2606:4700:10::ac43:15e3
2606:4700:20::ac43:4739
2606:4700:3033::6815:3c4d
2606:4700:3036::ac43:c1dd
2606:4700:3037::ac43:9e3b
2606:4700::6810:8516
2606:4700::6810:8616
2606:4700::6812:5f3c
2620:116:800d:21:ef75:8280:f209:5ba1
2a00:1450:4001:11::8
2a00:1450:4001:800::2006
2a00:1450:4001:801::2002
2a00:1450:4001:803::200e
2a00:1450:4001:806::2001
2a00:1450:4001:80f::200a
2a00:1450:4001:827::2001
2a00:1450:4001:827::2008
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2003
2a00:1450:4001:830::2004
2a00:1450:4001:831::2002
2a00:1450:400c:c08::9a
2a01:4f8:d0a:2321::2
2a02:fa8:8806:13::1400
2a04:4e42::485
2a06:98c1:3120::3
3.33.220.150
3.71.169.66
34.251.249.27
34.98.64.218
37.157.4.40
37.252.172.37
37.252.173.62
46.105.201.240
46.4.10.47
49.12.16.151
52.17.139.148
52.51.126.33
54.76.147.17
54.76.176.197
54.77.31.182
64.202.112.63
67.202.105.32
67.202.105.33
68.71.249.118
70.39.246.51
88.198.250.30
94.130.102.164
94.23.99.218
0513fe35f8c7693dcd6d87a301058b2e0af9a36bb44ea18591153b80aba4272d
06088b6c97afefd5ed093b317cde3f3244db86e4ad054ee13cfd35624505d843
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
09089267cfefae51012a5a5991a5e5bdd50ed38e6f6e4be1d00723f6e4ece4b8
098e6c054d062f5ed9be3ae0937fbaab756c0b9b52624778e8b332ea7c802f27
09d066e51f3699727a7533bdbe741b2aef7033a2d30f9a10f0ca730cd82fd4b1
0ae639e0cde2de5bc87a9be00c1cdba547d96a341ec868df34a53892aedcc700
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e39772fd4ab2ea007f5b93277960107e5a96696c53eef90c6e694e556ff5c26
0ea842ad92b2cb342a00d74293e6036981ec07854e082223080525efa9c88528
0f4aee2bdd54dc46a82aa73080798e95046fed54a96702322504c95deabb000b
10017de59f10543b2fc736d8c724b7cf1f981f0a83e4320261fba3d0ea5ec7d7
111d1bc9aa9ad89b7eef5134cbe5b87d12b8ef480e3795d50da9b3ebcaca97aa
11ed90c92297e46261775eab42fc43c1c7781556fd790d05f916e991b29f0396
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
135b752896a461d44fd10bd12afe15b66b18846f9faf42f81a1839a617d52728
13d612759d841e36ffb65d66a0b67cb1509d030ec306309681174fca8cea5352
1427b00f4747d51662c89f684cb9c8a06cda376d69865eadcd7e90069f8f05b4
1427e34002bd5ade9f44dd2573a026cea941a80748021128d4119c861ea83273
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
1a81c00b02e9a797e6e8cfce706577e8eb14c66fc4ab38ed71f09508d9222c72
1b108b811d4d1cafaa6240bd1ededc57abcbf44ee3b19506450ec59ae49450b6
1e155ef1ed6e2d9fe76dcc54f4b1e4439132744317fc0e7c1786564b01c2391a
1ec77b6656290e6fff0b28e5070c9abdd6dff9af534db21835771921c9b58dcd
1f9022424a5e4ddbaadf4e20d5f29ea301d098c7a057b2a3be9f4dd3ad514313
2225c74da04e2da63eb7666209ac922d50784f93773ab1f31ea12a133a06f721
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
238e15081c921e467bcdeffab4104df9aaba879a970d800a7a09fc13327451ff
248d0f732763fd82701728aff2902d3e6b079e73f1ea00c1c4bb749f45e9226f
2544e71310c27e2c92f8720259da4c68bc66b45dd99cff090525e545644fab87
2709ac81693413404f966ce7ae2b67e1221f2d83393e2a4e6d6e5ed2cd875bb3
2772b2939434a835dec4f5a233b58c541f80ecf225cb426db708388fb1f2b17f
2baba68f09aecd7f95e6d229d960917c11413ab8d53d5b2b658d5c2ea6eab50f
2c961539bdea05629dbcd160e681e5b4490386aeb13c22bd36d905dbf3c545bf
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31370f14534e5bb78d3da68b6cf0e72369feea1bd68aaeac1b61d07094aa1deb
318a7d79cfb6e344178edb59d37bd784b530d4cd6369719dacfdb2c6671b3437
32cf0a8fe53899cf276cb12df8c8f5f1558bfb49a803502eda8296818dafef6f
339dbae95314979ef72cd445500b21923665541926d0901e03d853ae88870f16
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
34a1720a3f19d793dbcf82fbe955fc906d26009b9f3a1fc461a31bf77d3c8c3c
35700fd4dc1a4008ab66bc0e57c19689f6daca9368bfd2a6beea1b86dc0159d8
35c92598a5f32c018dc630f57b183b0284c211ce9c222e5b36840a62115262f1
35f59a300caf8b1f096bb1a57ed1f3ae65ed934d161be08e2141d46a350c1f17
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37bdde71eda05551adae1974b43916d2fc58ca04bc1b8325aab65e2668152b66
38354e6a0119fe113356e1506a115ca148a6b9ea22cf88136baa9167d6fde794
3964b1baa62d3b1426c5b4a746d67e9fa2446f4e44b5bff3d81a5dd409863b19
3a682ad13e1535e4077c573179247c072d7891ad507c73b7466163562f6c2fa8
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
3d530733bad93f02c6d727dd07d476e85acc7d850eebe6ba3895468ba0ab6689
40eba42ba503b9446c0e6f6f2c01fe7ac3b9924fe7d10528e06fd7ee7cc42a2b
414540643fb9606b8d3b0a573a20742eaf9749f98a0d78bbd5709f63f5f54353
42e4cce501b7a3de5b3c5a4e1d6672652e780b8d4cd45f8e6e16e4db81e7df29
4363de3692c4a74fc169fe532159fc97103dc6bd4d8efda8ff32952de1fdd996
45fe766308841d0d4a2068ef014d83df899ef6623f6bb4bde509431657b1c707
460df563c03793bff545ec740e8c71f069826370583432df4719d942848ec4ae
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
476d8d8a5ee6c842a16e5ae6a58cec35ff7649729b77de0319644cdc128340eb
47ecec0312b98dc3f4b5977fa38fc06d8f7e60f22901b852860f6006bd0e6def
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49250ed8e3698633fe130e218b05ca9f44a8acb04833bd280c2ad570ffcc3cf7
4a416a40b169eb44c122821aa19de8e0ffca5bf2543d6062c2f4ab6d7ec64129
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bec36848b4a5b17b25b7b18ddba27a18bea080c37930a4c49e2ddef3f0d95c4
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
507aa227b15ecd81b5d9637bd621ee8f52af16b6d4137f1343221f76a3ebe520
538ff4da79fec8ba0e9fe57dc4706fb57187f7bf37a26bd51fc6a82e27e72a45
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56392a97bf35956d4a099fbf3c764a01ee1f2cf2e070a0d8aacf458dbecca0a9
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5883c35c5c29d4a5673e0dc4aadc41edeae09d0568d9866cc6aaf772d9a13aa7
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5ad06326a440d3bf449060c5f9ce238f0d144ffdb7900193a14b5821ed4c69de
5bbd103eaaf331cc0615b3929979f80e9fc481f1f26abc6bc87ea20a747b8642
5db53bf6a77148dae0aece6b6512e4a6bf94603af72e449a0f23ed03e8b96ff3
5eb141717f51c44f96058d241cfd4183c21632385e0b9fa1163ca9d8f7f606d2
5eee320d1f273041599430af56fea5fb24fe0dfa95fc24a0254d6d8fea0578ea
60f0f055fc233f379cbcb4136087ea4d530b57731cce0d2998ae9ba45f6eae13
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61f12a6f12fd3924f1622b786c05b67cfe48b3d0b38f8ba5d779a2a828cd2cae
622b74d92de99976237a5e7bb3b9ad30946dc327776687f379925b889a3ccc5f
64f2f1f02fc851d4d6bdaab153f5511584d04c8fbe30742a2acedc68f955d547
6594daa4a32cee545d09e8e20b8b4a486b83bc9efb70b23c0cbb00a6c0d523af
66847cea31d0d63ee5f3f9f2a55f6f97e7e6114c1f69656575cb1be343f7e60f
69164c2f89b59234047976910758f59fbda7401576695346065b4ff67c233a22
6953a02cce2f1567279e384ff55658bf8acc64ae72afe6afbe1da9ba9a41cb18
6a2981854b58e53b9bfdaea5719f459e640db5753c84ba01f5f23ed3297a14ce
6bb7ca4599a7d2657d55ba255b961b1720099113766841edb587acf54c4a2b7e
6c77d8c859b3571965ec6dde4c65e8f2bedee063ad273faa6a765c400ddaded4
6d196e8bd0042755a59d4ffdefd3dd45d3db5173ede587bdb84d26d0ef44e942
6d480bb437581e75f6fbfccb6105cddf931ebf0268d26c15cc3ae355a7b97ceb
6efeb220d581a73a92a8ca58f187ddf0c0a0b835b34b89bce6dcd5e1b348465a
6f5d18b1769507b97d8718a598fcecd3bc9e270bc11a520d769b2d06452418f6
6fbe2288d381bae5e1faa467c6fe5119f3c982aa6265700f5f3cbd7dca3049cb
723fbc6614369854aad3d28f4f27fa2f68c2fafbc100f5851bb1595669bdf2ae
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
747e8f5454d77ac3ee2339c3490cb7b805d59d7fedd4cc0682ae6ed9c33b7d25
74c50cc0a947464285c66df6e20bbfb2137624119faf6ad94489cb3f5bcc8aa3
759f8986297c16dd4f9373c590865aa43a31723d91df0e4e7de50b0312add3f0
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554
7895f19f9770dce4f076a9cc63e8e331843876aca25d55bb5907220df0f5b5e1
790a2fb876a78daf76683bbbc32c371c73140c045931649a3d85fe8677cb8e20
7b9b97584f4a8a566a4ead722a972e0779245c0ce0eff2b383511c96cf88364f
80897a36c678f0d100c834f87cf84c8714280fca3b4b6d54789e7fe623c3cdac
81c2b1963d021c340cf129b30355da4be319a1ae4ed4d7c6bf63a3c182c72517
82941f09999379977b48d89c9468cda36fa6d184ef24984243cf85123b38e0ab
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8662ca4bbed9b82502df0283b2ffcad71297c5ed7255a5acdc47392d0de8dacc
8668645a9b609cadf436a4e11f1835110c3fd00475535f92df42e6000414b546
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c
870ccfae9a88437d68df37822b45c72403af9c00ab70a63613372c29a8e4dcff
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
8dd5b55e97d6f337b67a1a612fe849a9b55cab36134a8501e8d585f625604673
8e77b3e6ef93af58380131ec650584ce5e4053b988253d4ef1596cfafbcdb9b6
8fef4c5dbdb726de212237f0acbbdf4dfd9b2bc8e96cfc123ec7ccd84641fc8b
8ff6faae8270e109e39ce50052fd76b0401de6c834df465ed17e2a7062e4340c
90ab895fd58766d043681385fe835c136d464d0740fb8ba7412ba5b6b624323f
937458495c30f567aeafe715f0164bfe061ab17aee4a34aabbf191f69a6d32ae
939ae264853db9ed3f45645cf2d7285940bc968ba8b14198bd166d80710ac191
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5
9744cb08ddfd011e1b31e36846253082d81265eb3516abfafc436d35592e2250
97b618e87e984d8ba90dd9c1cd24f05b2ebfbb86c4df375e6e925c51cb2cf1b8
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
99456b3711ac205efcbdbc08ae9dae0124aa6a94d0edf9701a80caa6fc38b5db
99cf5718b6a2e73ff40f480d226059477d841e0f94a098796fa7f21dea789c06
99d6ebff8d1cf29a6bb79ab1b5be8506aeb9b6ef6c09cb53ae95327da78cd88b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c5cd3351a343011cbc0046d12c2b8bc8d7a968a09009ddb117fb1dc49fd1333
9e8489d17b92714a6051efe7cde72157a687dddaf04d7b8d971861c5227736b0
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a40dcd59c23d9ed6f0fbaeefeb57c78543b487ad93c49f5f74b89dd85b0ea278
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4eb2060150d9fc24ee035cb939a77e9d386616cbb36979dce9cf9276492e1ad
a509f4d3b48e9f9b0db4fae9fc717188c11f6eb03d97a934c38ee4d3a093c19d
a630a9548dd7747fdddf7d25ccbf03d122c963492175a965de46743669003f10
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a794c35044ca9879e32662eff76289949b2b993196b8e295ccdb29d243d72c5e
a7d7bd674dcbb446d8e8a5df6cdf814fb6777534d7e06ed83f841d2ba8928ddd
a921383af76c5359ac83a1dd5d4741c90577a30be0c7b8f1d619b8414d8a83fb
aa6a905eb7934dbc86046cbce12a7acbe70e164aee97cc22bdc3f0d0b6f8f1e0
abd69d600a2765e19efd4ae7e0ae67251c444d26983dee435163fc1331239ec6
ad7afbe9d305cb621e9eb723576299abd60a267840dff122a2016d749632be79
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
af0d6570462dee3c3937e8694b2ee98ea78313219976105080e94680c29769ad
afe970e8b124a779bd6e2a96d3e030eb1ca042d81b4466617e20d120de74c9e7
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3a335cb27a4cf27e9988bf442aeca6c9961982d5359ec097bbd85cf6b4288ee
b44ff76502980d269c8db4fc08a639693d756cecf542ef00e0b2e5a1655a997b
b4ddb147981a655b321c1de9863af76210aa9c220061500ce7fe5b4d9c9e5c76
b4e4185fd32167cb7d9a41483d35fbc0326d42f094818b50e07f517a506220ba
b8182b2f55eee5cef155ee6901e60b9a3950cd08863ca9644b4ebf775e2cc18a
b8341f341848ee9eec71870d976b0895ef1084190c2e0b0349d2ba1c9b9ef64e
b9300f2e357d74f1e9fcf85f5fa6c16ff113bdf946210cad9e54730e5953cded
b9468203d1a374c57d8f34c2df0229524b0b930bd43ed137a2a9bbbb21c1606e
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bd554a4e8d5ed0313e8bd3e10ed9b04154593ae90401dfbd0b23dd1ea9a2560d
bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be237b6f2a146c310c3d991fbdb4ec8d560b2f1e1b69031951d519b32764e783
bee4c3ddceefb6558b86e3d6bbe40326f6d67e1b0b535eb6949d570e7630d82d
c1220c3411924b38b46c29959590ed77fcda4bec4ed71907db27bef41ac42cbb
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c15c300c0571e83adf008397552a55b42f77c5e88eff850bfb2c9904d8dbb1d5
c267c66ac6f9e7b20a95d03a227071440e3ffe37ed5ee85e06d38fec1c6ac888
c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df
c515a9e91122b2d91367af628d94eeb7d734454ad32986a50b2144a53ee743d6
c5829d82ed988f4e49c6abc7a4d9cd803567c81ab1f1a20f5a0b9d19778a61f8
c6812ab9716f06389dfc1736a8cda1a96ceb48608bad1c2705539ff837879763
c925207bab7130d92d636a73d967c28cd7648918576dec1ae5f8800c602cbe7d
cac92ffee7ee14c1479de55ba1f425f8fd05e5d792a7621edb46ab84a89cc006
cc114e98a122f2eee93806ce60dda7ce34be300b094029d9949fbb4cab4ae44a
cc82d793e3df1253015d924a000cbd4117c937feb63a9d5a282a3aaf33f8fbca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd0564106c40c0d22e2b8fd12f552d0beb6bc1f44d0e9e1a744ff86a811d1ebb
cfe9d2a70f9919f53598025d888d804010cf399d2d67248dd207b3009b9e20fd
d01b2424d1becb990ea64a5c51159b045cb68bc1dbd136c8509d3fe8f30f4280
d0f4a17af99311617e3d593f05df671cd644aa0df7f4384b0998a2f4b85be8b6
d162942e00d8e9beb4aad8a89aa7cd40336e4c5875d4cce97d4cf4bfd883db21
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d36927e9404935042a1677981d9cf95b6021094c1756b2e43aadbdc9dc1d3afc
d505de3f752bcf1019f9878efbea8403e9ca4ecaf4bb6f80f477fba1eb694d2f
d5cbbeb4972b3717ac08103b4ad7902368d349c0aa0523882bd1524cb7c58185
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d89669999bf95ed45f5ea099ea0baaee77036c29d85e4cd5b2925af95250d36c
da5b6618ff476171445c5be42fdef76a522a24e05423f4ebe42aa5f7ff6339da
da89bf5cdeaed1c080057dff7314a4803b9a076bc851efbc032a7ff9cedb94cf
dd1d7b23d3ae5ba280d511dc699ee1827e2792090c93f0388447e7968a237aac
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b
e09409f410bb7e7d99014fc8ad9ef5def48af70ca6820526b796ec824155ddaf
e0971cbfbc807c2cd835cb3604db9d3e391967543fac606e7cb422a484f6c4ef
e34129e1a48e2e59c1a205b2c61ba770d3beae93b2eab5e87486f430fe8832b1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e420666fcd61fd1ca0c9954c909c50f08035cd70bdbc01f5e19de767dfe5c396
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a
e9b62726c16a24a6c96dfdf09813ae3f6d676bec3d70d8665035e138711e4d91
eadd50c6c9f17bbd3e3092c3496f79427c2393e6775300c2c8bc875046c4e117
ed0cae5ad52d4611f26645da5d8a66ef4a8c7117b7ae88c958094262999f952f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb8441e1d1a942b1e1c4f7429807697dd3de9d75e79f4d810d23e9ea2e20cb6
efc4dde25a5a7430ac92a98e5ea5a91ce49f3c45e8791581c999da75221b1264
f1c8a6645bbd557b6f18a1250e649337822e02189e85bfd404320ba52b11c690
f31ed4edda66b286ae5e18c8a4e87d66bd6e87869a0ed339788cd5b97ba65c28
f4241710e57486ad91102e31823e855469608e1aea362f1f0e059609c9eb9a56
f7cda432fd42a7521a36ef8ea1cf96b14d1049e16f25c32d9fb78d71113267c1
f9d7ebc7eb8a48fc8f79ca5df1513ceb47b59fbaf2b8a1054dffd375f0cdf1ea
fa2e64c0d37b249f65a0f2745cdbc17b6a6f7b9e96164acacdf9db1df4c6fc00
fbe68d2096a22ed9e9c11b8479ab4b14da08bc7c880dbb96d157675fd4b07466
fc648a228e1fd71757669ff86f3f42e2790d5e33bb3ceed5ca62d9c7f662499c