www.belajarmakeup.com Open in urlscan Pro
136.243.56.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Submission: On September 21 via api (September 21st 2023, 11:26:55 am UTC) from US — Scanned from DE

Summary HTTP 378 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 64 IPs in 11 countries across 51 domains to perform 378 HTTP transactions. The main IP is 136.243.56.135, located in Germany and belongs to HETZNER-AS, DE. The main domain is www.belajarmakeup.com.
TLS certificate: Issued by R3 on August 6th 2023. Valid for: 3 months.

This is the only time www.belajarmakeup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	136.243.56.135 136.243.56.135	24940 (HETZNER-AS) (HETZNER-AS)
5	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
35	2606:4700::68... 2606:4700::6810:8516	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
16	2606:4700:1::... 2606:4700:1::6813:814c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	52.221.3.211 52.221.3.211	16509 (AMAZON-02) (AMAZON-02)
1	52.219.125.74 52.219.125.74	16509 (AMAZON-02) (AMAZON-02)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	157.90.33.68 157.90.33.68	24940 (HETZNER-AS) (HETZNER-AS)
7	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
2	157.90.33.121 157.90.33.121	24940 (HETZNER-AS) (HETZNER-AS)
1 18	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:225... 2600:9000:2250:1a00:a:e047:753:6381	16509 (AMAZON-02) (AMAZON-02)
47	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	65.9.66.122 65.9.66.122	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:10:... 2606:4700:10::6816:3456	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
30	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
2	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
1 2	2a02:2638:d::d 2a02:2638:d::d	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	54.77.82.203 54.77.82.203	16509 (AMAZON-02) (AMAZON-02)
1	178.250.7.13 178.250.7.13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700:440... 2606:4700:4400::6812:297f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:2638:d::4 2a02:2638:d::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	23.32.184.192 23.32.184.192	16625 (AKAMAI-AS) (AKAMAI-AS)
4	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
8	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
31	2a02:2638:d::13 2a02:2638:d::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
23	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.182 213.155.156.182	1299 (TWELVE99 ...) (TWELVE99 Arelion)
6 19	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1 2	23.32.185.35 23.32.185.35	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	35.214.244.115 35.214.244.115	15169 (GOOGLE) (GOOGLE)
1 1	23.53.41.88 23.53.41.88	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2	3.124.69.248 3.124.69.248	16509 (AMAZON-02) (AMAZON-02)
2 2	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 3	64.74.236.127 64.74.236.127	19024 (INTERNAP-...) (INTERNAP-BLK5)
3 3	216.52.2.91 216.52.2.91	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2	13.114.117.211 13.114.117.211	16509 (AMAZON-02) (AMAZON-02)
2 4	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
3	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	138.201.63.164 138.201.63.164	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.64.38 138.201.64.38	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
3	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.16.151 49.12.16.151	24940 (HETZNER-AS) (HETZNER-AS)
1	13.42.176.194 13.42.176.194	16509 (AMAZON-02) (AMAZON-02)
1	3.65.87.76 3.65.87.76	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.147.98 18.66.147.98	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.53 99.86.4.53	16509 (AMAZON-02) (AMAZON-02)
1 2	216.58.212.166 216.58.212.166	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	3.9.77.36 3.9.77.36	16509 (AMAZON-02) (AMAZON-02)
378	64

8 136.243.56.135 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.135.56.243.136.clients.your-server.de

www.belajarmakeup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2606:4700::6810:8516 (United States)

ASN13335 (CLOUDFLARENET, US)

live.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700:1::6813:814c (United States)

ASN13335 (CLOUDFLARENET, US)

jsc.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
servicer.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-img.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.221.3.211 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-221-3-211.ap-southeast-1.compute.amazonaws.com

imp.accesstra.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.219.125.74 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: s3-ap-southeast-1.amazonaws.com

s3-ap-southeast-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.90.33.68 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: sub1.1push.io

system-notify.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.90.33.121 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.121.33.90.157.clients.your-server.de

uidsync.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:1a00:a:e047:753:6381 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-122.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:3456 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::d (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.82.203 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-82-203.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:297f (United States)

ASN13335 (CLOUDFLARENET, US)

cl.imghosts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.184.192 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-184-192.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.117 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

mts0.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a02:2638:d::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.182 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.186.130 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.185.35 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-35.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.244.115 (Groningen, Netherlands) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 115.244.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.53.41.88 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-41-88.deploy.static.akamaitechnologies.com

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.26.193 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.171.85 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:12::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.69.248 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-69-248.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.9 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.74.236.127 (United States) 3 redirects

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.52.2.91 (United States) 3 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.114.117.211 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-114-117-211.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.89.9.252 (London, United Kingdom) 2 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.63.164 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.64.38 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.38.64.201.138.clients.your-server.de

hal900011.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.42.176.194 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-42-176-194.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.65.87.76 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-87-76.eu-central-1.compute.amazonaws.com

t23.intelliad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-98.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-53.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.166 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f166.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.9.77.36 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-77-36.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
86	criteo.net static.criteo.net — Cisco Umbrella Rank: 897 csm.eu.criteo.net — Cisco Umbrella Rank: 7577 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 8000	15 MB
51	googlesyndication.com af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 169 pagead2.googlesyndication.com — Cisco Umbrella Rank: 122	232 KB
41	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 235 cm.g.doubleclick.net — Cisco Umbrella Rank: 329 googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 293895	341 KB
35	demand.supply live.demand.supply — Cisco Umbrella Rank: 42647 api.demand.supply — Cisco Umbrella Rank: 75133	47 KB
22	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113 maps.googleapis.com — Cisco Umbrella Rank: 778	268 KB
19	google.com www.google.com — Cisco Umbrella Rank: 11 mts0.google.com — Cisco Umbrella Rank: 6671 adservice.google.com — Cisco Umbrella Rank: 182	145 KB
17	criteo.com 3 redirects gum.criteo.com — Cisco Umbrella Rank: 640 mug.criteo.com — Cisco Umbrella Rank: 1822 ads.eu.criteo.com — Cisco Umbrella Rank: 7499 cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 8966 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 14897 dis.criteo.com — Cisco Umbrella Rank: 910 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 13805	178 KB
16	mgid.com jsc.mgid.com — Cisco Umbrella Rank: 7419 c.mgid.com — Cisco Umbrella Rank: 6080 cdn.mgid.com — Cisco Umbrella Rank: 9929 servicer.mgid.com — Cisco Umbrella Rank: 7449 s-img.mgid.com — Cisco Umbrella Rank: 6835 cm.mgid.com — Cisco Umbrella Rank: 2276 a.mgid.com — Cisco Umbrella Rank: 13720	135 KB
10	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 35069 hal900011.redintelligence.net — Cisco Umbrella Rank: 269045	219 KB
10	gstatic.com fonts.gstatic.com maps.gstatic.com www.gstatic.com	197 KB
8	wp.com i0.wp.com — Cisco Umbrella Rank: 4566 stats.wp.com — Cisco Umbrella Rank: 3500 pixel.wp.com — Cisco Umbrella Rank: 3212	7 KB
8	belajarmakeup.com www.belajarmakeup.com	211 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254 Failed	341 KB
4	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 1153	977 B
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 360	3 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1026	3 KB
4	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1223 id5-sync.com — Cisco Umbrella Rank: 687	62 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 34232 api.webgains.io — Cisco Umbrella Rank: 72808	18 KB
3	medialead.de pv.medialead.de — Cisco Umbrella Rank: 42019	1 KB
3	lijit.com 3 redirects ap.lijit.com — Cisco Umbrella Rank: 1012	2 KB
3	zemanta.com 3 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 906	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	153 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 118911	6 KB
2	adingo.jp cc.adingo.jp — Cisco Umbrella Rank: 11013	87 B
2	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 614	291 B
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 5383	207 B
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 2022	447 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 7132	645 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 178	708 B
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	10 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1393 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1398	12 KB
2	uidsync.net uidsync.net — Cisco Umbrella Rank: 41184	713 B
2	system-notify.app system-notify.app — Cisco Umbrella Rank: 88917	14 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 104278	3 KB
1	intelliad.de t23.intelliad.de — Cisco Umbrella Rank: 116593	555 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 44441	2 KB
1	futalis.de futalis.de — Cisco Umbrella Rank: 205109	401 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 312847	931 B
1	pangle-ads.com 1 redirects analytics.pangle-ads.com — Cisco Umbrella Rank: 2902	979 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 1499	416 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 637	265 B
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1313	408 B
1	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 837	63 KB
1	imghosts.com cl.imghosts.com — Cisco Umbrella Rank: 9931	65 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2880	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 558	1 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2724	3 KB
1	amazonaws.com s3-ap-southeast-1.amazonaws.com	31 KB
1	accesstra.de 1 redirects imp.accesstra.de — Cisco Umbrella Rank: 158652	207 B
0	aura-dsp.com Failed sync-dmp.aura-dsp.com Failed
0	chocolateplatform.com Failed cs.chocolateplatform.com Failed
378	51

	Domain	Requested by
47	static.criteo.net	securepubads.g.doubleclick.net ads.eu.criteo.com cdnjs.cloudflare.com static.criteo.net
31	imageproxy.eu.criteo.net	ads.eu.criteo.com
30	live.demand.supply	www.belajarmakeup.com live.demand.supply client
23	tpc.googlesyndication.com	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net
21	pagead2.googlesyndication.com	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com www.belajarmakeup.com www.googletagservices.com pagead2.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net
19	cm.g.doubleclick.net	6 redirects af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com googleads.g.doubleclick.net www.belajarmakeup.com
18	securepubads.g.doubleclick.net	1 redirects live.demand.supply securepubads.g.doubleclick.net www.belajarmakeup.com af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
17	maps.googleapis.com	www.google.com maps.googleapis.com www.belajarmakeup.com
17	www.google.com	www.belajarmakeup.com maps.googleapis.com af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com tpc.googlesyndication.com
8	csm.eu.criteo.net	ads.eu.criteo.com
8	www.belajarmakeup.com	www.belajarmakeup.com
7	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	fonts.gstatic.com	fonts.googleapis.com
6	www.googletagservices.com	securepubads.g.doubleclick.net af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
6	i0.wp.com	www.belajarmakeup.com
5	hal900011.redintelligence.net	1 redirects af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com hal900011.redintelligence.net
5	hal9000.redintelligence.net	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com hal900011.redintelligence.net
5	api.demand.supply	live.demand.supply
5	fonts.googleapis.com	www.belajarmakeup.com af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com maps.googleapis.com hal900011.redintelligence.net
4	onetag-sys.com	2 redirects af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cat.fr3.eu.criteo.com	ads.eu.criteo.com
4	ads.eu.criteo.com	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
3	pv.medialead.de	hal900011.redintelligence.net
3	rtb.nl3.eu.criteo.com	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
3	ap.lijit.com	3 redirects
3	b1sync.zemanta.com	3 redirects
3	a.mgid.com	www.belajarmakeup.com
3	s-img.mgid.com	www.belajarmakeup.com
3	c.mgid.com	www.belajarmakeup.com
2	api.webgains.io	analytics.webgains.io
2	8019191.fls.doubleclick.net	1 redirects af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
2	www.googletagmanager.com	adv.office-partner.de www.googletagmanager.com
2	cdn.retailads.net	1 redirects futalis.de
2	cc.adingo.jp	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
2	dis.criteo.com	2 redirects
2	x.bidswitch.net	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
2	dclk-match.dotomi.com	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
2	googleads.g.doubleclick.net	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com pagead2.googlesyndication.com
2	sync.teads.tv	1 redirects af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
2	d5p.de17a.com	2 redirects
2	www.googleadservices.com	www.belajarmakeup.com
2	cdnjs.cloudflare.com	ads.eu.criteo.com
2	cm.mgid.com	jsc.mgid.com
2	cdn.mgid.com	www.belajarmakeup.com
2	gum.criteo.com	1 redirects static.criteo.net
2	id5-sync.com	cdn.id5-sync.com
2	cdn.id5-sync.com	securepubads.g.doubleclick.net jsc.mgid.com
2	maps.gstatic.com	www.google.com www.belajarmakeup.com
2	uidsync.net	system-notify.app
2	system-notify.app	www.belajarmakeup.com system-notify.app
2	jsc.mgid.com	www.belajarmakeup.com jsc.mgid.com
1	adservice.google.com	8019191.fls.doubleclick.net
1	cdn.track.production.webgains.team	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	t23.intelliad.de	hal900011.redintelligence.net
1	track.webgains.com	www.belajarmakeup.com
1	futalis.de	hal900011.redintelligence.net
1	adv.office-partner.de	hal900011.redintelligence.net
1	analytics.pangle-ads.com	1 redirects
1	csync.loopme.me	1 redirects
1	match.adsrvr.org	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
1	rtb.fr3.eu.criteo.com	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
1	mts0.google.com	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
1	www.gstatic.com	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	ads.pubmatic.com	jsc.mgid.com
1	cl.imghosts.com	www.belajarmakeup.com
1	servicer.mgid.com	jsc.mgid.com
1	mug.criteo.com	www.belajarmakeup.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	pixel.wp.com	www.belajarmakeup.com
1	stats.wp.com	www.belajarmakeup.com
1	s3-ap-southeast-1.amazonaws.com	www.belajarmakeup.com
1	imp.accesstra.de	1 redirects
0	sync-dmp.aura-dsp.com Failed	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
0	cs.chocolateplatform.com Failed	af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
378	82

This site contains links to these domains. Also see Links.

Domain
widgets.mgid.com
www.mgid.com
clck.mgid.com
click.accesstra.de
id.belajarmakeup.com
www.idtheme.com
www.gianmr.com
sulvo.com

Subject Issuer	Validity	Valid
belajarmakeup.com R3	`2023-08-06` - `2023-11-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
demand.supply Cloudflare Inc ECC CA-3	`2023-02-19` - `2024-02-19`	a year	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
system-notify.app R3	`2023-08-25` - `2023-11-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
uidsync.net Sectigo RSA Domain Validation Secure Server CA	`2022-11-28` - `2023-12-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-08-10` - `2023-11-08`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-08-26` - `2023-11-24`	3 months	crt.sh
*.id5-sync.com R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-18`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-21`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-29`	3 months	crt.sh
*.eu-1-id5-sync.com R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2023-11-08`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.adingo.jp Amazon RSA 2048 M03	`2023-09-13` - `2024-10-12`	a year	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-27` - `2023-10-22`	3 months	crt.sh
redintelligence.net R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
adv.office-partner.de R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
pv.medialead.de R3	`2023-08-13` - `2023-11-11`	3 months	crt.sh
*.futalis.de R3	`2023-08-15` - `2023-11-13`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.intelliad.de Thawte TLS RSA CA G1	`2023-07-31` - `2024-08-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh

This page contains 32 frames:

Primary Page: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Frame ID: 495D9396561E14BE1DF6F5A23FC18F03
Requests: 107 HTTP requests in this frame

Frame: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
Frame ID: BB5039573073874FA4717EFB8C95C4C1
Requests: 48 HTTP requests in this frame

Frame: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E50DDE6A68D0AF1978C6117A363F51B0
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.belajarmakeup.com
Frame ID: 177FA266B3760BE6322133AAB859CB67
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstiEzcCB239I5G2gRBqHnOje1iZVxA119MjVcLE8Ot6je_UF1WwAMJ3x_vK7QGgjkooh6r1iEr9zyeoEWlXOgWlYbYaUWmF83iPh3pVlpqhWJp7C8bkuqt5qouTECRQrO1pGiNU1lQlERYnpYD3pmllIYmJAEnhESMp0FzKCwJHYQlztdN0weMWSGhSxSgFJBlu4d2m12VCA8zSE_0yqhDO2hmhZLFGE6FP-2gNUOJIvjSkosMs7F9zSkaMlLCblYq-TounsdF1o7Mu__Q2i9PsjAD1UeiaD33DaGsS4uNGUjwQlgGEvXrpiqU0TbjTT-D5xKWSybwahvDHlotXf3MyVj0eBVnk6ubGDzBSVLpydoAPYKPItFSFQdSTjbAGvb_VfAkZYOx_QBlejmmBJ_rPFw&sai=AMfl-YTpsTNRzGwEW4KEG6kJQVRlYQXdDYlML-Wa_pSKbWHwrja3iuNFmHQfBteW8qcMDUTdo88N9mTCv4zIDmfucDdRDA0UJRGQwcV-4r1Cu6wCldWXjoWbeqvUsLuOJ6XWaC9ZoVjE7hmD22urHbWI&sig=Cg0ArKJSzGdd_XcGtasyEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: E7CBCED34958226B0516528C4988CB35
Requests: 2 HTTP requests in this frame

Frame: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D876AFF6F69DAD7CDE1F8E11C4242CE2
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodgAJqc4JHVlKAAQW6M5N0tKR_X66G9K4zA&u=%7CAPbgfc3o%2B0lozKl4hhHAleaHotibBjbciobT6Zw4U%2Bg%3D%7C&c1=TEbw32HdmhlTb08vzaRE01gjP6XVckOXmW9UoUGT_GI2b2B5z8aCCSnbAiDmxoSwicJ1n4MV4gwa8S_EYOiQwc9xAuUCawHSgaAmfNBtKmoIlSsUouAvZ3eg3KUH9W4hhSh5Fty69-EJ95LiyJlZM0E3kUsYvRZVmO8oSEC8hupFeB0io9GUOQJq_5xRKesbx-AQOXSHsI6oz5cUgtggKuRABrV1gmiYNqmcK7t0E4vQA7iwuexsnmwqHwv6z0b1FG_L1irQxGWN8iPqjcsI9e6dX3ghP9D_DDPYctF1FUiSBJRx0SMRfT-KaV27wiJexmnu1sY2RICr3u5wSL-lVfNZYisjIUWTG-DRWXAgNEf97GRY5xHW_MSPNzKHcNudywAPWLrspt6Ium6sFo7ZUtYy4s8rJggisgVo7BNqoTszU-Mv6P189UfH6XEkpN1xAPJACwLYgpCNqd5df6yuJ1c5SBuz5tDKMCwS0oSPCaWXLqsRI4q-LCDyPgSjYYiSteL_PpHwIZ3Ykq2QXdqQ93rFEX1-lp3-jdPZX1fLr88_NbymX9ERBJm515inTAOLC4jQv7_C6dV3qFd1Kl2cEB1GYH3ZHr__rDn8RDm6qiq3-B3-fjNW4GX4BlzLhKGa&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP0E2digMZc7TJsqy9fgP6K2QiALJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzgzMTg5NDU1OTAxNDYxNMgBCakCISI9W-HhsT7gAgCoAwHIAwKqBIUDT9C_1lOnqz9Nx9gRfF4tnCWQ5-VFxk7ipyvAIbx0RUqDDmaES6d76FFF-CUF-iI6OIuQNHzKRLZ_nSd7LOoNL_iviRaa4iRG0XlmCqH9WweEq-b89-R4ZP98ZDfDF_mkJiYou081RxSt5ZZG6j9dL6TR3JyAgREMDpI3O8bLBwFhl350dfT8sl1kOjyT50vnYN3flzIrxehOnYGoOzF3yeNsi1_fDUvv4V3NNrHY3tAyc6uUlseY2XxcUK7uc-rHWiAoxXkDfV4PO5TpebBKsZkpR--SCK8ROeEQHNK3RqSOP6od24E_s5UESBjem5Kw6Gs2q_CoFKaVsqTbETT9Fw4vfEnETmOh0g1KfU8LTERnN77WQXO-Sa7ni2BTM6LvUjYCAUb9-2Mw6CjPME2rhvHJUXQnscGKpSmwRDhSHEXZy0_PoEbWbq6lSB0ykbDocr_WONhTxUhf45KHAYVbG7t2wBt2iDFabcgHAY2GODouGFrgA0QKtdOjEmpASJoCYpMfm67gBAGABqufqc3aouL1J6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3EVxp69_T3nUrrx_jBdjmk4820ng%26client%3Dca-pub-3831894559014614%26adurl%3D
Frame ID: 1C6018A235F58B78EEB97B115E3A9F01
Requests: 17 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1695295607084626532900
Frame ID: EBEDBE02C8F66F98BBDF4A951A9BFB34
Requests: 1 HTTP requests in this frame

Frame: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 774F5E14AEA1A6F9D23E21E2C9AAB09C
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstFaLBSehXkQ5AcPMNHq9oDyNXRwqznng4_5BfkSv_ihuKpC8RnlmpljOH_e9IKT0PkmWI7CgrJD3R36OH0pDZprxDMAZhH-u60L9fB3yf8t1bTeHyJ50zwWaX7pHsHP0SPM1Kh2wYt7zPRrJX37xivU0vvowXwchbHeWIUgP_tg72aYZE5POm3Lrlb39HQltTTEow2FLn63QU28kOaJotbgboeoMUTZmLAPm5u52F8xjr2_TAxWaG-5FKJUK4Nps7NVVGImS_Jfeawnu4rm7DAkcj6BDZ07rN8OlWIAVsIR0Db11q-2l0SCsRSH5B_WiV41-Fe9G28O7KmXdxa_RXjTIyvMyg2VbDeG6ZPcAb4ZUqxvMn_4LUmOvS1fwpInLLQK4VGOB_G_8087QX56V90FL0&sai=AMfl-YTohLm478p2PE5ALWfS9YwXvbqVMpH7cpcjYHcPtSqpS3zqX9GpPTq0bxf_2C-1dnAMtxwELDRDFrtw887I2IHbs2sNIJJw5Bd64T1JZbLUe9ZaNv8yjgjM8yh-WUjuX6lpR8QPiqOM8tDksUw&sig=Cg0ArKJSzJR4GoJsJyJ5EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: A250784241CCD8A3C42FEA94221127D4
Requests: 2 HTTP requests in this frame

Frame: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 86AB6553E05CA9564A7D8AE4E0A29900
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodgANOJYKhYnIAA921h0Egnul9AnI4prE1g&u=%7C%2FBQyUNtUA%2B5i0tscsAqvJfN3jXQahquiy1TQ2SMZzWs%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVJ1_mLSg5t2RHThGC1MU6dKlY4J3vZWhD4fss5dMS5-mleNum2Jd_cD-J-QtDYjfT061Smpu4OPtT3gQe_DKSYcDTNEJ4Ux2EQi84ONuGPkLDqPvo4I2Jyxb8OYUBC59NuNxfElLJfoyLZJvdLzEhZ63-yaFcHKPJ0DiAxlklOothGwmI47_up4AYISWMy3ebc82VD6IwJGUbfiaqXq_ZvH8iSCzr2qO0Qe-EU3YF5vl6l79FnFwX-Um1mwawQR3b7IWIqgyCdNr8U05B4sejLRe9ofacKiNM3qWt1352rK_iBlY4lAWsmtfZaf1zM55ermvQ5Ymu0hdK1laHfrpLzL5nqhX6KToHrZUmYb0pC34exAf8lnogisd44Yus2keOHFB9YJJkakkEzC5oawJpcc7TQFa_i38o49JNKr-P_IsACIwE76ufXf7BCoqU-6eS2_WQKHp78F5GDdaI_BP0T_g6EIdW63IsBVmns6UveDJkvSxGYV_BmMh1vBIC2L3Kn-y5LDoeaOBnLoPx4VT1NkWW-q6r6Kp09PggMOYv2R4Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCstzEdigMZZbxNMiTlgTW7b2IA8me0rFchf6X93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0yAEJqQIhIj1b4eGxPuACAKgDAcgDAqoEgwNP0IXxygE-FF-ay5Jjl-eEY4UK2arkz2ThCFKKkbasJy1KFxohlylCvjMAJWuBbpks2vwhB2qjpLp8Q61Mmu9LzfVeyRLQeucA-MsuOR0mpzhX5F-q6V3uLG6aaTPeOFglL2uqSMXZclTEUZTq5TTdyiaj8DORJFHkODR6wLCmlRh01yw5F2khEpqe6LNEmS5VuyB6TGuC_RslICvYSYqW4aeMhoXkudbdGtmJa-h2QwKoUFyfA8b_UFsjXjPlnKTAChet0UJ_3xHgX9QXmYH91wpsfhhLTfpp9vlcm23ZcF0qCpceH7kF4hNZ15dTsQaliV5ORxZS6XwaXNzd9uwNDKLAHC2LCcZ8tYliQ6Ia-W1xe6bt3mlNL8NBdMzcFyYmq4c6_ch1eqbuSU34DC9C6qKQA-X6ONo45PZtUkgxX4a2Whq8no0pAg7QKGKUilVzXoJl0Az1lM_2YVjvox8yqRI7KLGAmua0ZKGeaBr7ZoSNGbUEdKn0AOtZwqFI1xEQpKvgBAGABqufqc3aouL1J6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2DR9Ymm3GBHY9xr9YVzyZwAqOMmg%26client%3Dca-pub-3831894559014614%26adurl%3D
Frame ID: EF7E85C23FD21E1280315CDDFF709AB0
Requests: 29 HTTP requests in this frame

Frame: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 20F4FEA794EC0A588656D7A6172C8CBC
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodgAPNzsJHUpFAAZHbx3ZDvp0qqV99c9ueg&u=%7C%2FBQyUNtUA%2B7ka6fQNaByRgMsddH0sTPe38StH49TBH4%3D%7C&c1=TEbw32HdmhlTb08vzaRE0-J3aJQULXRb6S19EAZ80X2gBTzv4Dq5xMxb2AiDpyinZYbjjDWoUakI8AR4rBwCK7-arpVDLb3syM6NZMgTNGS6D67Der0wbb3afMUwQUw1B1COfIo55o6BjlUavbGTnFZPqh03v9JZmZxCIyRfc5aVeHyezmeHQst09cxmM67IvMGB5xewuXNo2OpB807hIbXDPi1mJUdmA4eS-F5ixCsNZ315qn9s_VJhCEcx-sJNz9dWBT2Gs3MGKgH_QHquiTSth6N1tYRPTSWfv9vKMsPYyg3O1wmVPC9ao6KZJB9MG0mOGgrzKUZG_vxQSxJinzNpa9NHNhbSUklh8Phe1UAnOM4LwCyntlRTaMMiQBQTjsnC4P8epsfOZr_5S5_mVlEmHfLhvLID3Di0of7PYw8K339k334JHHSBNC55ThkQ60HI8-S9qaa9ZkUGFGlScADlFubpWoehI4cjBmuHSW3R8ZOLDaRjOwFJd0_8vDBCrQByuLrXPYnqdxRhctt0QSEaDRC4HdXeJHV6469sKUowHaxLTis6HzasiMvmucrFr3PK6ZIFUwSeHHQ97PhoM7DpBcU9zn5ZF8CNTEB2H0GJZQhn6k9eaQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1ygYdigMZbvuPMWU9fgP746ZkAnJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzgzMTg5NDU1OTAxNDYxNMgBCakCWDswZyTYsT7gAgCoAwHIAwKqBIYDT9DQa5wF43LDCvv1cr2gnXreO2Tmw_D414elsRFr_dXqtTac_0T_oNlhbaxE4K8_CCjbqvOXU6fP91f8xPunmL23qmOqR6L3MMqK_X7w-l_KqBL1AtuHd_Di0ySK9z-SYPtYlqvIv1A1p4FoF3u2TOZoNBW1GWM780IK6dee-GGlqqyuuw-C_2uwyxnprksvuPdgk438kynTRHQSnKRIgqCvv6T7A2lmLVIY_KkyW5i3EceZ4xaK9YNZqTvXSj4aS6qA_X1bN9fnePIODJX7h6yCvm98I3GR3tkUeD9j9rYwKwNmzCOrEfDPS8YLwWN3ZB8lRKb61Ej_4DXphXAYj7q4m3M5dx9ALm6UyQMIraPBIvfp-HRPLz8-0fNL275NcsbvZXK1uEGX3NsrAwYFZCqohRW3Ii8jpFWM3mQlIuIgipfflqPT3jNWPhXUbVzlZ7LCD-Y3_NU9NObrNJJ2RRHEu42gh1YLhRdBZf1DL_8TjLQ7E2U47oOS2J0XGLMM04Vlq28d4AQBgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDD6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2CBmCDKigADE2Y9lnsQcXqOqJTUg%26client%3Dca-pub-3831894559014614%26adurl%3D
Frame ID: 5B648ABCE4D93E5FF4549E2F842B1704
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F5A05199810ED146493CDDDFAC4CCD02
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMKuGKiIVvzQy0kqCVKZxvmtgqPUcXwXTxk6WwymBKZ0xhb19njr71eWJ3prVNJd0sZI1zpT-xgdXD0AYhnLTGxURYZ1aV6okQAf8sMBw1dmMMk_quBZKOevHymORbxuvoMnjzgrEgnPYwVfR_gSSWtleaIyPwQk8F9eS8r_bfcLHWDN62v8iY99Qo3olwMQyp0b2qlFDbC1yFvV9BcuxUagHYcX9iUroFPJi7H6BUnlVp-c_Tj2q9KbOrihmlbca7vHUi-nY3GJdF8Ezexq2B5tgKqYrJ7t545RD7se1KUb2_vuiOUgj6eSTLkm1V1hUCrFfcrbXCvCd-2HDB4Lc2UHtyvKMUsJJfK_8vRvBzU2ZWSjNG_RGcoqFN87EfdAukN3Iw47RUI8lWJfWKa7FMXNQ&sai=AMfl-YTvjN5pe9ynHpgYRJaFWE7tmZffbvfbxFTFQNredYE_U5PJKEzbXu9j_0yt2poy7KlrwlHgwfbI7Y9htmYfoA9L5M5yy4FvCbafV0UUxu3mRdFbV89DfrI7h__PhQs&sig=Cg0ArKJSzEg1uMZwvLucEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: BA0B2AB3D8A254D575072B752CD905DD
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssl_a-Znk9hlsyOWbDygJGWsJq8LrNpLtNyam8MgJPQVykRuQdgNDrxSfxgtJ0Gcd9AxIpFcswoovqv52hw2lhYsE9G595_SgiUtJYeP82AICIOpo38yGDjpcsYSxctI_sTO7RV3YqfpYRQ7lQYPXD9NDTWV3rtMXT7DfmutB4QeJqbdKmwSEkQcsV2ZOyLONUzt9oH3iGBqIo9BXLsNc1f9uVDIOKIkpna22l8vRdIXuqqr-BUzjZMUNBwArKJfWonT-HUIqfCFNDmX2BlLVQ4YqlG8Kt0NbUviuRPwSnJsMMO-MbLD_8c_xIFaUEZHM6Q1lOCWiBEAIL_lO_EVDp7vwpLjgLX7m0klBs-Ms-CCZszgusIP6J2z2vUKp7-OQ2AKnOOBzTMxRU33vIV9PZwBPM&sai=AMfl-YS1s9B_O12S84ZgqSsD4DO4zGYsM911EF2yvnKcMvL_YuWMcXad4g7oiq4LPB1E3oRPhXxqWixz8w63z8o2gQbmcXDT7-Ie-AIyKA12ZTVIH5Q6qU4OTzTyT5b9RA&sig=Cg0ArKJSzAwEtRs9ic8TEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 5276FB917EB4B36A34DA4843F31B81F6
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kgPu8ucFjQWm9sPwItG3xGC9C84b-jPcUt_enD3F6OI.js
Frame ID: BC9A9A1C6B797B6A734D227591D548C2
Requests: 1 HTTP requests in this frame

Frame: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F0F8883DCAE08E1C76B3661F7B1E161A
Requests: 24 HTTP requests in this frame

Frame: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: CB01F71A04C90EF287358EEBF84AE54D
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXplIsXLcD4ykLydkTeRPvBpVvrnmPiXOexDHJy8asPnDhggwO9fijPsN252AAToAWAZZ6uRIYOz1vKjjfhBN5DuybJsWS488DzMHyTT_cb0mO5MhNENUmL38fyXVsV_FO_oHz7gs28J0eTqnlmtvpsyYkTrxT9l9BiLbAu7QWIy3WBFZLd9IZ_FJzuj1pVhVCur2wAEeFFqE-Cgq4FVEjqd1UthQ
Frame ID: D2F44E802603D413078C10CD3ACCB056
Requests: 5 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodwAMyqQKhZuSAAq1Qhl5GcNEjpTWmXcxlQ&u=%7C%2FBQyUNtUA%2B7lD54J6S56Ami7Rzj%2B3rk9uipSoJCnCCc%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVJ1_mLSg5t2RHThGC1MU6dKeg3-Gpk8zkM4W3y7D9b2afwlvn-3EmNGipJo7_Q3-d4dYdiEQXshzUvjwbIZ-YSEUqURZQtXYWw8JmwXl6G0pAaVrmAmJB5JGxUHK_yqtavIDyxm1VwvzO5-XJ_hAKJEEmcdYgzGV6s7hsXcKDmex03dlVrbadQMM-Ka55cbwxrvAn7imJidjDLf9SpiDi9UZDkiMltP0b1ELWCLHA19iHXw5xdPC9qAwk3yEhJ8YFmpYlhoSCJ1WttoyMCUv-5QOl9f6WEqveVSaKJXE44mi4KPJpvtO0aGiOyR0k1WN3uoY8XAQBfE4nwwNaMjZ3073PjezBugDYQoO68kWJbF7wOUtUXmeGEJzzqZwAVQ5KGwq8eOLyAO-0ePb4w55iCKu1l_2OrA2VIMjCLGHGvyN50u6crtsvzfQ58MSDrWUdpTG8OnifWwAODZTU-Uo9y1EjO9UOccctLyt5O2W2hCxX1OvLUm_YCUdf0tbLrrh9HbTGWrIxkn1n6DiiRuz-Rs9Mwz48RqHC8PaLYkAzkaQA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZnTIdygMZaSVM5K3lgTC6qrQDsme0rFclaKX93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0yAEJqQIhIj1b4eGxPuACAKgDAcgDAqoEhwNP0GhnC3FZ3GgEe0A1fifjqNRGXDI0QjP4NVf56UJsa2O-iVyiCqwcIMo1z0jLV0z3tjIKMAAQ7H4avt5bLomdepoBMM4Hg3tnX4cacxzeYbtEU4LofHxZ8xP5nCvLU1Y2_WxasttYb0jF7LobPtBhzWY_Mg35G8NbLfguFUi1SKuu9VyM-nf-xVBF-rSzfXONmy3xekubB8SAVUZLTQ6yMlx9Via9CrOEAGObZtxk3u2sr1U6SUaM6el-rChsO-UoVTAmT8hTlTdilHZZBtB9qX9d2hSBImG2S8S8aFVDKTlTayaqJbMpdSaxkbS9Cg8mmuQt-AuY1hHLIc7fgC6CempGHaB7GjF77niIsyXRx-D1bneD2eAPVY2bfjOGypa5UORO0w2b0QPaMrDr3226AcfDC87YyXJJbzo5MZ6DnSATusrIB2vBUxxaT_8rn2L5UuxravxuBlZTaONA7BjxG0RuQpJW6jFEbosGcA2uBzsfFfpWApoGrcGHV5oYNwad9kCDhqDo4AQBgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDD6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3letTf1NCToVS2AfVLAJAgWRXjHg%26client%3Dca-pub-3831894559014614%26adurl%3D
Frame ID: B0E42A1BD219DE2A00A05A3E5C3CF1D2
Requests: 29 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6ADA8C6924C7DD0751DD4686F5C2249D
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 29B3BF960A7A2891E5D375BE8F84CFC6
Requests: 3 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: C809E91A04FF85443D2F4396210677C7
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=49465100060433704444990012454011&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: F8D7E2189B1EC6651C7C79BCB092EE05
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3111259052
Frame ID: 679A1EE3361668F558B00358C97E7D6A
Requests: 2 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CM7C2qTMu4EDFW4TogMdiTwH8w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909
Frame ID: DC3A9F5F49E4F6B598B5E11109E2731B
Requests: 2 HTTP requests in this frame

Frame: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
Frame ID: 2CC9B2C1002465E0E4DB3822F20B29E1
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 36B8C8FCDE5700A57A295E63927B1E52
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7C5DB679FDA672CB73BF9FCDE7F72BFD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F726F183D40BB03B3D78C547F40D7953
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

5+ Salon Kecantikan & Perawatan Rambut di Purworejo Klampok, Banjarnegara - BelajarMakeup.com

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Zepto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

zepto.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

378
Requests

91 %
HTTPS

43 %
IPv6

51
Domains

82
Subdomains

64
IPs

11
Countries

18243 kB
Transfer

22643 kB
Size

29
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://widgets.mgid.com/?utm_source=www.belajarmakeup.com&utm_medium=referral&utm_campaign=widgets&utm_content=1027625

Search URL Search Domain Scan URL

URL: https://www.mgid.com/services/privacy-policy

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/17111858/i/57362352/0/pp/1/1?h=Ftm3yX-g6Ecu6Ql96hp4cI-jR63PWL6QpU0oAX01UYD5P6DHQxmtIecS0O_d6TVwhrw8I2h13KtfGkEs9pwx1Q**&rid=bfe6606a-5871-11ee-8d6b-e43d1a2a53a0&tt=Direct&att=3&cpm=1&iv=11&ct=1&gdprApplies=1&st=120&mp4=1&h2=lhYiY_ofmgUB0niIDuRJVw37fxoOnrDH2eShcbwW0Pk*

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/17060522/i/57362352/0/pp/2/1?h=Ftm3yX-g6Ecu6Ql96hp4cG7Mh7BLQORjN_GNYkoJduSzro6Chva3YWarCVYLhAgobSKDxwZ5ET9CqYaqDHHt2A**&rid=bfe6606a-5871-11ee-8d6b-e43d1a2a53a0&tt=Direct&att=3&cpm=1&abd=1&iv=11&ct=1&gdprApplies=1&st=120&mp4=1&h2=lhYiY_ofmgUB0niIDuRJVw37fxoOnrDH2eShcbwW0Pk*

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/17263023/i/57362352/0/pp/3/1?h=Ftm3yX-g6Ecu6Ql96hp4cAgE8fiBmvlue0SImQ0rB5J2_1bhN6RzfZLxzxZ9irkTsxj3m2OzBWpKuKk3Zpmo9g**&rid=bfe6606a-5871-11ee-8d6b-e43d1a2a53a0&tt=Direct&att=3&cpm=1&iv=11&ct=1&gdprApplies=1&st=120&mp4=1&h2=lhYiY_ofmgUB0niIDuRJVw37fxoOnrDH2eShcbwW0Pk*

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/16675892/i/57362352/0/pp/4/1?h=Ftm3yX-g6Ecu6Ql96hp4cLmhpUPdDGrJjqb5069EMDttpDRL5FUql9iBaoiFrx84PoFsIeNfnhIFTEP3xGB_8A**&rid=bfe6606a-5871-11ee-8d6b-e43d1a2a53a0&tt=Direct&att=3&cpm=1&iv=11&ct=1&gdprApplies=1&st=120&mp4=1&h2=lhYiY_ofmgUB0niIDuRJVw37fxoOnrDH2eShcbwW0Pk*

Search URL Search Domain Scan URL

URL: https://click.accesstra.de/adv.php?rk=0098cg0007z1

Search URL Search Domain Scan URL

URL: https://id.belajarmakeup.com/feed

Search URL Search Domain Scan URL

URL: https://id.belajarmakeup.com/
Title: Toko Kosmetik & Makeup

Search URL Search Domain Scan URL

URL: https://id.belajarmakeup.com/cibeunying-kidul-bandung/
Title: Toko Kosmetik, Alat dan Bahan Makeup di Cibeunying Kidul, Bandung

Search URL Search Domain Scan URL

URL: https://id.belajarmakeup.com/bunga-mayang-lampung-utara/
Title: Toko Kosmetik, Alat dan Bahan Makeup di Bunga Mayang, Lampung Utara

Search URL Search Domain Scan URL

URL: https://id.belajarmakeup.com/kenohan-kutai-kartanegara/
Title: Toko Kosmetik, Alat dan Bahan Makeup di Kenohan, Kutai Kartanegara

Search URL Search Domain Scan URL

URL: https://id.belajarmakeup.com/jantho-aceh-besar/
Title: Toko Kosmetik, Alat dan Bahan Makeup di Jantho, Aceh Besar

Search URL Search Domain Scan URL

URL: https://id.belajarmakeup.com/simeulue-tengah-simeulue/
Title: Toko Kosmetik, Alat dan Bahan Makeup di Simeulue Tengah, Simeulue

Search URL Search Domain Scan URL

URL: https://www.idtheme.com/bloggingpro/
Title: Bloggingpro

Search URL Search Domain Scan URL

URL: https://www.gianmr.com/
Title: Gian MR

Search URL Search Domain Scan URL

URL: https://sulvo.com/?utm_source=https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/&utm_adtype=sticky_display&utm_medium=sulvo

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://imp.accesstra.de/img.php?rk=0098cg0007z1 HTTP 302
https://s3-ap-southeast-1.amazonaws.com/images.accesstrade.co.id/4e0cb6fb5fb446d1c92ede2ed8780188/430720_300x250%20%2882%29_20230201024916330.png

Request Chain 103

https://gum.criteo.com/sid/json?origin=publishertagids&domain=belajarmakeup.com&sn=ChromeSyncframe&so=0&topUrl=www.belajarmakeup.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=lXL0JHx2bXV4VytnckNGSFhTKysvWUFMUVJmSEp0MWNEeC9QT2t2K1BjbXZDTmdWcURoTVdhc0lsR0pzMnp1U2hnMUVablpSNWQ4aTMwNWJWZXdoZ3ltZ0t5QWV1Nzc5UTR5dmZRR3BRb3pDRk5FU09CU3YvMVF2aVBWRmtMbS9tUGtmYmNnYnBKcWJGVDUvbUswNkFlOUMrbXZWSWhPam12eWVJY29JbkFCZzBQb0VHQ1RuL3hqZ010L2VHNG1Mc1paTEFDczZQZHJFN29nZlIwNGIyUFBDcmdyZ2pURkVDeEFBVG82U25rSm0zRXZyOHlHT2JrN1VMUXBUeWxjS21xdi9QQjlSd2FPaDZkRVVLT0JBZHJTQm5iUENjSXVFVnBsemlTZ1dBbVZUSlFLMD18&cppv=2

Request Chain 208

https://securepubads.g.doubleclick.net/pagead/adview?ai=CSQ9WdigMZdipK4SZ9fgPj5-6wArfirOecrez-vqAEv6sxcXCARABIJWbyiFglQKgAe3S-twDyAEJqQJRvhI35texPuACAKgDAcgDywSqBJwDT9Bj0KYMyKg1_b8Za0ndObgKZPGNCd4pmMcIruuRqe-HOMdCjcq6CSbtwnzJPXfXidm94Qv6DRaSE_OXrF1sHqnWhEmT2CVmK_WndI8ISKSc3u5YoVNfBh9u2qRLqxD1L2iowQcF8h87VvHW5_OaGKBTrWRWZOY74CIClxfKOBt8Irs-LiHcH79k5mQ4tufoxoxuK-27dBwCziJGNUtZ-_oahhfRbQ4DJQ-gZHzeFvVAo_GDexrNWMYSKyPAD4Om7Z4rQ6y0XVBTCePiDTbOiNeZy3_cNmA0o16NYnO9nFkcvZIAvtldYP4eXNLqqrDXVL4PVgMfnxw-AvNAGYHsg9AgiuU15mhDX_8Ui9O19AFkipni0hF9fYN6Ugl5Ftm2Hj3wmNNcKvHmzhGcmjJQUX7ie1pdXvzim3ZuVgnDVYu7RhGaeGc4A9ZLlQubjGAM-AN8zm7EUsqqX83a8mCjP3Lxa8afUgkQC0qgfqG9Wri9QSxkoCzU-KtCYgqjo147j1_UnS49hLguLXK-ASllVN5_GjOV0WhIDfgN48AE2P_svukD4AQBiAWPk47BM5IFBAgEGAGSBQQIBRgEoAYugAf7rIUjqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQjaEN0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MJoJGGh0dHBzOi8vd3d3Lm1hLWJpa2UuY29tL4AKA8gLAbgTiATYEwrQFQGYFgGAFwGyFx4KHAgAEhRwdWItNzUwNzQzOTIzMzg2NTQxNRj9-RM&sigh=9j3NRFk6uuM&uach_m=[UACH]&ase=2&cid=CAQSSwBpAlJW-UTSEu8KX2_DEyk5ZDD_A4mImHeYgCCzfO1H5G2wNSPShu4MeE5ewV6xKBy9G090y77kab9d5H_rphZvfIGama9vr_A9DxgB&template_id=520&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214055956728149209734%22,%22debug_reporting%22:true,%22destination%22:%22https://ma-bike.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221000253805%22],%224%22:[%2209-21%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216071334514346407745%22}&andc=true

Request Chain 232

https://d5p.de17a.com/cookies/google?google_gid=CAESEKs9GaJzJVJGlQAh4ojhdUw&google_cver=1&google_push=AXcoOmQod6k-KJePPkm3BtHXGCCXgOeGzx_MXZGlTLfcK4wouUEaYh3IZI-iimgRafUl9DW_xN475GNdrA0Ltdf3deVmZBnYydM HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEKs9GaJzJVJGlQAh4ojhdUw&google_cver=1&google_push=AXcoOmQod6k-KJePPkm3BtHXGCCXgOeGzx_MXZGlTLfcK4wouUEaYh3IZI-iimgRafUl9DW_xN475GNdrA0Ltdf3deVmZBnYydM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQod6k-KJePPkm3BtHXGCCXgOeGzx_MXZGlTLfcK4wouUEaYh3IZI-iimgRafUl9DW_xN475GNdrA0Ltdf3deVmZBnYydM

Request Chain 235

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEImWqKekI0uu6EBL4PvEQZI&google_cver=1&google_push=AXcoOmRQIxjDlecNYvJITZTBukvrkjCBwW3HxGpCXHUyb92ue0nJzdTXrelRDbcZELVBxg11LgqbgmbCtaNhtCRfEPyb9zWMsd4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRQIxjDlecNYvJITZTBukvrkjCBwW3HxGpCXHUyb92ue0nJzdTXrelRDbcZELVBxg11LgqbgmbCtaNhtCRfEPyb9zWMsd4 HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 236

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESEA3EEB5oqRUZCB5kQo0we14&google_cver=1&google_push=AXcoOmTB3NVRSPf0wz1LrV3t289W9XHLX7czZVJkqvJ_QzHtZNwhT1_gOt_DxN3BwYeWOSRWjUIuHS-ea4-t-rvyTZwpgITXv6lL HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=335c1656-a319-4d22-87d9-c95a84bdd15d&google_cver=1&google_gid=CAESEA3EEB5oqRUZCB5kQo0we14&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmTB3NVRSPf0wz1LrV3t289W9XHLX7czZVJkqvJ_QzHtZNwhT1_gOt_DxN3BwYeWOSRWjUIuHS-ea4-t-rvyTZwpgITXv6lL&gdpr=${GDPR}

Request Chain 237

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEBAkF7tvzPdggSQ-SUuQImM&google_cver=1&google_push=AXcoOmR4kj2AjUJF7ENUHDHGu6s0wGH9bs3fEj52C_0xnSVCsekf8_ItZY6iDB4Hc55tfP_t87OTRWrdS-x9EAKw0sjPPLuAbGvh HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmR4kj2AjUJF7ENUHDHGu6s0wGH9bs3fEj52C_0xnSVCsekf8_ItZY6iDB4Hc55tfP_t87OTRWrdS-x9EAKw0sjPPLuAbGvh

Request Chain 295

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpDUYjZec1kbP-NcJrTseQ&google_cver=1

Request Chain 296

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZQwoeKhTU0mByXTvkI-RtQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpDUYjZec1kbP-NcJrTseQ&google_cver=1

Request Chain 297

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECHKtM3-lo_ap28j3KAVJ1c&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECHKtM3-lo_ap28j3KAVJ1c%26google_cver%3D1

Request Chain 298

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2NzU3NTk3MTE4NjY4NDk5OA%3D%3D

Request Chain 305

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTNHxUM_8tnJCPadNpYGzJW9YEqkgiv51sT_TqzWCzJBbs4YVTDip82yXN07-jZ0Aw7vYZlGrVEjdbktaEqTTt92udASyRw&google_gid=CAESEGJJ4K3TxrPfz-XpecE7q4s&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-_Njh10B3zynurw3uR8322_BaGgughLKFJxF--g&google_push=AXcoOmTNHxUM_8tnJCPadNpYGzJW9YEqkgiv51sT_TqzWCzJBbs4YVTDip82yXN07-jZ0Aw7vYZlGrVEjdbktaEqTTt92udASyRw

Request Chain 306

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEFBXrgFzrhJnq4ZAYK88qJU&google_cver=1&google_push=AXcoOmQPO8oFi_7wZzwRUKb-eDIIfP603124blW-Dz_tCBnjHWsWzsubWmjylaL1mHJ09s0yk6eokN0knY9LCbuDT97dhU5yrO0n HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEFBXrgFzrhJnq4ZAYK88qJU&google_push=AXcoOmQPO8oFi_7wZzwRUKb-eDIIfP603124blW-Dz_tCBnjHWsWzsubWmjylaL1mHJ09s0yk6eokN0knY9LCbuDT97dhU5yrO0n&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQPO8oFi_7wZzwRUKb-eDIIfP603124blW-Dz_tCBnjHWsWzsubWmjylaL1mHJ09s0yk6eokN0knY9LCbuDT97dhU5yrO0n&google_hm=QTJDNkxrS1pDV0J1RDh5dVJCUHo=

Request Chain 307

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEChO217v1J8aycX0tRJYEnE&google_cver=1&google_push=AXcoOmQQe23z49EKJgL_y7k6yNrgqe8lA_Te035GwJdPy4WChEZjMJMJkk2KC3iKKw-xRBK_pT1LYTs2kMGvT8Po90miJi92f60F HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEChO217v1J8aycX0tRJYEnE&google_cver=1&google_push=AXcoOmQQe23z49EKJgL_y7k6yNrgqe8lA_Te035GwJdPy4WChEZjMJMJkk2KC3iKKw-xRBK_pT1LYTs2kMGvT8Po90miJi92f60F&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQQe23z49EKJgL_y7k6yNrgqe8lA_Te035GwJdPy4WChEZjMJMJkk2KC3iKKw-xRBK_pT1LYTs2kMGvT8Po90miJi92f60F&google_hm=HW6OpGZHog_BP2MLTTiZ6FoJ

Request Chain 309

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMwHjbfS4LrdO7h_7hRfKBM&google_cver=1&google_push=AXcoOmQVKCG8eys4wuCRn7zDb5oupfPIV9F-webCkRT2i9cPUrkyPhTdq8uocsVkEub3rb5f0smEcLRYPHPMGcV3gGyYVL-RSX8aUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQVKCG8eys4wuCRn7zDb5oupfPIV9F-webCkRT2i9cPUrkyPhTdq8uocsVkEub3rb5f0smEcLRYPHPMGcV3gGyYVL-RSX8aUQ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 351

https://hal900011.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCFCIQdygMZaOHKbyi9fgPlZekuAum5b2gaZWTnKfJD_AuEAEglZvKIWCVAsgBCakCWDswZyTYsT6oAwHIA5sEqgSnAk_QEUnmNEivlABvrUl1yjjhgXHodGEzloFGli5TXVPgq0LlqlZ_gqjpD1TwAwCvdm9zW1qPbGI5ZAEIWrnV2WfLgLRaYPTfAhijowstC_59si-cq6-Cx2BvgdaoDTdehZ5PTUXpUkpU4wMa6Vw_UxA-46n5ASlu4QvCJ2S-qUdKUrQC0DG_ClYKs2n9W6vD_Ri6bMPAqxmSv_IYJSDWx2K_pbads_vLCgmgdsx7ZcOMhXaqprvnqNav13sbmeTArBodINSHntnUGdTK6S7OzGwUklcwtIGbyX2yMxFEAfqTqejCR6umnaIQIrbcfX1ZI1zbxDF_yougw4gmEJUYkoK1C1LMhvbxg2BDCy0fve38YfjyV32F1jSDYbbTl44adaKp-CD4kMTABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgOYCwHICwGADAGqDQJERcgNAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMI457wo8y7gQMVPFEdCR2VCwm3EAEYASAAEgLJwPD_BwE%26num%3D1%26cid%3DCAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB%26sig%3DAOD64_02BkOBfIj4deEzaYVHLvfoHxqszA%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-AczvIztoHkCmk4-Yx_wNT7XRh3RZshWWMDxQ0IpALvKHCiLMWwOrz4O-LSdRI8o_DxsWS_64K9DN0JFelslTxStlW12D09kHSxYNN1OxP5lq7yvz5PrlhkeEMGpop8Qy695zYXuoi4tEsYa594ZDjKfc2bRR05_nDMoMh3JVy3peZVQJE%26cry%3D1%26dbm_d%3DAKAmf-D0AK6A9GnnJ3E5Gj7VRkURtu93w-uTGwhhpGxHkMn91DaFq4_PfbwXgmrD2nHw1I74MsxHUfqO_heZLfjewZGnXCwDGpWYbnps0Kmd-MjKon7vItFA93XvEdkJzaqfPBrwpRErHa-DDnalYh3HBB88X_M0CMswx_woFbRbjtuVnSulZGaKWogsZSR_pbNeJYbWJFLMkyYYCtpf26bCwufmIWtADR6ByigjnX3xyAl6DstoEdacuk8G62c60MlTRBKi94pqGZ62UCsP3LqBt5GHUs-3vZlJQeaItD1ILNzRl8TuZIJ_H3W1lZepoUf0dBs1Va5Txhk9Y3bnsh9dsCAwx5pYYaeEUP7CMN4e1K2GaPoYWh6CLqwlNt2u34PAHds_6inIiVh3M7SL0jiwsjzNUUhjgCuLxaaVBs4DMsTUxB4xdDcq1GK7hogBwpz317fN8WQ2HqxgQM5iAsvytVAcj7jJUzpSjKNkWibp4l86x6EFNlRXwV_YDptz2r4CZixvOfwnCQU8IQyfu5YzNG1wSrCEw3cmLHMPlakJiNUhmIKvSDInIY8V-9k0gvpImukiz7a3nkLX1-siHwnmsPOcbSstxHhQ_kAyiOfZkGemp6RNcMk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.belajarmakeup.com%2F&ancestorOrigins=https%3A%2F%2Fwww.belajarmakeup.com&random=4722467057404&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900011.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCFCIQdygMZaOHKbyi9fgPlZekuAum5b2gaZWTnKfJD_AuEAEglZvKIWCVAsgBCakCWDswZyTYsT6oAwHIA5sEqgSnAk_QEUnmNEivlABvrUl1yjjhgXHodGEzloFGli5TXVPgq0LlqlZ_gqjpD1TwAwCvdm9zW1qPbGI5ZAEIWrnV2WfLgLRaYPTfAhijowstC_59si-cq6-Cx2BvgdaoDTdehZ5PTUXpUkpU4wMa6Vw_UxA-46n5ASlu4QvCJ2S-qUdKUrQC0DG_ClYKs2n9W6vD_Ri6bMPAqxmSv_IYJSDWx2K_pbads_vLCgmgdsx7ZcOMhXaqprvnqNav13sbmeTArBodINSHntnUGdTK6S7OzGwUklcwtIGbyX2yMxFEAfqTqejCR6umnaIQIrbcfX1ZI1zbxDF_yougw4gmEJUYkoK1C1LMhvbxg2BDCy0fve38YfjyV32F1jSDYbbTl44adaKp-CD4kMTABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgOYCwHICwGADAGqDQJERcgNAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMI457wo8y7gQMVPFEdCR2VCwm3EAEYASAAEgLJwPD_BwE%26num%3D1%26cid%3DCAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB%26sig%3DAOD64_02BkOBfIj4deEzaYVHLvfoHxqszA%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-AczvIztoHkCmk4-Yx_wNT7XRh3RZshWWMDxQ0IpALvKHCiLMWwOrz4O-LSdRI8o_DxsWS_64K9DN0JFelslTxStlW12D09kHSxYNN1OxP5lq7yvz5PrlhkeEMGpop8Qy695zYXuoi4tEsYa594ZDjKfc2bRR05_nDMoMh3JVy3peZVQJE%26cry%3D1%26dbm_d%3DAKAmf-D0AK6A9GnnJ3E5Gj7VRkURtu93w-uTGwhhpGxHkMn91DaFq4_PfbwXgmrD2nHw1I74MsxHUfqO_heZLfjewZGnXCwDGpWYbnps0Kmd-MjKon7vItFA93XvEdkJzaqfPBrwpRErHa-DDnalYh3HBB88X_M0CMswx_woFbRbjtuVnSulZGaKWogsZSR_pbNeJYbWJFLMkyYYCtpf26bCwufmIWtADR6ByigjnX3xyAl6DstoEdacuk8G62c60MlTRBKi94pqGZ62UCsP3LqBt5GHUs-3vZlJQeaItD1ILNzRl8TuZIJ_H3W1lZepoUf0dBs1Va5Txhk9Y3bnsh9dsCAwx5pYYaeEUP7CMN4e1K2GaPoYWh6CLqwlNt2u34PAHds_6inIiVh3M7SL0jiwsjzNUUhjgCuLxaaVBs4DMsTUxB4xdDcq1GK7hogBwpz317fN8WQ2HqxgQM5iAsvytVAcj7jJUzpSjKNkWibp4l86x6EFNlRXwV_YDptz2r4CZixvOfwnCQU8IQyfu5YzNG1wSrCEw3cmLHMPlakJiNUhmIKvSDInIY8V-9k0gvpImukiz7a3nkLX1-siHwnmsPOcbSstxHhQ_kAyiOfZkGemp6RNcMk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.belajarmakeup.com%2F&ancestorOrigins=https%3A%2F%2Fwww.belajarmakeup.com&random=4722467057404&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 355

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=49465100060433704444990012454011&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3111259052

Request Chain 367

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CM7C2qTMu4EDFW4TogMdiTwH8w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909

Request Chain 378

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmScNHE0Wri5dc0ALlCk2-JYvH8Bsx5cR3Qwrq-LrlN0X8Jt5weUkYi_bUNA0Q8xtTM7bhE8i518iaofPUC05GrpMt4X5f-X&google_gid=CAESEGJJ4K3TxrPfz-XpecE7q4s&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-_Njh10B3zynurw3uR8322_BaGgughLKFJxF--g&google_push=AXcoOmScNHE0Wri5dc0ALlCk2-JYvH8Bsx5cR3Qwrq-LrlN0X8Jt5weUkYi_bUNA0Q8xtTM7bhE8i518iaofPUC05GrpMt4X5f-X

Request Chain 379

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEFBXrgFzrhJnq4ZAYK88qJU&google_cver=1&google_push=AXcoOmTvW9qS-MzhX06kLeCEYHhc_VZzeUGdD797PmVjAUhFggjMdr_dMQK0Tlu4AimCmPioKjbVM8-T9tboT4keaJyfLKU_Jpfj HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmTvW9qS-MzhX06kLeCEYHhc_VZzeUGdD797PmVjAUhFggjMdr_dMQK0Tlu4AimCmPioKjbVM8-T9tboT4keaJyfLKU_Jpfj&google_hm=QTJDNkxrS1pDV0J1RDh5dVJCUHo=

Request Chain 380

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEChO217v1J8aycX0tRJYEnE&google_cver=1&google_push=AXcoOmRmYD451Eq4yUZYXCrrCK0Y8dbywgullMTrXZ1EWqkxpaGZhNc2q5-tuvrpiPi964n5GxZ7MztKm1TA4hpmvwNpN3RB_3I7 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRmYD451Eq4yUZYXCrrCK0Y8dbywgullMTrXZ1EWqkxpaGZhNc2q5-tuvrpiPi964n5GxZ7MztKm1TA4hpmvwNpN3RB_3I7&google_hm=HW6OpGZHog_BP2MLTTiZ6FoJ

Request Chain 382

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMwHjbfS4LrdO7h_7hRfKBM&google_cver=1&google_push=AXcoOmS4WXwwL-0Ahi2jiEPGTa6ozvjeVllgDwvb-Ndk-DzGSw19KPaGE2eLgIXWnjdiPmN8gE7rBBTF5MfmVKUxCZqRJIgQvl8fuA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS4WXwwL-0Ahi2jiEPGTa6ozvjeVllgDwvb-Ndk-DzGSw19KPaGE2eLgIXWnjdiPmN8gE7rBBTF5MfmVKUxCZqRJIgQvl8fuA HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

378 HTTP transactions
26 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/ 47 KB
11 KB 123ms
12ms Document
text/html 136.243.56.135
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.243.56.135 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.135.56.243.136.clients.your-server.de
Software: LiteSpeed /
Resource Hash: df0d6388a427c5486152d297fcdf88e53b2af09729382be8d7cfcb258fe625de

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 21 Sep 2023 11:26:43 GMT
etag: "611161-1695122567;br"
link: <https://www.belajarmakeup.com/wp-json/>; rel="https://api.w.org/" <https://www.belajarmakeup.com/wp-json/wp/v2/posts/5174>; rel="alternate"; type="application/json" <https://www.belajarmakeup.com/?p=5174>; rel=shortlink
server: LiteSpeed
vary: Accept-Encoding,User-Agent
x-litespeed-cache: hit

GET
H2 200 autoptimize_4f2df54979e0f8ec26533239150c2262.css
www.belajarmakeup.com/wp-content/cache/autoptimize/css/ 192 KB
35 KB 13ms
11ms Stylesheet
text/css 136.243.56.135
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.belajarmakeup.com/wp-content/cache/autoptimize/css/autoptimize_4f2df54979e0f8ec26533239150c2262.css
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.243.56.135 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.135.56.243.136.clients.your-server.de
Software: LiteSpeed /
Resource Hash: d317afe3bd41a42fa95ab022cee15717cfb12f75a63459a0b9aa90f611aecb8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:43 GMT
content-encoding: br
last-modified: Thu, 24 Aug 2023 04:38:16 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=30672000,public, immutable
accept-ranges: bytes
content-length: 35228
expires: Tue, 10 Sep 2024 11:26:43 GMT

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 45ms
19ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro%3Aregular%2Citalic%2C700%2C300%7CNews+Cycle%3Aregular%2C700%26subset%3Dlatin%2C

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ac3c5479912462d1736e6ad9360aac31b7595247426cfcc0652b53452097b4cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 21 Sep 2023 11:26:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 21 Sep 2023 11:26:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 21 Sep 2023 11:26:45 GMT

GET
H2 200 jquery.min.js Show response
www.belajarmakeup.com/wp-includes/js/jquery/ 88 KB
30 KB 25ms
24ms Script
application/javascript 136.243.56.135
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.belajarmakeup.com/wp-includes/js/jquery/jquery.min.js
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.243.56.135 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.135.56.243.136.clients.your-server.de
Software: LiteSpeed /
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:43 GMT
content-encoding: br
last-modified: Sun, 13 Nov 2022 23:54:57 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 30324
expires: Thu, 28 Sep 2023 11:26:43 GMT

GET
H2 200 up.js Show response
live.demand.supply/ 5 KB
3 KB 255ms
226ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/up.js
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 858fbf83e99a035f695b945086df091d52657d5503f53215fc7dd2446e753926

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HAAPFKXS6C0TWVX10X7HF12W
date: Thu, 21 Sep 2023 11:26:45 GMT
content-encoding: br
cf-cache-status: HIT
age: 1038
cf-polished: origSize=4393
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"6eaa5f6c66d357f2e362fb93e5e9eaf5-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray: 80a1f47fa9916927-FRA
link: <https://live.demand.supply/impl.v17.15.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v17-10-0/d3d3LmJlbGFqYXJtYWtldXAuY29tLw==>; rel=preload; as=script
timing-allow-origin: *

GET
H3 200 Bm-removebg-preview.png
www.belajarmakeup.com/wp-content/uploads/2020/10/ 7 KB
7 KB 13ms
13ms Image
image/png 136.243.56.135
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.belajarmakeup.com/wp-content/uploads/2020/10/Bm-removebg-preview.png
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 136.243.56.135 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.135.56.243.136.clients.your-server.de
Software: LiteSpeed /
Resource Hash: d762eda914152a5a0a38c18b8ee098a44f0135571ce94bb9de34f5c860981ca9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:43 GMT
last-modified: Fri, 16 Oct 2020 08:19:17 GMT
server: LiteSpeed
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 6690
expires: Thu, 28 Sep 2023 11:26:43 GMT

GET
H3 200 Bmicon-removebg-preview.png
www.belajarmakeup.com/wp-content/uploads/2020/10/ 4 KB
4 KB 12ms
11ms Image
image/png 136.243.56.135
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.belajarmakeup.com/wp-content/uploads/2020/10/Bmicon-removebg-preview.png
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 136.243.56.135 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.135.56.243.136.clients.your-server.de
Software: LiteSpeed /
Resource Hash: d4e2573fb08e0da93cae34ca6717d319d1c16386006bf6245a9c0e213149da38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:43 GMT
last-modified: Fri, 16 Oct 2020 08:19:17 GMT
server: LiteSpeed
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4048
expires: Thu, 28 Sep 2023 11:26:43 GMT

GET
H2 404 49332793888_8a5840c330_z.jpg
i0.wp.com/live.staticflickr.com/65535/ 65 B
65 B 160ms
133ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.wp.com/live.staticflickr.com/65535/49332793888_8a5840c330_z.jpg?w=1140&ssl=1
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nc: EXPIRED hhn 1
date: Thu, 21 Sep 2023 11:26:45 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 200 belajarmakeup.com.1027625.js Show response
jsc.mgid.com/b/e/ 3 KB
2 KB 227ms
199ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/b/e/belajarmakeup.com.1027625.js

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81d104905898809cf555d82520bcd0611dbbe441f5798f63e2b5f634b365c0b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:45 GMT
x-amz-version-id: 0yucnyVgWIahGPNxFqb_RcArCa8.7mNV
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: YWDHTD6M1DMFQRRF
cf-polished: origSize=3512
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: qoLwbsnc9Uzd4d53vTnXfzJH84QKLsmLnieyRNsQULLTtac/HeehZMEkzA1iDukKAK8wEKtbHOA=
cf-bgj: minify
last-modified: Mon, 11 Sep 2023 10:49:20 GMT
server: cloudflare
etag: W/"1c7846249ad789e39bd683a90f9a56ff"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 80a1f4802e22362b-FRA
expires: Thu, 21 Sep 2023 14:26:45 GMT

GET
H2 404 50377386876_e6c6022d39_z.jpg
i0.wp.com/live.staticflickr.com/65535/ 65 B
65 B 165ms
138ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.wp.com/live.staticflickr.com/65535/50377386876_e6c6022d39_z.jpg?w=1140&ssl=1
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nc: EXPIRED hhn 4
date: Thu, 21 Sep 2023 11:26:45 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 404 50377386941_75f7e8f4f7_z.jpg
i0.wp.com/live.staticflickr.com/65535/ 65 B
65 B 155ms
129ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.wp.com/live.staticflickr.com/65535/50377386941_75f7e8f4f7_z.jpg?w=1140&ssl=1
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nc: EXPIRED hhn 3
date: Thu, 21 Sep 2023 11:26:45 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 404 49333485142_6976dfc56d_z.jpg
i0.wp.com/live.staticflickr.com/65535/ 65 B
65 B 173ms
147ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.wp.com/live.staticflickr.com/65535/49333485142_6976dfc56d_z.jpg?w=1140&ssl=1
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nc: EXPIRED hhn 4
date: Thu, 21 Sep 2023 11:26:45 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 404 50411901351_ebd2298621_z.jpg
i0.wp.com/live.staticflickr.com/65535/ 65 B
65 B 162ms
136ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.wp.com/live.staticflickr.com/65535/50411901351_ebd2298621_z.jpg?w=1140&ssl=1
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nc: EXPIRED hhn 2
date: Thu, 21 Sep 2023 11:26:45 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

430720_300x250%20%2882%29_20230201024916330.png
s3-ap-southeast-1.amazonaws.com/images.accesstrade.co.id/4e0cb6fb5fb446d1c92ede2ed8780188/
Redirect Chain

https://imp.accesstra.de/img.php?rk=0098cg0007z1
https://s3-ap-southeast-1.amazonaws.com/images.accesstrade.co.id/4e0cb6fb5fb446d1c92ede2ed8780188/430720_300x250%20%2882%29_20230201024916330.png

30 KB
31 KB

529ms
170ms

Image
image/png

52.219.125.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-1.amazonaws.com/images.accesstrade.co.id/4e0cb6fb5fb446d1c92ede2ed8780188/430720_300x250%20%2882%29_20230201024916330.png
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: HTTP/1.1
Server: 52.219.125.74 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: c932b035051f092ce711f18131794928fa674b91f4292c11deffa7b733af2fae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:47 GMT
Last-Modified: Wed, 01 Feb 2023 02:49:17 GMT
Server: AmazonS3
x-amz-request-id: 630720S6H3XY7YMG
ETag: "93279a6760b849433e2a2db7101f8979"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 31222
x-amz-id-2: oEnpJ6w3+3CcUu9T4Xl/99yLAEWPz9ZLW9B63NO9Mb+c3Ygk553JRObHYxKkDZmtGmxKvI2630Q=

Redirect headers

location: https://s3-ap-southeast-1.amazonaws.com/images.accesstrade.co.id/4e0cb6fb5fb446d1c92ede2ed8780188/430720_300x250%20%2882%29_20230201024916330.png
date: Thu, 21 Sep 2023 11:26:46 GMT
server: Apache/2.4.7 (Ubuntu)
x-powered-by: PHP/5.5.9-1ubuntu4.26
content-length: 0
content-type: text/html

GET
H2 200 PasangIklan.png
i0.wp.com/www.belajarmakeup.com/wp-content/uploads/2022/08/ 4 KB
4 KB 33ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.belajarmakeup.com/wp-content/uploads/2022/08/PasangIklan.png?w=1140&ssl=1

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

ac71e808efbc097128b986fcf6eefe862ce1114e4778618e83774160a58eef84

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Thu, 21 Sep 2023 11:26:45 GMT
x-content-type-options: nosniff
last-modified: Thu, 21 Sep 2023 10:30:30 GMT
server: nginx
etag: "c0ad386c633d5fb5"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.belajarmakeup.com/wp-content/uploads/2022/08/PasangIklan.png>; rel="canonical"
content-length: 4096
expires: Sat, 20 Sep 2025 22:30:30 GMT

GET
H2 200 e-202338.js Show response
stats.wp.com/ 7 KB
3 KB 34ms
8ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202338.js
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Thu, 21 Sep 2023 11:26:45 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684464982353.1523
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 16 Sep 2024 03:33:22 GMT

GET
H3 200 autoptimize_da9aa16acf1dfbe03eb96a278633c7b3.js Show response
www.belajarmakeup.com/wp-content/cache/autoptimize/js/ 61 KB
16 KB 13ms
12ms Script
application/javascript 136.243.56.135
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.belajarmakeup.com/wp-content/cache/autoptimize/js/autoptimize_da9aa16acf1dfbe03eb96a278633c7b3.js
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 136.243.56.135 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.135.56.243.136.clients.your-server.de
Software: LiteSpeed /
Resource Hash: 48782d29803eecb3f8ba7b55981a988258f8d1a9f19e67a08114548ce1ad8008

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:43 GMT
content-encoding: br
last-modified: Wed, 07 Jun 2023 04:43:14 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=30672000,public, immutable
accept-ranges: bytes
content-length: 16350
expires: Tue, 10 Sep 2024 11:26:43 GMT

GET
H2 200 sdk.js Show response
system-notify.app/f/ 51 KB
14 KB 53ms
18ms Script
application/javascript 157.90.33.68
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://system-notify.app/f/sdk.js?z=360489
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.33.68 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: sub1.1push.io
Software: nginx /
Resource Hash: e8f86ced4bf118125af6d06cda5c251b474bf497c69b807fd01fdf141a34a470

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:45 GMT
content-encoding: gzip
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate
server: nginx
content-length: 14074
content-type: application/javascript; charset=utf-8

GET
H3 200 /
www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/ 47 KB
47 KB 13ms
13ms Image
text/html 136.243.56.135
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 136.243.56.135 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.135.56.243.136.clients.your-server.de
Software: LiteSpeed /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:43 GMT
content-encoding: br
server: LiteSpeed
etag: "611161-1695122567;br"
x-litespeed-cache: hit
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
link: <https://www.belajarmakeup.com/wp-json/>; rel="https://api.w.org/", <https://www.belajarmakeup.com/wp-json/wp/v2/posts/5174>; rel="alternate"; type="application/json", <https://www.belajarmakeup.com/?p=5174>; rel=shortlink

GET
H2 200 CSR64z1Qlv-GDxkbKVQ_fOAKTQ.woff2
fonts.gstatic.com/s/newscycle/v23/ 13 KB
14 KB 37ms
10ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/newscycle/v23/CSR64z1Qlv-GDxkbKVQ_fOAKTQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro%3Aregular%2Citalic%2C700%2C300%7CNews+Cycle%3Aregular%2C700%26subset%3Dlatin%2C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1c4853f87ee676fa7610760cb0d33da5d53e1c011be7a34d9de03ec4b7b4f3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.belajarmakeup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 07:50:33 GMT
x-content-type-options: nosniff
age: 444972
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13360
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:44:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 15 Sep 2024 07:50:33 GMT

GET
H2 200 CSR54z1Qlv-GDxkbKVQ_dFsvWNReuQ.woff2
fonts.gstatic.com/s/newscycle/v23/ 13 KB
13 KB 39ms
12ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/newscycle/v23/CSR54z1Qlv-GDxkbKVQ_dFsvWNReuQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro%3Aregular%2Citalic%2C700%2C300%7CNews+Cycle%3Aregular%2C700%26subset%3Dlatin%2C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b519c652777c636add992fcfc14ff1360572af19ba11151ea78c17d3c44d153b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.belajarmakeup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Sun, 17 Sep 2023 03:15:14 GMT
x-content-type-options: nosniff
age: 375091
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13436
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:45:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 16 Sep 2024 03:15:14 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 14 KB
14 KB 45ms
19ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro%3Aregular%2Citalic%2C700%2C300%7CNews+Cycle%3Aregular%2C700%26subset%3Dlatin%2C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.belajarmakeup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 07:39:59 GMT
x-content-type-options: nosniff
age: 272806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14712
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Sep 2024 07:39:59 GMT

GET
H2 200 embed Show response
www.google.com/maps/ Frame BB50 2 KB
1 KB 455ms
428ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

4dd7bb90334bb1abdce8d03082a82101e34777ee6260886f88e93989572617f9

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-eJHZ11Z9AJsfASVcN4Zo0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1047
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-eJHZ11Z9AJsfASVcN4Zo0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-type: text/html; charset=UTF-8
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: scaffolding on HTTPServer2
vary: Origin X-Origin Referer
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 22ms
7ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=212382059&post=5174&tz=0&srv=www.belajarmakeup.com&j=1%3A12.5&host=www.belajarmakeup.com&ref=&fcp=0&rand=0.7748427028498976
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:45 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3 200 ElegantIcons.woff
www.belajarmakeup.com/wp-content/themes/bloggingpro/fonts/ 62 KB
62 KB 12ms
11ms Font
font/x-woff 136.243.56.135
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.belajarmakeup.com/wp-content/themes/bloggingpro/fonts/ElegantIcons.woff
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/wp-content/cache/autoptimize/css/autoptimize_4f2df54979e0f8ec26533239150c2262.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 136.243.56.135 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.135.56.243.136.clients.your-server.de
Software: LiteSpeed /
Resource Hash: be1825e52a0dc7df04df9322f62abe2a2f2a25d98aac186de0140dfc7f6bdcae

Request headers

Referer: https://www.belajarmakeup.com/wp-content/cache/autoptimize/css/autoptimize_4f2df54979e0f8ec26533239150c2262.css
Origin: https://www.belajarmakeup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:43 GMT
last-modified: Thu, 06 Aug 2020 07:36:25 GMT
server: LiteSpeed
accept-ranges: bytes
content-length: 63664
vary: User-Agent
content-type: font/x-woff

POST
H2 200 event
system-notify.app/ 0
532 B 12ms
12ms Ping
text/plain 157.90.33.68
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://system-notify.app/event?z=360489
Requested by: Host: system-notify.app
URL: https://system-notify.app/f/sdk.js?z=360489
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.33.68 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: sub1.1push.io
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.belajarmakeup.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:45 GMT
server: nginx
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.belajarmakeup.com
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
content-length: 0
expires: Tue, 11 Jan 1994 00:00:00 GMT

GET
H2 200 sync Show response
uidsync.net/ 62 B
713 B 62ms
36ms Fetch
application/json 157.90.33.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://uidsync.net/sync?user_id=eL9E2vXyERv8fRA8RpPVYi
Requested by: Host: system-notify.app
URL: https://system-notify.app/f/sdk.js?z=360489
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.33.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.33.90.157.clients.your-server.de
Software: nginx /
Resource Hash: d681a059ec0bc7044b46a6c514b96997e28b00b466767cb232cd7910cb3d3ffa

Request headers

Referer: https://www.belajarmakeup.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:45 GMT
server: nginx
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.belajarmakeup.com
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
content-length: 62
expires: Tue, 11 Jan 1994 00:00:00 GMT

OPTIONS
H2 204 sync
uidsync.net/ Frame 0
0 52ms
11ms Preflight 157.90.33.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://uidsync.net/sync?user_id=eL9E2vXyERv8fRA8RpPVYi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.33.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.33.90.157.clients.your-server.de
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.belajarmakeup.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.belajarmakeup.com
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
date: Thu, 21 Sep 2023 11:26:45 GMT
expires: Tue, 11 Jan 1994 00:00:00 GMT
pragma: no-cache
server: nginx

GET
H2 200 impl.v17.15.0.js Show response
live.demand.supply/ 82 KB
27 KB 130ms
129ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/impl.v17.15.0.js
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30ea956b12ae502e529c24365e9422d2428b75595511de013abc64d79eb510e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HAANKZ94E4GT7BEZGRJJD566
date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 572787
cf-polished: origSize=84620
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"c4c243e9ca1d0f0ac14511caf420b080-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 80a1f4811b3c6927-FRA

GET
H2 200 d3d3LmJlbGFqYXJtYWtldXAuY29tLw== Show response
live.demand.supply/p4/v17-10-0/ 592 B
418 B 454ms
453ms Script
text/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/p4/v17-10-0/d3d3LmJlbGFqYXJtYWtldXAuY29tLw==
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94e66b6aac93dbe2a6967c473aa7df238e0f3237f6a9f6eb104b2fe8d99890ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 80a1f4811b416927-FRA
alt-svc: h3=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
509 B 247ms
235ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?e=ll&d=256&cs=c&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:46 GMT
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
cf-polished: origSize=2
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f4812f7f91d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 1

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 99 KB
29 KB 172ms
89ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88a15c899390516f013d4c84218b503f4385bac0c2a30996bb187610eb742a19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29567
x-xss-protection: 0
server: cafe
etag: 875 / 19621 / m202309140101 / config-hash: 6606100946138516419
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 21 Sep 2023 11:26:46 GMT

GET
H2 200 d3d3LmJlbGFqYXJtYWtldXAuY29tL3NhbG9uLWtlY2FudGlrYW4tcHVyd29yZWpvLWtsYW1wb2stYmFuamFybmVnYXJhLw== Show response
live.demand.supply/p4/v17-10-0/ 592 B
487 B 328ms
327ms Script
text/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/p4/v17-10-0/d3d3LmJlbGFqYXJtYWtldXAuY29tL3NhbG9uLWtlY2FudGlrYW4tcHVyd29yZWpvLWtsYW1wb2stYmFuamFybmVnYXJhLw==
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94e66b6aac93dbe2a6967c473aa7df238e0f3237f6a9f6eb104b2fe8d99890ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 80a1f4811b4f6927-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 ds.2.html Show response
live.demand.supply/ 413 B
580 B 535ms
525ms XHR
text/html 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/ds.2.html
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01H8JMW9YYMJ12QTQWCBKX18DN
date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 80a1f4812f7c91d7-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 belajarmakeup.com.1027625.es6.js Show response
jsc.mgid.com/b/e/ 323 KB
97 KB 214ms
213ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/b/e/belajarmakeup.com.1027625.es6.js

Requested by

Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/e/belajarmakeup.com.1027625.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d637a9c1768ab4d95142e39b9c69f5f55d48fbd35fce3ddfd7c8ced216c429

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
x-amz-version-id: BQqAYlby27tEC4Pr1RqQLpGXPUPnxjDV
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: GT636MM96F1HEETA
cf-polished: origSize=330343
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /L6CzKBBXX/5mht0iBXCM5z+cVMVOxcA/03BnxardQRCZ1XWKqV4UNOmIJ8WcHukyps74JNbJbwfesGihaXfdg==
cf-bgj: minify
last-modified: Mon, 11 Sep 2023 10:49:19 GMT
server: cloudflare
etag: W/"ad32527475444da6b20d7cc4a043b3b0"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 80a1f4816ff3362b-FRA
expires: Thu, 21 Sep 2023 14:26:46 GMT

GET
H3 200 belajarmakeup.com_fluid_lb+sq_header Show response
live.demand.supply/cp/ 30 B
375 B 151ms
151ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/belajarmakeup.com_fluid_lb+sq_header?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e51f289e778c324e22a4b396cb38d00305cc483327e07fef2c152736de238cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 80a1f481f86c91d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 30

GET
H3 200 belajarmakeup.com_fluid_sq_inline Show response
live.demand.supply/cp/ 30 B
372 B 374ms
374ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/belajarmakeup.com_fluid_sq_inline?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4a708967f4d81badd3b291f53dd67077e2ac0c6921c7f9a9ea92a7acd72b661

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 80a1f481f86d91d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 30

GET
H3 200 belajarmakeup.com_fluid_sq_inline2 Show response
live.demand.supply/cp/ 30 B
372 B 391ms
391ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/belajarmakeup.com_fluid_sq_inline2?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8400466ff98ad8afa7e14a7863a5764d334b1482e86744b2c3d7e46569844d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 80a1f481f86e91d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 30

GET
H3 200 belajarmakeup.com_fluid_sky_sidebar Show response
live.demand.supply/cp/ 29 B
371 B 256ms
255ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/belajarmakeup.com_fluid_sky_sidebar?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbb3d4180894950a45ea0ef183c33262ad123164aba2a83325d9d9d48ced57e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 80a1f481f87091d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 29

GET
H3 200 belajarmakeup.com_fluid_lb+sq_footer Show response
live.demand.supply/cp/ 30 B
371 B 350ms
349ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/belajarmakeup.com_fluid_lb+sq_footer?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470192ad7f33e79b358b78986ebcbcb62f74663dc24dc4d44b3230874cd1b3ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 80a1f481f87291d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 30

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
473 B 106ms
106ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/x/e.js?ce=fs&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZNKVPJZFHPF818NM8PDRS
date: Thu, 21 Sep 2023 11:26:46 GMT
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
cf-polished: origSize=2
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f481f87391d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 1

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/ 409 KB
129 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1bde658df6e7fc967fdfa663ef601083be84e4dfb80de29e5423d8d618bf790e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 06:53:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16426
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131810
x-xss-protection: 0
server: cafe
etag: 9411153894055172020
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 20 Sep 2024 06:53:00 GMT

GET
BLOB 200
OK 71e977cc-2891-44c7-b7ad-a35697436354
https://www.belajarmakeup.com/ 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.belajarmakeup.com/71e977cc-2891-44c7-b7ad-a35697436354
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK 00d48324-d012-44c5-be53-85eeb96e2c32
https://www.belajarmakeup.com/ 250 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.belajarmakeup.com/00d48324-d012-44c5-be53-85eeb96e2c32
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Length: 250
Content-Type: text/javascript

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
472 B 124ms
124ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=belajarmakeup.com_fluid_lb%2Bsq_header&pdc=0.23564789295196534&ucv=null&e=tcp&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:46 GMT
cf-cache-status: HIT
age: 0
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f482e94e91d7-FRA

GET
H2 200 /
c.mgid.com/pv/ 43 B
115 B 43ms
26ms Image
image/gif 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.mgid.com/pv/?lu=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&cbuster=1695295606228887104468&pvid=18ab77e0dd4948262b7&implVersion=11&cxurl=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&site=652437&i=1&scum=%3F0&scuw=%3F0

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cf-ray: 80a1f4830aad362b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H2 200 belajarmakeup.com_fluid_lb+sq_header Show response
api.demand.supply/v17-10-0/a/ 365 B
537 B 743ms
715ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v17-10-0/a/belajarmakeup.com_fluid_lb+sq_header?&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3467033d37d162c3413db45a0d6c20529a17e7076167dd45f5d79d6c1f41aa93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
etag: W/"16d-8hRedma4z+7lG37/i3FNfUjIyCw"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 80a1f4832a902c18-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ Frame BB50 176 KB
61 KB 59ms
35ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Requested by

Host: www.google.com
URL: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

f863be111b2d42870de932ccf1f93851be761a81494c2cdecc5d5c48b06286f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62227
x-xss-protection: 0

GET
H3 200 belajarmakeup.com_auto_728x90_sticky_display_bottom Show response
live.demand.supply/cp/ 29 B
373 B 255ms
255ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/belajarmakeup.com_auto_728x90_sticky_display_bottom?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789946bd8a00bf5f8bd567f5b0a5299913681b0f348f1e65d8394fcfae2b6030

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 80a1f48349a991d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 29

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ Frame BB50 3 B
46 B 69ms
30ms XHR
application/json 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.google.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 init_embed.js Show response
maps.gstatic.com/maps-api-v3/embed/js/54/6/ Frame BB50 232 KB
62 KB 66ms
10ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.gstatic.com/maps-api-v3/embed/js/54/6/init_embed.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9f0312e6b8299e97a3a68365e4a20a1fdaf8fd6245bbf5081e79788a5969c58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 20:03:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141785
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62582
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 20:18:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Sep 2024 20:03:41 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
472 B 135ms
135ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=belajarmakeup.com_fluid_sky_sidebar&pdc=0.1590132236480713&ucv=null&e=tcp&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:46 GMT
cf-cache-status: HIT
age: 0
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f48399fb91d7-FRA

GET
H2 200 belajarmakeup.com_fluid_sky_sidebar Show response
api.demand.supply/v17-10-0/a/ 364 B
712 B 111ms
111ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v17-10-0/a/belajarmakeup.com_fluid_sky_sidebar?&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d35a9eb7cad90707e0c74a18ef480f06f714a8c5d022b9311648790bf8f2262

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
etag: W/"16c-WbarLXyQAVEuBwlhBVtTSwBv7Ds"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 80a1f4839b3f2c18-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/54/6/ Frame BB50 253 KB
56 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/54/6/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b29b1817692148eb026c359732d2cc65c21a259050825754cecc42bc2f388ae0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 09:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6211
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56903
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 20 Sep 2024 09:43:15 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/54/6/ Frame BB50 154 KB
49 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/54/6/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b7efd6d37de2602371b70c8017f9a533b66246b64bcab1317f6333b6ee6392d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 05:22:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49859
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 20 Sep 2024 05:22:10 GMT

GET
H2 200 map.js Show response
maps.googleapis.com/maps-api-v3/api/js/54/6/ Frame BB50 70 KB
23 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/54/6/map.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8db5084ffdb049ecc8d67bd45dc90e457d845470be67c0036f5c7b47dfaec48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 09:06:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94789
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23536
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Sep 2024 09:06:57 GMT

GET
H2 200 overlay.js Show response
maps.googleapis.com/maps-api-v3/api/js/54/6/ Frame BB50 3 KB
1 KB 15ms
9ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/54/6/overlay.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dea1fc2bb42675be172a791fa9e294d2b50461d447d3b6d6979ad043f8f8edf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 20:03:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1260
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Sep 2024 20:03:40 GMT

GET
DATA 200
OK truncated
/ Frame BB50 6 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0044d91b724bb429337d6dcd9d2332e855bc0b4452c1d3fc9beea9973017521

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 StaticMapService.GetMapImage
maps.googleapis.com/maps/api/js/ Frame BB50 32 KB
32 KB 114ms
112ms Image
image/png 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage?1m2&1i6351&2i4078&2e1&3u5&4m2&1u640&2u350&5m5&1e0&5sen&6sid&10b1&12b1&client=google-maps-embed&token=87377

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

a774f3af05035eeeb54900443b87b79950d50582c199c7d3859f242114f6c0e5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: public, max-age=86400
server-timing: gfet4t7; dur=105
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32515
x-xss-protection: 0
expires: Fri, 22 Sep 2023 11:26:46 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
472 B 15ms
14ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=belajarmakeup.com_fluid_lb%2Bsq_footer&pdc=0.13751768767833708&ucv=null&e=tcp&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:46 GMT
cf-cache-status: HIT
age: 0
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f4844a9f91d7-FRA

GET
H2 200 belajarmakeup.com_fluid_lb+sq_footer Show response
api.demand.supply/v17-10-0/a/ 365 B
535 B 114ms
113ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v17-10-0/a/belajarmakeup.com_fluid_lb+sq_footer?&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e15c078d1ef8df08dbd077e55ee1569b5f0dba4e02fb73f9e3d7556149aa801

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
etag: W/"16d-tPHeUBuT+Tkej4fanpQ/eITfxEI"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 80a1f4844c192c18-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 onion.js Show response
maps.googleapis.com/maps-api-v3/api/js/54/6/ Frame BB50 26 KB
9 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/54/6/onion.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8a951714d99bacc94f043465e2f60c97b83686c37035d4522aa6c51ba003ba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 12:42:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8939
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Sep 2024 12:42:16 GMT

GET
H3 200 search_impl.js Show response
maps.googleapis.com/maps-api-v3/api/js/54/6/ Frame BB50 3 KB
1 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/54/6/search_impl.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a0a8bd137d9ddc1eaafad68e42ad3544b0a4e7df6f42f5d236c499de94180d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 20:03:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1258
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Sep 2024 20:03:40 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
474 B 21ms
20ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=belajarmakeup.com_fluid_sq_inline&pdc=0.30459941625595094&ucv=null&e=tcp&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:46 GMT
cf-cache-status: HIT
age: 0
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f4845abb91d7-FRA

GET
H3 200 belajarmakeup.com_fluid_sq_inline Show response
api.demand.supply/v17-10-0/a/ 364 B
674 B 219ms
217ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v17-10-0/a/belajarmakeup.com_fluid_sq_inline?&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11e65367d121fdf873a914818c52c557697614867c769e54bd6a0b0b9929c2cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
etag: W/"16c-Uw4Q4j6SD0OG693I+7OnKB6X0Ro"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 80a1f4845abd91d7-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 55ms
9ms Script
text/javascript 2600:9000:2250:1a00:a:e047:753:6381
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:1a00:a:e047:753:6381 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-amz-version-id: tte_Zq9MCmRAYf9XeFwo9sUIgrBbXCUY
Date: Thu, 21 Sep 2023 05:20:17 GMT
Via: 1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P2
Age: 21990
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Wed, 06 Sep 2023 03:40:59 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: VbY2c_L2uMgMrfJeEwDGDgWkxrDHWQnrsoDmY_Y4dGFuMzdHbD23aw==

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 43 KB
14 KB 69ms
37ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c746ca687b3e79023240e45eb684f036fd9a1312b454758a6018b3ece635dafb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 07 Sep 2023 09:22:37 GMT
server: nginx
etag: W/"64f9965d-ab99"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Sep 2023 11:26:46 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 42ms
13ms Script
text/javascript 65.9.66.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 07:50:11 GMT
content-encoding: gzip
via: 1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 12996
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: l-UsyJDVD-8MXIMHZOQVLImWXj0916iomc0xByTPSr1SyFRCaIqtFQ==

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 139 KB
31 KB 52ms
24ms Script
text/javascript 2606:4700:10::6816:3456
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccebb3668d65d3268223556ecdbe14e98305dd0abeffe6308c75e7fb21188fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 08 Sep 2023 09:30:49 GMT
server: cloudflare
x-amz-request-id: K8M291YY143Y9NV6
age: 2588
etag: W/"1a5f44cdb786ba83a7fa05963228f464"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 80a1f4850e7d1e54-FRA
x-amz-id-2: gmcu4s9gLW9PLFYvfvWWpbf/F5rb9XAshtYMwJ+B139RAcEjhW+CY3Yb6q076EjxehpIKxQE2k8=

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 42ms
24ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 27571
x-jsd-version: master
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230042-FRA, cache-jnb7027-JNB
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aV2NWeYJhE0EASQypwU58VPGmulGu9dvyRCDAwim77FJi4ENkgTtGuNyHCavRlXhiU%2FesqBek5AoxyayEDGJRZn8bpzTdK8aIB2iJVdSNaIDQV2w7LMybnWAojXyOza3Fy2JOiafSLJvit8hFgE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 80a1f484fc543a91-FRA

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 114ms
29ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 083d536e6393f5e389f32381afe60780
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
12 KB 371ms
370ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=3646323581040227&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2Cf7f27fd0-e1ad-4954-8c54-d7dcf8cd3db4&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C160x600%7C300x250&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1695295606519&lmt=1695288406&adxs=977&adys=216&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=299x0&msz=299x0&fws=0&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhsKDGlkNS1zeW5jLmNvbRjznfi7qzFIAFICCGQSGQoKcHViY2lkLm9yZxjznfi7qzFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y8534u6sxSABSAghkEhcKCHJ0YmhvdXNlGPSd-LurMUgAUgIIZBIZCgp1aWRhcGkuY29tGPOd-LurMUgAUgIIZA..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.1%26bid-p%3Dgoogle%26bsc%3D87&adks=3353227378&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04315554200d1da1135a22ffa5e07c21ca40f8cba46b70242bfd55f6d789f9ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12433
x-xss-protection: 0
google-lineitem-id: 5564061269
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138332681208
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E50D 6 KB
3 KB 97ms
18ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Fri, 20 Sep 2024 11:26:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
473 B 124ms
124ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=belajarmakeup.com_fluid_sq_inline2&pdc=0.17216531038284302&ucv=null&e=tcp&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:46 GMT
cf-cache-status: HIT
age: 0
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f484eb5391d7-FRA

GET
H3 200 belajarmakeup.com_fluid_sq_inline2 Show response
api.demand.supply/v17-10-0/a/ 347 B
677 B 216ms
216ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v17-10-0/a/belajarmakeup.com_fluid_sq_inline2?&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e1d00770709c4f33c3a0acfa71398a5d4c87137134acbbbd86b33291057c939

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
etag: W/"15b-P5XDhuAElL9WgAeV1sSoPuBTHcM"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 80a1f484eb5691d7-FRA
alt-svc: h3=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
475 B 18ms
18ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=belajarmakeup.com_auto_728x90_sticky_display_bottom&pdc=0.0560189425945282&ucv=null&e=tcp&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:46 GMT
cf-cache-status: HIT
age: 0
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f4850b6f91d7-FRA

GET
H3 200 sdb.css
live.demand.supply/css/ 4 KB
2 KB 131ms
131ms Stylesheet
text/css 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/css/sdb.css
Requested by: Host: client
URL: about:client
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99456b3711ac205efcbdbc08ae9dae0124aa6a94d0edf9701a80caa6fc38b5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01H95R0W3H9SMVPKTQMTQBKKQX
date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 1568785
etag: W/"ca59855b4714df36e4972d3d4157366d-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-ray: 80a1f4851b086967-FRA
alt-svc: h3=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
475 B 18ms
18ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/x/e.js?ce=bb&r=belajarmakeup.com_auto_728x90_sticky_display_bottom&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZNKVPJZFHPF818NM8PDRS
date: Thu, 21 Sep 2023 11:26:46 GMT
cf-cache-status: HIT
age: 0
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f4851b7291d7-FRA

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 35 KB
14 KB 403ms
402ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=2924343773367508&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2C922a30da-9409-4800-8951-73a8bd7bd5f9&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x90&ifi=2&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1695295606588&lmt=1695288406&adxs=436&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=728x-1&msz=728x-1&fws=512&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhsKDGlkNS1zeW5jLmNvbRjznfi7qzFIAFICCGQSGQoKcHViY2lkLm9yZxjznfi7qzFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y8534u6sxSABSAghkEhcKCHJ0YmhvdXNlGPSd-LurMUgAUgIIZBIZCgp1aWRhcGkuY29tGPOd-LurMUgAUgIIZA..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.03%26bid-p%3Dgoogle%26stt%3Dbhs%26bsc%3D87&adks=786148176&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e805daad736c81d30a75267cb1e27b97b2e508ac410334305946935940dba584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14672
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 openhand_8_8.cur
maps.gstatic.com/mapfiles/ Frame BB50 326 B
692 B 47ms
47ms Image
image/bmp 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maps.gstatic.com/mapfiles/openhand_8_8.cur

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7342f390b12f636d14e25f698fc5e38cf6240994dc0c07fefbbb4e78ec4d03c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/geo-tactile
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
last-modified: Tue, 18 May 2021 19:15:00 GMT
server: sffe
report-to: {"group":"geo-tactile","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/geo-tactile"}]}
content-type: image/bmp
access-control-allow-origin: *
cache-control: private, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="geo-tactile"
expires: Thu, 21 Sep 2023 11:26:46 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 154 KB
46 KB 501ms
500ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=794105492795056&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2C0c2d2699-1a0c-4b49-8805-a9e0dc900122&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=990x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=3&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1695295606666&lmt=1695288406&adxs=305&adys=3474&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=990x0&msz=990x0&fws=0&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhsKDGlkNS1zeW5jLmNvbRjznfi7qzFIAFICCGQSGQoKcHViY2lkLm9yZxjznfi7qzFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y8534u6sxSABSAghkEhcKCHJ0YmhvdXNlGPSd-LurMUgAUgIIZBIZCgp1aWRhcGkuY29tGPOd-LurMUgAUgIIZA..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.08%26bid-p%3Dgoogle%26bsc%3D87&adks=4190063321&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fe1a648e52d65ae165075793f9ab45bc14433e6bc24214e1fb890cc4923803a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46651
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 GetViewportInfo Show response
maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/ Frame BB50 28 KB
5 KB 38ms
37ms XHR
application/json+protobuf 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

018e5246c558914b4537dc48bea241a728d7ffd93dd4b8b2661e56b8bd83a402

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/json+protobuf
X-Goog-Maps-Client-Id: google-maps-embed
Referer: https://www.google.com/
X-Goog-Api-Key
X-Goog-Maps-API-Signature: 84279
X-Goog-Maps-API-Salt: z9BVesupFK

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.google.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5188
x-xss-protection: 0

OPTIONS
H3 200 GetViewportInfo
maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/ Frame 0
0 17ms
16ms Preflight
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-goog-maps-api-salt,x-goog-maps-api-signature,x-goog-maps-client-id,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-goog-maps-api-salt,x-goog-maps-api-signature,x-goog-maps-client-id,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.google.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 21 Sep 2023 11:26:46 GMT
server: scaffolding on HTTPServer2
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
330 B 62ms
16ms XHR
text/plain 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.belajarmakeup.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.belajarmakeup.com
date: Thu, 21 Sep 2023 11:26:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 177F 15 KB
6 KB 75ms
18ms Document
text/html 2a02:2638:d::d
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.belajarmakeup.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::d , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

dcccb2680f053e97760df92d73620611629aba41492d27f770828f780d84b302

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
server: Kestrel
server-processing-duration-in-ticks: 279655
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
338 B 118ms
33ms XHR
application/json 54.77.82.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.82.203 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-82-203.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 7fae98d4d69121fd70a693b6c6fdada43e57e0add1760d93c629870d9fc3fb59

Request headers

Referer: https://www.belajarmakeup.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:46 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache
x-server: 10.45.0.27
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H3 200 AuthenticationService.Authenticate Show response
maps.googleapis.com/maps/api/js/ Frame BB50 62 B
84 B 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.google.com%2Fmaps%2Fembed&2sgoogle-maps-embed&7m2&1e0&5e0&8b0&callback=_xdc_._ekfok1&client=google-maps-embed&token=110151

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/54/6/common.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

7548256472bfd02ede86487078011a5318dd4da095bb2de68f28a0e830a2564f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment
server-timing: gfet4t7; dur=9
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 13 KB
13 KB 97ms
93ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i26!3i16!4i256!2m3!1e0!2sm!3i663404121!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=127160

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

22720521128fa6c4c72b340f612e896df620e89fab597ad1a4063d4601a036d4

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=87
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13315
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 07bd04da0df530a6d
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 15 KB
15 KB 102ms
98ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i25!3i16!4i256!2m3!1e0!2sm!3i663404121!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=86731

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

c0bdf17616abb8f807e48430492db1e6975bfa3b273bc184b6e06da3fa33e3e8

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=91
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15264
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 031575885cdf1d299
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 11 KB
11 KB 113ms
109ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i25!3i15!4i256!2m3!1e0!2sm!3i663404121!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=81891

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

40f4eeb522900a0a71228a17352f0bdce5e5180874f8610b4b2fd4cee57118e5

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=101
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11610
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 03798593910256b84
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 11 KB
11 KB 104ms
100ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i26!3i15!4i256!2m3!1e0!2sm!3i663404121!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=122320

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ef58b7ef932798e6be346eb33fc2de9943e48b950f8cd130192321e7c824e705

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=92
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11268
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 064fbe278f9bebd5
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 6 KB
6 KB 95ms
91ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i27!3i15!4i256!2m3!1e0!2sm!3i663404037!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=108594

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

c57d2be5f0f65ada562a5566604b2cc546ff958a61a20031582e2364d58ec092

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=83
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5880
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 04850444db01cf15a
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 7 KB
7 KB 94ms
90ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i27!3i16!4i256!2m3!1e0!2sm!3i663404037!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=113434

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

b8383aefa10c185403f189b4aea05f4167e4e5efb7dcfd2193b7fc67bb574328

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=82
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6835
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 054a12c2f3f9f7c64
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 12 KB
12 KB 98ms
95ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i27!3i17!4i256!2m3!1e0!2sm!3i663403905!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=210

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

e0d152aa7ac9377aa22394a39e5bde8eb5d5f94bf4cae9dec414fbc4c388d2e4

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=85
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12363
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 0e445292446fe07cc
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 4 KB
4 KB 97ms
94ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i26!3i17!4i256!2m3!1e0!2sm!3i663403905!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=90852

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

a829616c9d041b31d3480389fc5d38f9d7e4a836d8dec2606fe5f1d56461e370

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=85
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3714
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 0befa013e44160760
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 178 B
268 B 93ms
90ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i25!3i17!4i256!2m3!1e0!2sm!3i663403905!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=50423

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

0239d84800d90f767050e8e528d7be59743db88b3ac79a498bc2077b22f11189

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=82
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 178
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 0e44a399c598dbfcf
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 1 KB
1 KB 86ms
83ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i24!3i17!4i256!2m3!1e0!2sm!3i663403341!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=55196

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

5f9b158ffacaa6b3c5a93875860f8c072827f7f27dbc2d3226c0979e62599a9e

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=76
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1203
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 0953650b182b1bb4b
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 1 KB
1 KB 85ms
83ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i24!3i16!4i256!2m3!1e0!2sm!3i663404121!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=46302

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

89f4e55e5cc8d9c62c22f4e2af50e340786991994c19d33d9753cc13d9410ac3

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=71
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1221
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 0e7537a7d5269261a
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H2 200 vt
www.google.com/maps/ Frame BB50 9 KB
9 KB 107ms
105ms Image
image/png 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/maps/vt?pb=!1m5!1m4!1i5!2i24!3i15!4i256!2m3!1e0!2sm!3i663404133!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=55694

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

5a4ee1824ce35ef5d06d6789e291072d107100260813022b373ac2d6fb8c40dd

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=92
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8760
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 08497cc4de3b6799d
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 21 Sep 2023 11:31:46 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
12 KB 417ms
417ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=2015100040657647&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2C4a3abfdd-c81d-405f-a89c-0d96a2a86f37&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=640x280%7C480x320&ifi=4&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1695295606768&lmt=1695288406&adxs=323&adys=299&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=640x0&msz=640x0&fws=0&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhkKCnB1YmNpZC5vcmcYtZ_4u6sxSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGPOd-LurMUgAUgIIZBIXCghydGJob3VzZRj0nfi7qzFIAFICCGQSGQoKdWlkYXBpLmNvbRjznfi7qzFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPOd-LurMUgAUgIIZA..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.3%26bid-p%3Dgoogle%26bsc%3D87&adks=2477893579&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6af307e25c3ff6b4aa1bccc0e4514f7f887f0410e0a474c8b8768cf2214940e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12328
x-xss-protection: 0
google-lineitem-id: 5564064212
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138332681208
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 vt Show response
www.google.com/maps/ Frame BB50 18 KB
1012 B 87ms
86ms XHR
application/json 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/maps/vt?pb=!1m4!1m3!1i5!2i24!3i15!1m4!1m3!1i5!2i25!3i15!1m4!1m3!1i5!2i26!3i15!1m4!1m3!1i5!2i27!3i15!1m4!1m3!1i5!2i24!3i16!1m4!1m3!1i5!2i24!3i17!1m4!1m3!1i5!2i25!3i16!1m4!1m3!1i5!2i25!3i17!1m4!1m3!1i5!2i26!3i16!1m4!1m3!1i5!2i26!3i17!1m4!1m3!1i5!2i27!3i16!1m4!1m3!1i5!2i27!3i17!2m3!1e0!2sm!3i663404145!2m70!1e2!2sspotlight!5i1!8m66!11e11!12m45!1sbeauty+salon!2m2!1s105250506097979753968!2s!3m1!3s0x0%3A0xf8f6b0abc5a33c0f!3m1!3s0x0%3A0xace43b41d4e7c396!3m1!3s0x0%3A0x9e6b99e93aeb2915!3m1!3s0x0%3A0xd73c810a96039e99!3m1!3s0x0%3A0xa0defde6583d11e6!3m1!3s0x0%3A0x96b53979de0b92ee!3m1!3s0x0%3A0xe91a68a39c5be336!3m1!3s0x0%3A0xdefdb1ec9d659290!3m1!3s0x0%3A0x5bc5ec130b3df1a2!3m1!3s0x0%3A0xf02b5f8c3a183a4f!3m1!3s0x0%3A0xc244ecbf50689db5!3m1!3s0x0%3A0x8f3289b031b509af!3m1!3s0x0%3A0x46fbcac29bde9373!3m1!3s0x0%3A0xfc77dac22f9dafca!3m1!3s0x0%3A0xfbed8685777380b8!3m1!3s0x0%3A0x64c085d17415c555!3m1!3s0x0%3A0xbeec631365f05133!3m1!3s0x0%3A0x5abdd63237f4ca27!3m1!3s0x0%3A0xfbcfca775f60301a!3m1!3s0x0%3A0x7dd1f2408701a3be!10b0!13m11!2sa!14b1!18m4!6b0!9b1!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sID!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e3!12m1!5b1&client=google-maps-embed&token=18799

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/54/6/util.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

5645723759befb687a1be1dc493eb8a437fbe94778cad7962653bd7c317b59b8

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/maps/embed?pb=!1m16!1m12!1m3!1d8112491.176123461!2d113.18104185!3d-6.86934315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!2m1!1sbeauty%20salon%20Purworejo%20Klampok%20-%20Banjarnegara!5e0!3m2!1sen!2sid!4v1601900188746!5m2!1sen!2sid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=79
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 987
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBgoICAUQmbHCpgY=
server: scaffolding on HTTPServer2
etag: 0621dac23fe954461
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: private, max-age=300
expires: Thu, 21 Sep 2023 11:26:46 GMT

GET
H3 200 QuotaService.RecordEvent Show response
maps.googleapis.com/maps/api/js/ Frame BB50 62 B
83 B 18ms
17ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent?1shttps%3A%2F%2Fwww.google.com%2Fmaps%2Fembed&2sgoogle-maps-embed&7st38e0u&10e1&11b0&callback=_xdc_._vyvami&client=google-maps-embed&token=62862

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/54/6/common.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

e108a555a2faabb0cb7d550331b4efb35094db1e295131c5411c10849edafa9c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:46 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
content-disposition: attachment
server-timing: gfet4t7; dur=10
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 206
Partial Content 8c8ca010-0a66-4721-84bd-9977938c4d04
https://www.belajarmakeup.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.belajarmakeup.com/8c8ca010-0a66-4721-84bd-9977938c4d04
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 35 KB
14 KB 427ms
426ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=2244840276329173&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2Cbb4408c4-821d-4c0e-8a5c-6dc251ff5d5b&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=640x280%7C480x320&ifi=5&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1695295606807&lmt=1695288406&adxs=323&adys=457&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=640x0&msz=640x0&fws=0&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhkKCnB1YmNpZC5vcmcYtZ_4u6sxSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGPOd-LurMUgAUgIIZBIXCghydGJob3VzZRj1n_i7qzFIAFICCGoSGQoKdWlkYXBpLmNvbRjznfi7qzFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGImg-LurMUgAUgIIag..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.11%26bid-p%3Dgoogle%26bsc%3D87&adks=1175331981&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5caac0e33b4b8eefa079b6551c74609c59fe1dab4801dbd7a341b86528a77f8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14658
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 177F
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=belajarmakeup.com&sn=ChromeSyncframe&so=0&topUrl=www.belajarmakeup.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=lXL0JHx2bXV4VytnckNGSFhTKysvWUFMUVJmSEp0MWNEeC9QT2t2K1BjbXZDTmdWcURoTVdhc0lsR0pzMnp1U2hnMUVablpSNWQ4aTMwNWJWZXdoZ3ltZ0t5QWV1Nzc5UTR5dmZRR3BRb3pDRk5FU09CU3YvMVF2aVBWRm...

465 B
683 B

85ms
18ms

Fetch
application/json

178.250.7.13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=lXL0JHx2bXV4VytnckNGSFhTKysvWUFMUVJmSEp0MWNEeC9QT2t2K1BjbXZDTmdWcURoTVdhc0lsR0pzMnp1U2hnMUVablpSNWQ4aTMwNWJWZXdoZ3ltZ0t5QWV1Nzc5UTR5dmZRR3BRb3pDRk5FU09CU3YvMVF2aVBWRmtMbS9tUGtmYmNnYnBKcWJGVDUvbUswNkFlOUMrbXZWSWhPam12eWVJY29JbkFCZzBQb0VHQ1RuL3hqZ010L2VHNG1Mc1paTEFDczZQZHJFN29nZlIwNGIyUFBDcmdyZ2pURkVDeEFBVG82U25rSm0zRXZyOHlHT2JrN1VMUXBUeWxjS21xdi9QQjlSd2FPaDZkRVVLT0JBZHJTQm5iUENjSXVFVnBsemlTZ1dBbVZUSlFLMD18&cppv=2

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Server

178.250.7.13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

abb8827cb68d7c3f5c7a0368292737b203dbbb9ba874b15f7ac936ac5ce3c1bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1234930
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=lXL0JHx2bXV4VytnckNGSFhTKysvWUFMUVJmSEp0MWNEeC9QT2t2K1BjbXZDTmdWcURoTVdhc0lsR0pzMnp1U2hnMUVablpSNWQ4aTMwNWJWZXdoZ3ltZ0t5QWV1Nzc5UTR5dmZRR3BRb3pDRk5FU09CU3YvMVF2aVBWRmtMbS9tUGtmYmNnYnBKcWJGVDUvbUswNkFlOUMrbXZWSWhPam12eWVJY29JbkFCZzBQb0VHQ1RuL3hqZ010L2VHNG1Mc1paTEFDczZQZHJFN29nZlIwNGIyUFBDcmdyZ2pURkVDeEFBVG82U25rSm0zRXZyOHlHT2JrN1VMUXBUeWxjS21xdi9QQjlSd2FPaDZkRVVLT0JBZHJTQm5iUENjSXVFVnBsemlTZ1dBbVZUSlFLMD18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 253130
content-length: 0
expires: 0

GET
H2 200 mgid_ua.svg
cdn.mgid.com/images/mgid/ 2 KB
1 KB 36ms
18ms Image
image/svg+xml 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mgid.com/images/mgid/mgid_ua.svg

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 4ZA9P7VPAM79SEE5
age: 3024
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Ogo/ex200L7ps4FnQp+/tzaMP2Es62GIpyM//oh5VixopnKeKU/OLkVNxoGwINDIcf8PtYkWji0=
last-modified: Tue, 08 Mar 2022 17:05:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag: W/"617c205137825561208ef7c1a2d8f319"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 80a1f486cfc3362b-FRA
expires: Fri, 22 Sep 2023 11:26:46 GMT

GET
H2 200 Adchoices.svg
cdn.mgid.com/images/logos/ 836 B
887 B 35ms
18ms Image
image/svg+xml 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mgid.com/images/logos/Adchoices.svg

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1AQ87HP7AKJY1F91
age: 3484
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pInDM2RPDHUlOpYgJqojzh/brPWXHMNn0ic6i/u40dMp8nzFRePy7JS9jxOO3j+wKiyU9P12tzY=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 80a1f486cfc6362b-FRA
expires: Fri, 22 Sep 2023 11:26:46 GMT

GET
H2 200 1 Show response
servicer.mgid.com/1027625/ 5 KB
2 KB 77ms
59ms Script
application/x-javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://servicer.mgid.com/1027625/1?mp4=1&ap=1&w=636&h=285&sz=311x124&szp=1,2,3,4&szl=1,2;3,4&cols=2&sessionId=650c2877-16be0&sessionPage=1&sessionNumberWeek=1&sessionNumber=1&lu=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&cbuster=1695295606878621704877&pvid=18ab77e0dd4948262b7&implVersion=11&cxurl=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&scum=%3F0&scuw=%3F0&uniqId=175d0&niet=4g&nisd=false&pv=5&lct=1694390400&jsv=es6&pageView=1&dpr=1&ref=&tfre=1209

Requested by

Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/e/belajarmakeup.com.1027625.es6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66fe841ddd73f22a61f9a030cc9580fd3a09949ff768de77ded4f81448d2cf50

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 80a1f4872836362b-FRA
alt-svc: h3=":443"; ma=86400

GET view
securepubads.g.doubleclick.net/pcs/ Frame E7CB 0
0

GET rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E7CB 0
0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 38 KB
16 KB 397ms
396ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=3718965984792936&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2C2152d48e-f907-4110-9a4e-b4dfd70940ad&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x600%7C160x600%7C300x250&fluid=height&ifi=6&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Dacf3a91924580818%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_MbjQJvl16uCetNzHov01-hte8DV_A&gpic=UID%3D00000cace19d2ac1%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_MYbh0c5j9I48YBdINRtYfZD__iPoQ&abxe=1&dt=1695295606947&lmt=1695288406&adxs=977&adys=216&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=299x0&msz=299x0&fws=0&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhkKCnB1YmNpZC5vcmcYtZ_4u6sxSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGPOd-LurMUgAUgIIZBIXCghydGJob3VzZRj1n_i7qzFIAFICCGoSGQoKdWlkYXBpLmNvbRjznfi7qzFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGImg-LurMUgAUgIIag..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.01%26bid-p%3Dgoogle%26bsc%3D87&adks=3890895887&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d1e00ef1df6db817421f50095d5bf6e8c7a6b7fe50a73413cceb35c7e16f8ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16233
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfNzYwLHlfNTMyL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIzLTA4L...
s-img.mgid.com/g/17060522/492x277/-/ 7 KB
8 KB 64ms
23ms Image
image/webp 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-img.mgid.com/g/17060522/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfNzYwLHlfNTMyL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIzLTA4LzQzNjk2NC8xMWViYTYyODJlMDk3MzM5ODAwZTk4NzUxODlhMjVhYy5qcGVn.webp?v=1695295606-7HQWpCJUaPprPS7KaQfbkcHBrouTeWVdThMbFtZBkgI

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b66f89a4b746a43121522ce93c6614ab626b6fa1aed8c6857eb2e629d6bb43c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://www.belajarmakeup.com/
Origin: https://www.belajarmakeup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
x-mg-request-uuid: f58b39b2-04aa-46c0-98d9-8fdfbfed079f
age: 280514
alt-svc: h3=":443"; ma=86400
content-length: 7618
last-modified: Thu, 31 Aug 2023 14:59:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 80a1f487ddab1e20-FRA

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0wOS83MDQ5MTAvOGZhN...
s-img.mgid.com/g/17263023/492x277/-/ 13 KB
14 KB 61ms
20ms Image
image/webp 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-img.mgid.com/g/17263023/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0wOS83MDQ5MTAvOGZhNmEyMmRiMDUyYzcxY2EwOTBhYjdiMmQwZmQ2MzUuanBn.webp?v=1695295606-x4blM9VkDurOkkCUcWOBFvvXJ-qH4ZBgosi5jbAxfa0

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9e196b7da840d57fc7a6b693daa2cbb3364da5d96464dec52a83b9f4cce166d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://www.belajarmakeup.com/
Origin: https://www.belajarmakeup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
x-mg-request-uuid: 5787baa8-f4d2-4f01-83fc-901b1fb99c20
age: 3325
alt-svc: h3=":443"; ma=86400
content-length: 13510
last-modified: Thu, 21 Sep 2023 10:28:38 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 80a1f487ddad1e20-FRA

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0wNy83ODMzODUvYTJhM...
s-img.mgid.com/g/16675892/492x277/-/ 9 KB
9 KB 63ms
22ms Image
image/webp 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-img.mgid.com/g/16675892/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0wNy83ODMzODUvYTJhMTgwZGYwMWZiZjE2NjIwZGU1ZmI1YTJkYTlkZDUucG5n.webp?v=1695295606-I7omqREuiqz4e8gidl5dX1o-mFGVIkSMtrWYiE3xLpQ

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

657e6dbb6cf905fa06929854e64618f0aee6d1c08804cef18fc01507833c0c7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://www.belajarmakeup.com/
Origin: https://www.belajarmakeup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
x-mg-request-uuid: 2877de91-31db-465c-bfc5-813d133aff9d
age: 6211400
alt-svc: h3=":443"; ma=86400
content-length: 9392
last-modified: Tue, 11 Jul 2023 12:34:10 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 80a1f487ddb01e20-FRA

GET
H2 206 31731f7633d022ac73df01e9e38d480b.mp4
cl.imghosts.com/imgh/video/upload/ar_16:9,c_fill,w_680/videos/t/2023-09/485100/ 65 KB
65 KB 71ms
21ms Media
video/mp4 2606:4700:4400::6812:297f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cl.imghosts.com/imgh/video/upload/ar_16:9,c_fill,w_680/videos/t/2023-09/485100/31731f7633d022ac73df01e9e38d480b.mp4?v=1695295606-PobrS8RR4xhxBRIRnh7UR7QxcuAwvAiP5dcfHW4Drvc

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98876031571d2de830fdaffdb73fb9f72546656d34b346ff7b580359a2b01879

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.belajarmakeup.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1218109
Content-Range: bytes 0-66360/66361
server-timing: cld-cloudflare;mitm=c;dur=139;start=2023-09-07T09:04:58.267Z;desc=miss;cloudinary;dur=122;start=2023-09-07T09:04:58.282Z
alt-svc: h3=":443"; ma=86400
Content-Length: 66361
last-modified: Mon, 04 Sep 2023 14:51:48 GMT
server: cloudflare
etag: "eb82000d0594bd9b1877b49796768a7b"
vary: Accept-Encoding
content-type: video/mp4;codecs=avc1
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, max-age=31536000, no-transform, immutable
timing-allow-origin: *
x-robots-tag: noindex
cf-ray: 80a1f487f9989bac-FRA

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 486ms
485ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=241761466732488&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2C3b4b272d-0c28-4d0e-830b-6d7e5c5fe0c0&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=990x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=7&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Dacf3a91924580818%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_MbjQJvl16uCetNzHov01-hte8DV_A&gpic=UID%3D00000cace19d2ac1%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_MYbh0c5j9I48YBdINRtYfZD__iPoQ&abxe=1&dt=1695295606996&lmt=1695288406&adxs=305&adys=135&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=990x0&msz=990x0&fws=0&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhkKCnB1YmNpZC5vcmcYtZ_4u6sxSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGPOd-LurMUgAUgIIZBIXCghydGJob3VzZRj1n_i7qzFIAFICCGoSGQoKdWlkYXBpLmNvbRjznfi7qzFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGImg-LurMUgAUgIIag..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.14%26bid-p%3Dgoogle%26bsc%3D87&adks=2033483997&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc7e38eeb9ad8134272c19594b02722fd1d7ea39854d4fdc5a5f2cfcc050a796

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12184
x-xss-protection: 0
google-lineitem-id: 5562802023
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138332681208
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D876 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Fri, 20 Sep 2024 11:26:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 182 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 476d8d8a5ee6c842a16e5ae6a58cec35ff7649729b77de0319644cdc128340eb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 834 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ea842ad92b2cb342a00d74293e6036981ec07854e082223080525efa9c88528

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
477 B 119ms
119ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.03&b=2&r=belajarmakeup.com_auto_728x90_sticky_display_bottom&sy=dacdbfef-fb34-4e24-9bb2-c8606eba5741&ts=87&cd=2&pud=256&pus=c&pue=385&pid=132&pis=c&pie=517&ppd=455&pps=a&ppe=840&pcl=248&ttc=734&tti=1479&ttif=0&lca=840&lcak=ppe&lct=840&lctk=ppe&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.belajarmakeup.com&mlre=undefined&mlin=0&mlsi=728x90&mlbw=4g&mlcs=NaN&mltp=37a06333-e3c2-4a33-8e4c-fcd8104c0da8&e=lm&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:47 GMT
cf-cache-status: HIT
age: 1
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f487ee1191d7-FRA

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 1C60 83 KB
26 KB 99ms
35ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodgAJqc4JHVlKAAQW6M5N0tKR_X66G9K4zA&u=%7CAPbgfc3o%2B0lozKl4hhHAleaHotibBjbciobT6Zw4U%2Bg%3D%7C&c1=TEbw32HdmhlTb08vzaRE01gjP6XVckOXmW9UoUGT_GI2b2B5z8aCCSnbAiDmxoSwicJ1n4MV4gwa8S_EYOiQwc9xAuUCawHSgaAmfNBtKmoIlSsUouAvZ3eg3KUH9W4hhSh5Fty69-EJ95LiyJlZM0E3kUsYvRZVmO8oSEC8hupFeB0io9GUOQJq_5xRKesbx-AQOXSHsI6oz5cUgtggKuRABrV1gmiYNqmcK7t0E4vQA7iwuexsnmwqHwv6z0b1FG_L1irQxGWN8iPqjcsI9e6dX3ghP9D_DDPYctF1FUiSBJRx0SMRfT-KaV27wiJexmnu1sY2RICr3u5wSL-lVfNZYisjIUWTG-DRWXAgNEf97GRY5xHW_MSPNzKHcNudywAPWLrspt6Ium6sFo7ZUtYy4s8rJggisgVo7BNqoTszU-Mv6P189UfH6XEkpN1xAPJACwLYgpCNqd5df6yuJ1c5SBuz5tDKMCwS0oSPCaWXLqsRI4q-LCDyPgSjYYiSteL_PpHwIZ3Ykq2QXdqQ93rFEX1-lp3-jdPZX1fLr88_NbymX9ERBJm515inTAOLC4jQv7_C6dV3qFd1Kl2cEB1GYH3ZHr__rDn8RDm6qiq3-B3-fjNW4GX4BlzLhKGa&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP0E2digMZc7TJsqy9fgP6K2QiALJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzgzMTg5NDU1OTAxNDYxNMgBCakCISI9W-HhsT7gAgCoAwHIAwKqBIUDT9C_1lOnqz9Nx9gRfF4tnCWQ5-VFxk7ipyvAIbx0RUqDDmaES6d76FFF-CUF-iI6OIuQNHzKRLZ_nSd7LOoNL_iviRaa4iRG0XlmCqH9WweEq-b89-R4ZP98ZDfDF_mkJiYou081RxSt5ZZG6j9dL6TR3JyAgREMDpI3O8bLBwFhl350dfT8sl1kOjyT50vnYN3flzIrxehOnYGoOzF3yeNsi1_fDUvv4V3NNrHY3tAyc6uUlseY2XxcUK7uc-rHWiAoxXkDfV4PO5TpebBKsZkpR--SCK8ROeEQHNK3RqSOP6od24E_s5UESBjem5Kw6Gs2q_CoFKaVsqTbETT9Fw4vfEnETmOh0g1KfU8LTERnN77WQXO-Sa7ni2BTM6LvUjYCAUb9-2Mw6CjPME2rhvHJUXQnscGKpSmwRDhSHEXZy0_PoEbWbq6lSB0ykbDocr_WONhTxUhf45KHAYVbG7t2wBt2iDFabcgHAY2GODouGFrgA0QKtdOjEmpASJoCYpMfm67gBAGABqufqc3aouL1J6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3EVxp69_T3nUrrx_jBdjmk4820ng%26client%3Dca-pub-3831894559014614%26adurl%3D

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6a32dad78ccf6285d00190b3be9af38fefed014e35bc1b14e86817435b5a6c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=tItSfsJ5d5qakzeU9DEBOC-YsMR8wkPZYrxon13Kh-cD9GZ7upaMMh9oxCV09swsFi5O6ndJjSp1Z_z7hfNVeJXytv7NplajoNLIC6FMfe97vIzkEDLeT0aIaVg1BdRgW9g4kQLJQq8UyN_pjns1zLmPaINZ3A3DlGkGNnu8Cwo_E8quY_9Tq60GRn4GU2Xpl1tVunwkpZYFkBJcqYVdTCGxQmDCnYrulRGHIGiK6weHIxKsHxTlcUO6FzFEsQLEm11iCg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 17134899
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame D876 3 KB
1 KB 43ms
13ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/window_focus_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 10:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 10:32:43 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame D876 20 KB
8 KB 40ms
10ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 08:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9963
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 08:40:44 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame D876 24 KB
6 KB 36ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 07:26:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 187237
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 18 Sep 2024 07:26:10 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D876 182 KB
57 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58105
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695209545430561"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Sep 2023 11:26:47 GMT

GET
H2 200 i.js Show response
cm.mgid.com/ 0
127 B 33ms
24ms Script
application/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.mgid.com/i.js?cbuster=1695295607078704484802

Requested by

Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/e/belajarmakeup.com.1027625.es6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 80a1f48849d5362b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 i-noref.js Show response
cm.mgid.com/ Frame EBED 0
38 B 28ms
27ms Script
application/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.mgid.com/i-noref.js?cbuster=1695295607084626532900

Requested by

Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/e/belajarmakeup.com.1027625.es6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 80a1f48859ee362b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 138 KB
30 KB 22ms
22ms Script
text/javascript 2606:4700:10::6816:3456
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/e/belajarmakeup.com.1027625.es6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07a170a7411835031a08ba9a8499c88b73eb0e9ca71729ad3bdcfce3c4332242

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 08 Sep 2023 09:30:49 GMT
server: cloudflare
x-amz-request-id: 7XBRCPX1KHHE0TTP
age: 3060
etag: W/"6f2e4365e45d56ebb0820172e6b3d823"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 80a1f4885b7c1e54-FRA
x-amz-id-2: C3yfY0N2bpxidJ0E55Np5HtvrZBRg2DlRc4hgCHr4DRaVpCGaoVozdI6vXyTRSD40fgAxstMOwQ=

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/161673/7165/ 207 KB
63 KB 49ms
8ms Script
application/javascript 23.32.184.192
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/161673/7165/pwt.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/e/belajarmakeup.com.1027625.es6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.192 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-192.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a9f959272120a8fe9fc940b8df6a07a9e6c79d9b72773d62878e82fcd1c51951

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
last-modified: Sat, 29 Apr 2023 00:55:21 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=65448
accept-ranges: bytes
content-length: 63913
expires: Fri, 22 Sep 2023 05:37:35 GMT

GET
DATA 200
OK truncated
/ Frame D876 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76dfda93e21c353da8ba5be3ff2df8669ddbb0e23250cf2895bc9ffef61b2c5b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 1C60 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodgAJqc4JHVlKAAQW6M5N0tKR_X66G9K4zA&u=%7CAPbgfc3o%2B0lozKl4hhHAleaHotibBjbciobT6Zw4U%2Bg%3D%7C&c1=TEbw32HdmhlTb08vzaRE01gjP6XVckOXmW9UoUGT_GI2b2B5z8aCCSnbAiDmxoSwicJ1n4MV4gwa8S_EYOiQwc9xAuUCawHSgaAmfNBtKmoIlSsUouAvZ3eg3KUH9W4hhSh5Fty69-EJ95LiyJlZM0E3kUsYvRZVmO8oSEC8hupFeB0io9GUOQJq_5xRKesbx-AQOXSHsI6oz5cUgtggKuRABrV1gmiYNqmcK7t0E4vQA7iwuexsnmwqHwv6z0b1FG_L1irQxGWN8iPqjcsI9e6dX3ghP9D_DDPYctF1FUiSBJRx0SMRfT-KaV27wiJexmnu1sY2RICr3u5wSL-lVfNZYisjIUWTG-DRWXAgNEf97GRY5xHW_MSPNzKHcNudywAPWLrspt6Ium6sFo7ZUtYy4s8rJggisgVo7BNqoTszU-Mv6P189UfH6XEkpN1xAPJACwLYgpCNqd5df6yuJ1c5SBuz5tDKMCwS0oSPCaWXLqsRI4q-LCDyPgSjYYiSteL_PpHwIZ3Ykq2QXdqQ93rFEX1-lp3-jdPZX1fLr88_NbymX9ERBJm515inTAOLC4jQv7_C6dV3qFd1Kl2cEB1GYH3ZHr__rDn8RDm6qiq3-B3-fjNW4GX4BlzLhKGa&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP0E2digMZc7TJsqy9fgP6K2QiALJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzgzMTg5NDU1OTAxNDYxNMgBCakCISI9W-HhsT7gAgCoAwHIAwKqBIUDT9C_1lOnqz9Nx9gRfF4tnCWQ5-VFxk7ipyvAIbx0RUqDDmaES6d76FFF-CUF-iI6OIuQNHzKRLZ_nSd7LOoNL_iviRaa4iRG0XlmCqH9WweEq-b89-R4ZP98ZDfDF_mkJiYou081RxSt5ZZG6j9dL6TR3JyAgREMDpI3O8bLBwFhl350dfT8sl1kOjyT50vnYN3flzIrxehOnYGoOzF3yeNsi1_fDUvv4V3NNrHY3tAyc6uUlseY2XxcUK7uc-rHWiAoxXkDfV4PO5TpebBKsZkpR--SCK8ROeEQHNK3RqSOP6od24E_s5UESBjem5Kw6Gs2q_CoFKaVsqTbETT9Fw4vfEnETmOh0g1KfU8LTERnN77WQXO-Sa7ni2BTM6LvUjYCAUb9-2Mw6CjPME2rhvHJUXQnscGKpSmwRDhSHEXZy0_PoEbWbq6lSB0ykbDocr_WONhTxUhf45KHAYVbG7t2wBt2iDFabcgHAY2GODouGFrgA0QKtdOjEmpASJoCYpMfm67gBAGABqufqc3aouL1J6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3EVxp69_T3nUrrx_jBdjmk4820ng%26client%3Dca-pub-3831894559014614%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 1C60 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 1C60 308 B
636 B 59ms
58ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 1C60 293 B
621 B 58ms
57ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 1C60 43 B
348 B 85ms
19ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=aA1RZRsbk0_tD0QzCk5H0IshVQpnuUBkNoJJvumURfqOC8xKSJQrOCkmq9l-JiRvm1n4sJHreQEEP7DWN2DWlxkjDUb7gRNiQmQtgNX6AMXr7DiW2inuyXUUqxeuMcj5nnNWAmwhfawIIbY-wTuQVS52hh9TtRCoTFQl1w9r-sp1kOn2eyNpdWm-fG7R3skFCqdbDOe8fz3b2T6DjBSiaLFB8li3UO42eLFrByQAlYOJ9m7Kf-lwmZsFCgVZr-nQ0JKW3Z3exWuGoHjt8QQxnNGCzXCVxdXYaNDN7qNz-cAccFyMmMfnrUo9BPbmvLqYhCRPoP9X7a31hRNFcysCtVX9rGDvjHcoPBGRrXTELqpTjNmhmpzeX6W5oIpqX7d2Kg8ZLowSBH8AgIxQ3i6ibFzd-mRqT-bCa6V_4pOtCWO0bwVs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2963402
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 15aa714ecb05406293f4ffb087f95059_9a786dde1ec32e5c33713c35a2295f7e.jpg
static.criteo.net/design/dt/771/4935359/ Frame 1C60 180 KB
180 KB 21ms
20ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/771/4935359/15aa714ecb05406293f4ffb087f95059_9a786dde1ec32e5c33713c35a2295f7e.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5646855f0a13134e57aa75cac93947329df5094e02537442ff804ef03474fcc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 31 Aug 2023 14:26:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64f0a328-2cea1"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 183969
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 zepto.1.2.1.min.js Show response
static.criteo.net/zepto/ Frame 1C60 27 KB
11 KB 47ms
46ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/zepto/zepto.1.2.1.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

d5afe6c33d091af7c18129d4a4e0b04e1e788bca54ab3444c83a7ed5c808f4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 07 Mar 2023 14:03:16 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"64074424-6cc5"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H3 200 container.html Show response
af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 774F 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Fri, 20 Sep 2024 11:26:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
478 B 115ms
115ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.08&b=2&r=belajarmakeup.com_fluid_lb%2Bsq_footer&sy=dacdbfef-fb34-4e24-9bb2-c8606eba5741&ts=87&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.belajarmakeup.com&mlre=undefined&mlin=0&mlsi=990x280&mlbw=4g&mlcs=NaN&mltp=37a06333-e3c2-4a33-8e4c-fcd8104c0da8&e=lm&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:47 GMT
cf-cache-status: HIT
age: 1
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f4892f3691d7-FRA

GET view
securepubads.g.doubleclick.net/pcs/ Frame A250 0
0

GET rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A250 0
0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 309ms
308ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=2382438311669318&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2C841528c4-742b-4d63-837e-0b8647336a77&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=640x280%7C480x320&ifi=8&sfv=1-0-40&eri=1&sc=1&cookie=ID%3D72885daf48bee792%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_MYkNtV870cme2oz3QUP3w099fwV3g&gpic=UID%3D00000cace1d9dcbc%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_MYivsirfVR9AGI7uAhMl_8_p-2_gA&abxe=1&dt=1695295607293&lmt=1695288407&adxs=323&adys=299&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=640x0&msz=640x0&fws=0&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhkKCnB1YmNpZC5vcmcYtZ_4u6sxSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGPOd-LurMUgAUgIIZBIXCghydGJob3VzZRj1n_i7qzFIAFICCGoSGQoKdWlkYXBpLmNvbRjznfi7qzFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGImg-LurMUgAUgIIag..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.14%26bid-p%3Dgoogle%26bsc%3D87&adks=1457230905&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

874fc9ec44139a20e0d1be513a13b13fbe666cc256d2d677b791dbb8a2ac8720

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12219
x-xss-protection: 0
google-lineitem-id: 5562802023
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138332681208
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
408 B 63ms
16ms XHR
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

e7aff8c7c9d5cfc40e11a0f6634d8e17a1e86b9048aa0b885eb4ec690581091f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.belajarmakeup.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.belajarmakeup.com
date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 css
fonts.googleapis.com/ Frame 774F 14 KB
1 KB 17ms
17ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 21 Sep 2023 10:00:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 21 Sep 2023 11:26:47 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame 774F 2 KB
892 B 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 08:40:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9962
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 08:40:45 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/ Frame 774F 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/abg_lite_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 08:40:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9962
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 08:40:45 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame 774F 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/window_focus_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 10:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 10:32:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame 774F 20 KB
8 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 08:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9963
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 08:40:44 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 774F 182 KB
57 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58105
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695209545430561"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Sep 2023 11:26:47 GMT

GET
H2 200 9041af033b7a690ba70e3134a2c135bf.js Show response
www.gstatic.com/mysidia/ Frame 774F 36 KB
15 KB 34ms
7ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9041af033b7a690ba70e3134a2c135bf.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f9d88352b286107f60c320c4c088f718c2a3a273818cd61901edb7f235a9339

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:02:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15189
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 20:01:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 20 Dec 2023 11:02:16 GMT

GET
H3 200 container.html Show response
af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 86AB 6 KB
3 KB 10ms
7ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Fri, 20 Sep 2024 11:26:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
474 B 19ms
18ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.11&b=2&r=belajarmakeup.com_fluid_sq_inline2&sy=dacdbfef-fb34-4e24-9bb2-c8606eba5741&ts=87&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.belajarmakeup.com&mlre=undefined&mlin=0&mlsi=640x280&mlbw=4g&mlcs=NaN&mltp=37a06333-e3c2-4a33-8e4c-fcd8104c0da8&e=lm&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:47 GMT
cf-cache-status: HIT
age: 1
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f489dfec91d7-FRA

GET
H2 200 data=CNSJsnQnKl7VV3_oWoUx5jafz-sjbsTZ_hvLLyuOFWIUq4J9Mo8LVKLeeAT59_7CtekjpSDpMXbH-tgV5fk5mw
mts0.google.com/vt/ Frame 774F 50 KB
51 KB 230ms
174ms Image
image/png 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mts0.google.com/vt/data=CNSJsnQnKl7VV3_oWoUx5jafz-sjbsTZ_hvLLyuOFWIUq4J9Mo8LVKLeeAT59_7CtekjpSDpMXbH-tgV5fk5mw

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

eade078bf4a83a42256ac775df70dd4b90cc16a378367ebe2be8439404396cbf

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=166
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51408
x-xss-protection: 0
x-server-version-bin: CggIBBCk66SoBg==
server: scaffolding on HTTPServer2
etag: 0d9815d61b7179e4e
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3600
expires: Thu, 21 Sep 2023 12:26:47 GMT

GET
DATA 200
OK truncated
/ Frame 774F 297 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65f22d8aa0690bd9cf8ffe5d68e5f6866b05ed8fc6f6c9083b996c1b3c4c75f4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 774F 336 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 774F 462 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01cbb105faef1373e9d53ddc5e62c9c7b5f66cbc64c2c045a3daec0328b831e6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 774F 465 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41b7f4ef86f2344e72da822fe79265700ff1bf3361450a02ab4397ff1a5eb040

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 all
csm.eu.criteo.net/ Frame 1C60 0
128 B 61ms
15ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=tItSfsJ5d5qakzeU9DEBOC-YsMR8wkPZYrxon13Kh-cD9GZ7upaMMh9oxCV09swsFi5O6ndJjSp1Z_z7hfNVeJXytv7NplajoNLIC6FMfe97vIzkEDLeT0aIaVg1BdRgW9g4kQLJQq8UyN_pjns1zLmPaINZ3A3DlGkGNnu8Cwo_E8quY_9Tq60GRn4GU2Xpl1tVunwkpZYFkBJcqYVdTCGxQmDCnYrulRGHIGiK6weHIxKsHxTlcUO6FzFEsQLEm11iCg&sds=2&rev=88356&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 1C60 2 KB
1 KB 25ms
24ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 1C60 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

POST
H/1.1 200 v2 Show response
id5-sync.com/gm/ 276 B
692 B 56ms
19ms XHR
application/json 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/gm/v2

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

4db9321c02e95969c5ca62f886c28c807bb82690c98adae0bbae3c1eadfed5fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.belajarmakeup.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.belajarmakeup.com
date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame EF7E 198 KB
58 KB 86ms
86ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodgANOJYKhYnIAA921h0Egnul9AnI4prE1g&u=%7C%2FBQyUNtUA%2B5i0tscsAqvJfN3jXQahquiy1TQ2SMZzWs%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVJ1_mLSg5t2RHThGC1MU6dKlY4J3vZWhD4fss5dMS5-mleNum2Jd_cD-J-QtDYjfT061Smpu4OPtT3gQe_DKSYcDTNEJ4Ux2EQi84ONuGPkLDqPvo4I2Jyxb8OYUBC59NuNxfElLJfoyLZJvdLzEhZ63-yaFcHKPJ0DiAxlklOothGwmI47_up4AYISWMy3ebc82VD6IwJGUbfiaqXq_ZvH8iSCzr2qO0Qe-EU3YF5vl6l79FnFwX-Um1mwawQR3b7IWIqgyCdNr8U05B4sejLRe9ofacKiNM3qWt1352rK_iBlY4lAWsmtfZaf1zM55ermvQ5Ymu0hdK1laHfrpLzL5nqhX6KToHrZUmYb0pC34exAf8lnogisd44Yus2keOHFB9YJJkakkEzC5oawJpcc7TQFa_i38o49JNKr-P_IsACIwE76ufXf7BCoqU-6eS2_WQKHp78F5GDdaI_BP0T_g6EIdW63IsBVmns6UveDJkvSxGYV_BmMh1vBIC2L3Kn-y5LDoeaOBnLoPx4VT1NkWW-q6r6Kp09PggMOYv2R4Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCstzEdigMZZbxNMiTlgTW7b2IA8me0rFchf6X93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0yAEJqQIhIj1b4eGxPuACAKgDAcgDAqoEgwNP0IXxygE-FF-ay5Jjl-eEY4UK2arkz2ThCFKKkbasJy1KFxohlylCvjMAJWuBbpks2vwhB2qjpLp8Q61Mmu9LzfVeyRLQeucA-MsuOR0mpzhX5F-q6V3uLG6aaTPeOFglL2uqSMXZclTEUZTq5TTdyiaj8DORJFHkODR6wLCmlRh01yw5F2khEpqe6LNEmS5VuyB6TGuC_RslICvYSYqW4aeMhoXkudbdGtmJa-h2QwKoUFyfA8b_UFsjXjPlnKTAChet0UJ_3xHgX9QXmYH91wpsfhhLTfpp9vlcm23ZcF0qCpceH7kF4hNZ15dTsQaliV5ORxZS6XwaXNzd9uwNDKLAHC2LCcZ8tYliQ6Ia-W1xe6bt3mlNL8NBdMzcFyYmq4c6_ch1eqbuSU34DC9C6qKQA-X6ONo45PZtUkgxX4a2Whq8no0pAg7QKGKUilVzXoJl0Az1lM_2YVjvox8yqRI7KLGAmua0ZKGeaBr7ZoSNGbUEdKn0AOtZwqFI1xEQpKvgBAGABqufqc3aouL1J6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2DR9Ymm3GBHY9xr9YVzyZwAqOMmg%26client%3Dca-pub-3831894559014614%26adurl%3D

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cb104f899d6c039d8f171fce2121b7d44a60b4beea95d77e0ef4b2fd292186be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=wBL__8J5d5qakzeUNj0LwGUoPc8mslW8E7-R6nBzVfg7uDPFggHWl9zhoqF-P9WPqAipXxk-UtLuOwOSR1S5Cu4IvoHRNWlEO-qDmkcp2NlEuCUbDU81XUvBN438PGjTHVYBAVajw1WWdQZ6acfE6CoFKQXa3V1WJAl65h7K6zNx9cvqOIgOAg-QaC5HY3JTiRCn2uX07N4o-RdGH4YMGM4ELQMM3yWmAGLKqk16YngHh08hnDABcC-ktT4"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 61827130
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame 86AB 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/window_focus_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 10:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 10:32:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame 86AB 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 08:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9963
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 08:40:44 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 86AB 24 KB
6 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 07:26:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 187237
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 18 Sep 2024 07:26:10 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 86AB 182 KB
57 KB 48ms
46ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58105
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695209545430561"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Sep 2023 11:26:47 GMT

GET
H3 200 container.html Show response
af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 20F4 6 KB
3 KB 15ms
9ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Fri, 20 Sep 2024 11:26:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
476 B 112ms
112ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=belajarmakeup.com_fluid_sky_sidebar&pn=2&sn=3&pc=0.1590132236480713&ds=true&e=wdp&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:47 GMT
cf-cache-status: HIT
age: 1
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f48a585a91d7-FRA

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
474 B 137ms
137ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.01&b=3&r=belajarmakeup.com_fluid_sky_sidebar&sy=dacdbfef-fb34-4e24-9bb2-c8606eba5741&ts=87&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.belajarmakeup.com&mlre=undefined&mlin=0&mlsi=300x600&mlbw=4g&mlcs=NaN&mltp=37a06333-e3c2-4a33-8e4c-fcd8104c0da8&e=lm&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:47 GMT
cf-cache-status: HIT
age: 1
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f48a585d91d7-FRA

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1C60 30 KB
30 KB 134ms
65ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F15%2F15326673AE_14_F.JPG&v=3&w=800&s=OkhXAmbOmIRprgrUgvWh2hZY

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ce67d1dc40dc6a780bc4eb446e0e33d6de7686a21ee9fe1bf766c29443bd03da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 30816
expires: Fri, 30 Aug 2024 04:32:57 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1C60 40 KB
40 KB 109ms
40ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F45%2F45805163BI_14_F.JPG&v=3&w=800&s=XWJ8W4cwRPWGFkPRsnDpmBPg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ce867fb97439e887ed523630ff205dbe5159c013238f7d60706680178f64fda9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 41150
expires: Wed, 11 Sep 2024 07:01:11 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1C60 26 KB
26 KB 132ms
64ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F45%2F45556646HG_14_F.JPG&v=3&w=800&s=5jXhaaUWxGYW9kTbMX1jwFQ_

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b096099c35c814539ead6feb59d4b4ef4eb09be5b359596af2939b470a3db512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 26488
expires: Thu, 29 Aug 2024 04:54:59 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1C60 25 KB
26 KB 119ms
51ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F15%2F15190112NJ_14_F.JPG&v=3&w=800&s=qmHfD1RRDH3ETawn3DCm0803

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

42b5c1d5959b02f267904bac36729e8fad2d743f182e4189c3435c7e3749198c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 25924
expires: Sun, 01 Sep 2024 11:20:02 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 1C60 26 KB
26 KB 96ms
28ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17576488MW_14_F.JPG&v=3&w=800&s=zGRfJWjF0Xp_aXhYfe84qeKv

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4c1862cf4f7a0d00b0b56e97e6e7be2fb7fb82371cdae31692bf6b75584d86ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 26372
expires: Thu, 29 Aug 2024 08:22:12 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 5B64 75 KB
25 KB 24ms
21ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodgAPNzsJHUpFAAZHbx3ZDvp0qqV99c9ueg&u=%7C%2FBQyUNtUA%2B7ka6fQNaByRgMsddH0sTPe38StH49TBH4%3D%7C&c1=TEbw32HdmhlTb08vzaRE0-J3aJQULXRb6S19EAZ80X2gBTzv4Dq5xMxb2AiDpyinZYbjjDWoUakI8AR4rBwCK7-arpVDLb3syM6NZMgTNGS6D67Der0wbb3afMUwQUw1B1COfIo55o6BjlUavbGTnFZPqh03v9JZmZxCIyRfc5aVeHyezmeHQst09cxmM67IvMGB5xewuXNo2OpB807hIbXDPi1mJUdmA4eS-F5ixCsNZ315qn9s_VJhCEcx-sJNz9dWBT2Gs3MGKgH_QHquiTSth6N1tYRPTSWfv9vKMsPYyg3O1wmVPC9ao6KZJB9MG0mOGgrzKUZG_vxQSxJinzNpa9NHNhbSUklh8Phe1UAnOM4LwCyntlRTaMMiQBQTjsnC4P8epsfOZr_5S5_mVlEmHfLhvLID3Di0of7PYw8K339k334JHHSBNC55ThkQ60HI8-S9qaa9ZkUGFGlScADlFubpWoehI4cjBmuHSW3R8ZOLDaRjOwFJd0_8vDBCrQByuLrXPYnqdxRhctt0QSEaDRC4HdXeJHV6469sKUowHaxLTis6HzasiMvmucrFr3PK6ZIFUwSeHHQ97PhoM7DpBcU9zn5ZF8CNTEB2H0GJZQhn6k9eaQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1ygYdigMZbvuPMWU9fgP746ZkAnJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzgzMTg5NDU1OTAxNDYxNMgBCakCWDswZyTYsT7gAgCoAwHIAwKqBIYDT9DQa5wF43LDCvv1cr2gnXreO2Tmw_D414elsRFr_dXqtTac_0T_oNlhbaxE4K8_CCjbqvOXU6fP91f8xPunmL23qmOqR6L3MMqK_X7w-l_KqBL1AtuHd_Di0ySK9z-SYPtYlqvIv1A1p4FoF3u2TOZoNBW1GWM780IK6dee-GGlqqyuuw-C_2uwyxnprksvuPdgk438kynTRHQSnKRIgqCvv6T7A2lmLVIY_KkyW5i3EceZ4xaK9YNZqTvXSj4aS6qA_X1bN9fnePIODJX7h6yCvm98I3GR3tkUeD9j9rYwKwNmzCOrEfDPS8YLwWN3ZB8lRKb61Ej_4DXphXAYj7q4m3M5dx9ALm6UyQMIraPBIvfp-HRPLz8-0fNL275NcsbvZXK1uEGX3NsrAwYFZCqohRW3Ii8jpFWM3mQlIuIgipfflqPT3jNWPhXUbVzlZ7LCD-Y3_NU9NObrNJJ2RRHEu42gh1YLhRdBZf1DL_8TjLQ7E2U47oOS2J0XGLMM04Vlq28d4AQBgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDD6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2CBmCDKigADE2Y9lnsQcXqOqJTUg%26client%3Dca-pub-3831894559014614%26adurl%3D

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f3e5861d58be1ac4e11d97f069884c0d40eca9e7fe8402b30205e471afc3cd96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=3pI3icJ5d5qakzeUY6juN6UOWZvVHCxQIVR7iPQhMGhoDaA5mqsLbxSbANUjtUajAbnX5UPaPZWBBibLXdwzsRtPB2FlF_3xxnvVofgrz1dF07bOHuHaZhMBEHSEnWCr8KEzIQVtFN4ZVziWE3GhQ4cst0k9gDSHbZ8MpFle7SaGcp0RiRimsFJm8TaBXkHJknZgMxFBfpQhDVPfz0vvEbAs4jymWxF1iNj0AzR6-iaU04aqYmTgFnI8UzOQdfoMbFMv6g"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 2815736
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame 20F4 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/window_focus_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 10:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 10:32:43 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F5A0 1 KB
1001 B 128ms
14ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 32274
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 02:28:53 GMT
etag: 48472445140208031
expires: Fri, 22 Sep 2023 02:28:53 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame 20F4 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 08:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9963
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 08:40:44 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 20F4 24 KB
6 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 07:26:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 187237
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 18 Sep 2024 07:26:10 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 20F4 182 KB
57 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58105
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695209545430561"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Sep 2023 11:26:47 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame EF7E 2 KB
1 KB 18ms
17ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodgANOJYKhYnIAA921h0Egnul9AnI4prE1g&u=%7C%2FBQyUNtUA%2B5i0tscsAqvJfN3jXQahquiy1TQ2SMZzWs%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVJ1_mLSg5t2RHThGC1MU6dKlY4J3vZWhD4fss5dMS5-mleNum2Jd_cD-J-QtDYjfT061Smpu4OPtT3gQe_DKSYcDTNEJ4Ux2EQi84ONuGPkLDqPvo4I2Jyxb8OYUBC59NuNxfElLJfoyLZJvdLzEhZ63-yaFcHKPJ0DiAxlklOothGwmI47_up4AYISWMy3ebc82VD6IwJGUbfiaqXq_ZvH8iSCzr2qO0Qe-EU3YF5vl6l79FnFwX-Um1mwawQR3b7IWIqgyCdNr8U05B4sejLRe9ofacKiNM3qWt1352rK_iBlY4lAWsmtfZaf1zM55ermvQ5Ymu0hdK1laHfrpLzL5nqhX6KToHrZUmYb0pC34exAf8lnogisd44Yus2keOHFB9YJJkakkEzC5oawJpcc7TQFa_i38o49JNKr-P_IsACIwE76ufXf7BCoqU-6eS2_WQKHp78F5GDdaI_BP0T_g6EIdW63IsBVmns6UveDJkvSxGYV_BmMh1vBIC2L3Kn-y5LDoeaOBnLoPx4VT1NkWW-q6r6Kp09PggMOYv2R4Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCstzEdigMZZbxNMiTlgTW7b2IA8me0rFchf6X93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0yAEJqQIhIj1b4eGxPuACAKgDAcgDAqoEgwNP0IXxygE-FF-ay5Jjl-eEY4UK2arkz2ThCFKKkbasJy1KFxohlylCvjMAJWuBbpks2vwhB2qjpLp8Q61Mmu9LzfVeyRLQeucA-MsuOR0mpzhX5F-q6V3uLG6aaTPeOFglL2uqSMXZclTEUZTq5TTdyiaj8DORJFHkODR6wLCmlRh01yw5F2khEpqe6LNEmS5VuyB6TGuC_RslICvYSYqW4aeMhoXkudbdGtmJa-h2QwKoUFyfA8b_UFsjXjPlnKTAChet0UJ_3xHgX9QXmYH91wpsfhhLTfpp9vlcm23ZcF0qCpceH7kF4hNZ15dTsQaliV5ORxZS6XwaXNzd9uwNDKLAHC2LCcZ8tYliQ6Ia-W1xe6bt3mlNL8NBdMzcFyYmq4c6_ch1eqbuSU34DC9C6qKQA-X6ONo45PZtUkgxX4a2Whq8no0pAg7QKGKUilVzXoJl0Az1lM_2YVjvox8yqRI7KLGAmua0ZKGeaBr7ZoSNGbUEdKn0AOtZwqFI1xEQpKvgBAGABqufqc3aouL1J6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2DR9Ymm3GBHY9xr9YVzyZwAqOMmg%26client%3Dca-pub-3831894559014614%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame EF7E 2 KB
1 KB 19ms
18ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame EF7E 308 B
636 B 21ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame EF7E 293 B
621 B 25ms
20ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame EF7E 43 B
347 B 24ms
19ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=-Vq33bjfJA5qzPl_WFU2Bjn1fdULH2zrVWbOI_dJZe_wxZuCZgoOs02LwtGoFk8BoL9zWPxAT0dvhLUJmW_JBrWcQGxzNHFXnXQb9-JIri8WPb8rzGSie9BwVValaVuSsiLAs7MwQzvh0vRxfQMSpenErQfuxcMmMBiLesu0wJST7rIId-Fih8wbAvrZXDIg93y5Hli25VzMpYn2LHZdQwWnImTufw-KQbAC6DESdDWnLKjdh1a2PxWYuDNRV5alIkSV6Jh-mQ49Cad1JOK8CIBvwCiYIiMBBmUipbU-ty2qS-assK9I6cj1S45qLCQiu05egI8uTsUTiEgRTcH3tE-8blpzZqgDMqYuNLfXQKBY5F2tfkeGE7Qpd2YWI5JDeDg6ovDdFdRoJDyZPVLa_wPVEVSDbEaDRjOLXxGDR6By_yIH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2440133
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 86AB 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e0848fdfc6210af48d9b25475f7cb73bb4c67dce8efb4b0445d9bf0061c2faf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 774F 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a137b92fb0de67248f994cdf095d81f7cf2de4cc8c58b8215140bb9c2a2d8077

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame EF7E 12 KB
5 KB 41ms
16ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3094442
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4418
last-modified: Thu, 22 Jun 2023 11:22:44 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942f04-1142"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NL90XzAYfZj%2BW96fYIeL5so7a%2Fj%2BvOZmV4Zv0wgDal8R%2BYi%2FHOBPQUs3%2Fc0mCL9Tcu%2B3GEWSgSC2Nd6w6w3jwZ%2BliHga2rIq0He6B9MDgoimE80yGrlyDajBr9vVzb%2FDSvdD%2FhvcoftBFfAmlniI0WK1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 80a1f48bbff51a6d-FRA
expires: Tue, 10 Sep 2024 11:26:47 GMT

GET view
securepubads.g.doubleclick.net/pcs/ Frame BA0B 0
0

GET rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame BA0B 0
0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
13 KB 392ms
392ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=4034717759615932&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2C2666bedf-a47a-4e6f-957d-aace974684ad&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=990x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=9&sfv=1-0-40&eri=1&sc=1&cookie=ID%3D930eb98dd228511d%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_MYV1Ih5ZXVGemIq1c8zLVXCrXVB7Q&gpic=UID%3D00000cacdfb29891%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_Mbp6dfNZS7er8qvuJhrfRpG14uJqg&abxe=1&dt=1695295607625&lmt=1695288407&adxs=305&adys=135&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=990x0&msz=990x0&fws=0&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhkKCnB1YmNpZC5vcmcYtZ_4u6sxSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGPOd-LurMUgAUgIIZBIXCghydGJob3VzZRj1n_i7qzFIAFICCGoSGQoKdWlkYXBpLmNvbRjznfi7qzFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGImg-LurMUgAUgIIag..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.01%26bid-p%3Dgoogle%26bsc%3D87&adks=2616755907&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a3783289b656f3bb1e6c0ce02906336b2e7131ef4f64c17f984dc1928c32628

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12984
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 774F 33 KB
33 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 05:14:28 GMT
x-content-type-options: nosniff
age: 108739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Sep 2024 05:14:28 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 5B64 2 KB
1 KB 19ms
18ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodgAPNzsJHUpFAAZHbx3ZDvp0qqV99c9ueg&u=%7C%2FBQyUNtUA%2B7ka6fQNaByRgMsddH0sTPe38StH49TBH4%3D%7C&c1=TEbw32HdmhlTb08vzaRE0-J3aJQULXRb6S19EAZ80X2gBTzv4Dq5xMxb2AiDpyinZYbjjDWoUakI8AR4rBwCK7-arpVDLb3syM6NZMgTNGS6D67Der0wbb3afMUwQUw1B1COfIo55o6BjlUavbGTnFZPqh03v9JZmZxCIyRfc5aVeHyezmeHQst09cxmM67IvMGB5xewuXNo2OpB807hIbXDPi1mJUdmA4eS-F5ixCsNZ315qn9s_VJhCEcx-sJNz9dWBT2Gs3MGKgH_QHquiTSth6N1tYRPTSWfv9vKMsPYyg3O1wmVPC9ao6KZJB9MG0mOGgrzKUZG_vxQSxJinzNpa9NHNhbSUklh8Phe1UAnOM4LwCyntlRTaMMiQBQTjsnC4P8epsfOZr_5S5_mVlEmHfLhvLID3Di0of7PYw8K339k334JHHSBNC55ThkQ60HI8-S9qaa9ZkUGFGlScADlFubpWoehI4cjBmuHSW3R8ZOLDaRjOwFJd0_8vDBCrQByuLrXPYnqdxRhctt0QSEaDRC4HdXeJHV6469sKUowHaxLTis6HzasiMvmucrFr3PK6ZIFUwSeHHQ97PhoM7DpBcU9zn5ZF8CNTEB2H0GJZQhn6k9eaQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1ygYdigMZbvuPMWU9fgP746ZkAnJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzgzMTg5NDU1OTAxNDYxNMgBCakCWDswZyTYsT7gAgCoAwHIAwKqBIYDT9DQa5wF43LDCvv1cr2gnXreO2Tmw_D414elsRFr_dXqtTac_0T_oNlhbaxE4K8_CCjbqvOXU6fP91f8xPunmL23qmOqR6L3MMqK_X7w-l_KqBL1AtuHd_Di0ySK9z-SYPtYlqvIv1A1p4FoF3u2TOZoNBW1GWM780IK6dee-GGlqqyuuw-C_2uwyxnprksvuPdgk438kynTRHQSnKRIgqCvv6T7A2lmLVIY_KkyW5i3EceZ4xaK9YNZqTvXSj4aS6qA_X1bN9fnePIODJX7h6yCvm98I3GR3tkUeD9j9rYwKwNmzCOrEfDPS8YLwWN3ZB8lRKb61Ej_4DXphXAYj7q4m3M5dx9ALm6UyQMIraPBIvfp-HRPLz8-0fNL275NcsbvZXK1uEGX3NsrAwYFZCqohRW3Ii8jpFWM3mQlIuIgipfflqPT3jNWPhXUbVzlZ7LCD-Y3_NU9NObrNJJ2RRHEu42gh1YLhRdBZf1DL_8TjLQ7E2U47oOS2J0XGLMM04Vlq28d4AQBgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDD6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2CBmCDKigADE2Y9lnsQcXqOqJTUg%26client%3Dca-pub-3831894559014614%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 5B64 2 KB
1 KB 19ms
19ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 5B64 308 B
636 B 19ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 5B64 293 B
621 B 21ms
18ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 5B64 43 B
347 B 24ms
21ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=HXXCUymgZirj74bXG1PeTTJQRUbm6v0As7EedKtTJ-RLnvHn3ah-qQAblU9UFj6PhPSi08RRwQe5GvCLcWix-gVfbZ4-1fF92myPSx6fKlHWxStecrkxgZrKPr3TmkY2ct1kU7_J960ypLW76m08SmnM_G_C8Xu3sWrwjRjxwhWxub-hNJ5c0omts9pK6qx8fM11FTl1NV8D_-WAkpdOFOq5LySb9wiylIy8pHHz3M71jrQ6AwWZK6h97jbhiFFDP0Ps8YjABWqsTIvDV80UZQUPTQRP2ntHodnP2tfiGceJXSABUK6TZXv88twjpnMqPYcF00LX32Wyh0ufAwDm6uSsScLmgzzopj5hXP5waZqWElCvGxvmVTHlfeJ4tX9DXTs7K3zitUeM0k2f_uRBGBqMm7YKTR_mzVhJneZzCl30S5vM

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2172146
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 d9abca6be7d94bbe8bd2259f214997df_bf30d65bea6ce8e831de078c2d4e4a8c.png
static.criteo.net/design/dt/915/4938679/ Frame 5B64 12 KB
12 KB 22ms
19ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/915/4938679/d9abca6be7d94bbe8bd2259f214997df_bf30d65bea6ce8e831de078c2d4e4a8c.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

3de920c1b1936d7ffb7ea434867bfd9c7d89482d1ae8d47216f46ec2191f0947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Sep 2023 14:31:43 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64f1f5cf-2ec0"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 11968
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 16f0b0bec3c045989079f85db7c80a5f_32b7f91039628317fea7be7bd843d23a.png
static.criteo.net/design/dt/915/4938679/ Frame 5B64 11 KB
11 KB 21ms
18ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/915/4938679/16f0b0bec3c045989079f85db7c80a5f_32b7f91039628317fea7be7bd843d23a.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

331f5de5931f1217c7c4ba45843880fe26986ecd3713377632730da9caa45a5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Sep 2023 14:31:42 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64f1f5ce-2a75"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 10869
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 montserrat-400.css
static.criteo.net/design/googlefont/montserrat/ Frame 5B64 2 KB
803 B 18ms
14ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a81d25118c6f7d835e9ca132b995b8aca46e3575ee4ab2136ab96ac8d5e4688b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 montserrat-700.css
static.criteo.net/design/googlefont/montserrat/ Frame 5B64 2 KB
803 B 24ms
20ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

77a44f65bb6894c92e3c7ccab98de0fc357172221cc1dd45949ab938c0c7756a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 montserrat-400italic.css
static.criteo.net/design/googlefont/montserrat/ Frame 5B64 2 KB
805 B 21ms
16ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400italic.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

236ad1751a315730db4bd8c83d1e0091b9c8ad0adad9b3ce1e921cf332ae030f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-693"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 montserrat-700italic.css
static.criteo.net/design/googlefont/montserrat/ Frame 5B64 2 KB
805 B 23ms
20ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700italic.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

695d34963031ace845727c8cd337fd8d3bda87cbf8085e489ee40aeab105eb90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:56 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef80-693"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 zepto.1.2.1.min.js Show response
static.criteo.net/zepto/ Frame 5B64 27 KB
11 KB 25ms
21ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/zepto/zepto.1.2.1.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

d5afe6c33d091af7c18129d4a4e0b04e1e788bca54ab3444c83a7ed5c808f4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 07 Mar 2023 14:03:16 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"64074424-6cc5"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D876 0
0 52ms
51ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CcgbRdigMZc7TJsqy9fgP6K2QiALJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzgzMTg5NDU1OTAxNDYxNMgBCakCISI9W-HhsT7gAgCoAwHIAwKqBIIDT9C_1lOnqz9Nx9gRfF4tnCWQ5-VFxk7ipyvAIbx0RUqDDmaES6d76FFF-CUF-iI6OIuQNHzKRLZ_nSd7LOoNL_iviRaa4iRG0XlmCqH9WweEq-b89-R4ZP98ZDfDF_mkJiYou081RxSt5ZZG6j9dL6TR3JyAgREMDpI3O8bLBwFhl350dfT8sl1kOjyT50vnYN3flzIrxehOnYGoOzF3yeNsi1_fDUvv4V3NNrHY3tAyc6uUlseY2XxcUK7uc-rHWiAoxXkDfV4PO5TpebBKsZkpR--SCK8ROeEQHNK3RqSOP6od24E_s5UESBjem5Kw6Gs2q_CoFKaVsqTbETT9Fw4vfEnETmOh0g1KfU8LTERnN77WQXO-Sa7ni2BTM6LvUjYCAUb9-2Mw6CjPME2rhvHJUXQnscGKpSmwRDhSHEXZy0_PoEbWbq6lSB0ykbDocr_WONhTxUhf45KHQ4d6iTvlECbQWBaA4ejupYOhMowkNkJit4w3EyEcDEZY0FCWQnrgBAGABqufqc3aouL1J6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi0zODMxODk0NTU5MDE0NjE0GP35Ew&sigh=4h7dc0d7iRY&uach_m=[UACH]&cid=CAQSSwBpAlJWxyYLIqylqgjptf6dDfvAceeOsy3HOiw6QbNDNUVTcJFx-gzz88DiiKuT_VE7fOfgXzWyuj81EUBU7DqY8RRP9Ve7z3JUXRgB&cbvp=2&vis=1
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame D876 0
126 B 77ms
16ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kMWCFOzZW8oHWp2DYgICAAAAehsU7mqCfbIQdigMZZdtFV6pXQSY1bMAABIAAAoKQVFVRER3RUJEdw&wp=ZQwodgAJqc4JHVlKAAQW6M5N0tKR_X66G9K4zA&cbvp=2

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 175781
server: Kestrel
content-length: 0

GET
H3 200 controls.js Show response
maps.googleapis.com/maps-api-v3/api/js/54/6/ Frame BB50 87 KB
23 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/54/6/controls.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

359456fbc71667b68bbb79ff729e32cab72ba7e8d2a824b0f552511fc866af2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 20:03:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141787
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23570
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Sep 2024 20:03:40 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame EF7E 12 KB
6 KB 18ms
15ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 59ms
42ms Preflight
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=CSQ9WdigMZdipK4SZ9fgPj5-6wArfirOecrez-vqAEv6sxcXCARABIJWbyiFglQKgAe3S-twDyAEJqQJRvhI35texPuACAKgDAcgDywSqBJwDT9Bj0KYMyKg1_b8Za0ndObgKZPGNCd4pmMcIruuRqe-HOMdCjcq6CSbtwnzJPXfXidm94Qv6DRaSE_OXrF1sHqnWhEmT2CVmK_WndI8ISKSc3u5YoVNfBh9u2qRLqxD1L2iowQcF8h87VvHW5_OaGKBTrWRWZOY74CIClxfKOBt8Irs-LiHcH79k5mQ4tufoxoxuK-27dBwCziJGNUtZ-_oahhfRbQ4DJQ-gZHzeFvVAo_GDexrNWMYSKyPAD4Om7Z4rQ6y0XVBTCePiDTbOiNeZy3_cNmA0o16NYnO9nFkcvZIAvtldYP4eXNLqqrDXVL4PVgMfnxw-AvNAGYHsg9AgiuU15mhDX_8Ui9O19AFkipni0hF9fYN6Ugl5Ftm2Hj3wmNNcKvHmzhGcmjJQUX7ie1pdXvzim3ZuVgnDVYu7RhGaeGc4A9ZLlQubjGAM-AN8zm7EUsqqX83a8mCjP3Lxa8afUgkQC0qgfqG9Wri9QSxkoCzU-KtCYgqjo147j1_UnS49hLguLXK-ASllVN5_GjOV0WhIDfgN48AE2P_svukD4AQBiAWPk47BM5IFBAgEGAGSBQQIBRgEoAYugAf7rIUjqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQjaEN0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MJoJGGh0dHBzOi8vd3d3Lm1hLWJpa2UuY29tL4AKA8gLAbgTiATYEwrQFQGYFgGAFwGyFx4KHAgAEhRwdWItNzUwNzQzOTIzMzg2NTQxNRj9-RM&sigh=9j3NRFk6uuM&uach_m=[UACH]&ase=2&cid=CAQSSwBpAlJW-UTSEu8KX2_DEyk5ZDD_A4mImHeYgCCzfO1H5G2wNSPShu4MeE5ewV6xKBy9G090y77kab9d5H_rphZvfIGama9vr_A9DxgB&template_id=520&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 21 Sep 2023 11:26:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/ Show response
www.googleadservices.com/pagead/ar-adview/ Frame 774F
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=CSQ9WdigMZdipK4SZ9fgPj5-6wArfirOecrez-vqAEv6sxcXCARABIJWbyiFglQKgAe3S-twDyAEJqQJRvhI35texPuACAKgDAcgDywSqBJwDT9Bj0KYMyKg1_b8Za0ndObgKZPGNCd4p...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214055956728149209734%22,%22debug_reporting%22:true,%22destination%22:%22https://ma-bike.com%22,%22event_report_window%22:%...

0
708 B

405ms
63ms

Fetch
text/css

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214055956728149209734%22,%22debug_reporting%22:true,%22destination%22:%22https://ma-bike.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221000253805%22],%224%22:[%2209-21%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216071334514346407745%22}&andc=true

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"14055956728149209734","debug_reporting":true,"destination":"https://ma-bike.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1000253805"],"4":["09-21"],"6":["true"]},"priority":"500","source_event_id":"16071334514346407745"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 21 Sep 2023 11:26:48 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 21 Sep 2023 11:26:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"14055956728149209734","debug_reporting":true,"destination":"https://ma-bike.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1000253805"],"4":["09-21"],"6":["true"]},"priority":"500","source_event_id":"16071334514346407745"}&andc=true
access-control-allow-origin: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 178 KB
178 KB 21ms
18ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F771%2F4896814%2F52bd97b1094144e09d0b3d304baacb88_img_square_1.jpg&v=3&w=1200&s=ScDaX5aoKNN3CVkLuIqoP-YI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

05330d5dbbd10cec9453324b880390cd8e7fb10810fcdc68c1df8d16fefe88c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 182172
expires: Sun, 25 Aug 2024 14:53:55 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 8 KB
8 KB 38ms
35ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F45%2F45556646HG_14_F.JPG&v=3&w=400&s=XXrgOYsbSDg6ty-N5qV_zueQ&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f009783abd06f5969af2f4320808c4c8ea7aa1ca8a9b39fd623529b0560514ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 7740
expires: Sun, 01 Sep 2024 07:33:09 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 11 KB
11 KB 38ms
36ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F15%2F15326673AE_14_F.JPG&v=3&w=400&s=uTHtSkT6zsLn6YmHKaDNlPNT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9cf1eeb5939d8e09fe23cbbe84cea81338d57c26cf667390b5116cc937d7ac8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 11084
expires: Fri, 06 Sep 2024 07:34:17 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 6 KB
6 KB 39ms
36ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F48%2F48317247XI_14_F.JPG&v=3&w=400&s=Z-WfR1AF3DWW68piHcOGnCz6&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ccf88565831ef00f60fca35716fd9fb895c4b43d61fa8913cde4e40ffe502114

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 5840
expires: Sun, 01 Sep 2024 13:37:46 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 3 KB
3 KB 39ms
37ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17402186OL_14_F.JPG&v=3&w=400&s=0KjxCIqEhyVx9lF9aNDJlxlO&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0868aacf6285975b446b3e8dfc53cfc744eda42ec10ea833745dfcf87d1b3f88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 2598
expires: Tue, 10 Sep 2024 17:04:59 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 3 KB
3 KB 87ms
85ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F14%2F14330491XU_14_F.JPG&v=3&w=400&s=RkdJVNc7pe5gQ7dlX6Cu-mE3&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

bc4951d8d2bd782e48d91ff43816e52a1749db33df0d35c98626d6278a82d1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 2908
expires: Thu, 05 Sep 2024 07:16:27 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 6 KB
6 KB 73ms
71ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17606676TK_14_F.JPG&v=3&w=400&s=I-c90paIvcOFOaDl6MTtQmwh&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7cd372d99ce5dafed02870bb8d710d245aa305e356bb69818904360d16270691

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 5854
expires: Sat, 07 Sep 2024 16:36:45 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 6 KB
7 KB 41ms
40ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F45%2F45805163BI_14_F.JPG&v=3&w=400&s=kWjbeoQrPkw5RcskbCg0xxLx&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ed11ba9b3b2f532099cfd54e432be8d22a40a5f55802b2cab85c4052e21c8d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 6608
expires: Wed, 11 Sep 2024 06:37:38 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 3 KB
3 KB 35ms
34ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17344226CI_14_F.JPG&v=3&w=400&s=LtPMzYMdyayJJCTQEMcp4F-9&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7ef7020b6a27f36a0813a0c8c2cd4cfbeb525a8ce86fb992382e2a73979bd2be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 3348
expires: Thu, 12 Sep 2024 16:31:47 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 3 KB
3 KB 36ms
34ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17504694KJ_14_F.JPG&v=3&w=400&s=Im0P5v6fxioV9HwJRUWTyRSs&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c342c53676dad7012ed7d53b8c658542fcd2557cd04a42e4b4aa0d973f6d83aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 3340
expires: Wed, 28 Aug 2024 20:00:47 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 9 KB
9 KB 40ms
38ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F15%2F15190112NJ_14_F.JPG&v=3&w=400&s=0fjw0eKg2URcZmlRSRwN8omh&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9c8e7f047a78095f1dcb55dca5f44a187f49121b96d1b14b17edf0a564831139

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 8916
expires: Fri, 06 Sep 2024 11:30:04 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 7 KB
7 KB 40ms
39ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17576488MW_14_F.JPG&v=3&w=400&s=sPF8jQ4cvKSpGDhKKckItpVv&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3dbbeaf54de486a9143afd90dd78305771ed82f5d6542d94a81c7f91b48a976f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 7338
expires: Tue, 10 Sep 2024 08:28:12 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EF7E 5 KB
5 KB 39ms
38ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F15%2F15355244AJ_14_F.JPG&v=3&w=400&s=wvfOjVQsAJHUdRDLLI48HeEd&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

398f4f5de3d8b611dff130d46f08c0601ddecc95f5605b21e272a5b99f9f1332

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 4748
expires: Fri, 30 Aug 2024 19:14:09 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame EF7E 0
127 B 17ms
16ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=wBL__8J5d5qakzeUNj0LwGUoPc8mslW8E7-R6nBzVfg7uDPFggHWl9zhoqF-P9WPqAipXxk-UtLuOwOSR1S5Cu4IvoHRNWlEO-qDmkcp2NlEuCUbDU81XUvBN438PGjTHVYBAVajw1WWdQZ6acfE6CoFKQXa3V1WJAl65h7K6zNx9cvqOIgOAg-QaC5HY3JTiRCn2uX07N4o-RdGH4YMGM4ELQMM3yWmAGLKqk16YngHh08hnDABcC-ktT4&sds=2&rev=88356&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame EF7E 2 KB
1 KB 23ms
23ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame EF7E 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET view
securepubads.g.doubleclick.net/pcs/ Frame 5276 0
0

GET rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5276 0
0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 38 KB
16 KB 340ms
339ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=102211537610441&correlator=2578020398810954&eid=31078022%2C31077899&output=ldjh&gdfp_req=1&vrg=202309140101&ptt=17&impl=fif&iu_parts=44890869%3A22486354450%2Cca-pub-3831894559014614-tag%2Caffd9193-cf82-4e56-9e6d-fef711e332ac&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=640x280%7C480x320&ifi=10&sfv=1-0-40&eri=1&sc=1&cookie=ID%3D930eb98dd228511d%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_MYV1Ih5ZXVGemIq1c8zLVXCrXVB7Q&gpic=UID%3D00000cacdfb29891%3AT%3D1695295606%3ART%3D1695295606%3AS%3DALNI_Mbp6dfNZS7er8qvuJhrfRpG14uJqg&abxe=1&dt=1695295607791&lmt=1695288407&adxs=323&adys=299&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.belajarmakeup.com%2Fsalon-kecantikan-purworejo-klampok-banjarnegara%2F&vis=1&psz=640x0&msz=640x0&fws=0&ohw=0&ga_vid=1648041764.1695295607&ga_sid=1695295607&ga_hid=1900590104&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY8534u6sxSABSAghkEhkKCnB1YmNpZC5vcmcYtZ_4u6sxSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGPOd-LurMUgAUgIIZBIXCghydGJob3VzZRj1n_i7qzFIAFICCGoSGQoKdWlkYXBpLmNvbRjznfi7qzFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGImg-LurMUgAUgIIag..&dlt=1695295605671&idt=507&prev_scp=ti%3D37a06333-e3c2-4a33-8e4c-fcd8104c0da8%26chrand%3Dy%26pof%3D0%26bid%3D0.01%26bid-p%3Dgoogle%26bsc%3D87&adks=209278443&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

831ff38da677066efd7cc309a7bc7489086997e2e4aee722196d1e42102737e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16194
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.belajarmakeup.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 kgPu8ucFjQWm9sPwItG3xGC9C84b-jPcUt_enD3F6OI.js Show response
pagead2.googlesyndication.com/bg/ Frame BC9A 38 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgPu8ucFjQWm9sPwItG3xGC9C84b-jPcUt_enD3F6OI.js

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9203eef2e7058d05a6f6c3f022d1b7c460bd0bce1bfa33dc52dfde9c3dc5e8e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 07:20:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 101177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14666
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 15:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Sep 2024 07:20:30 GMT

GET
H2 206 1ed85167332047a0af6c11c1b59d0eaf_5bd5b2b47f9207338b744da56f27355b.mp4
static.criteo.net/design/dt/915/4938679/ Frame 5B64 14 MB
14 MB 17ms
15ms Media
video/mp4 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/915/4938679/1ed85167332047a0af6c11c1b59d0eaf_5bd5b2b47f9207338b744da56f27355b.mp4?ibv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Sep 2023 14:31:43 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64f1f5cf-e1dff5"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-14802932/14802933
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 14802933
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
DATA 200
OK truncated
/ Frame 20F4 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9ebc2469db29ab3edab311e7f0ca5e3c027881a2b6feb30c84636ecb102fa74

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame F5A0 70 B
265 B 188ms
68ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEKHiP7moLzhtJxKxWWX9Ang&google_cver=1&google_push=AXcoOmQFZvpQIG7hgjUmFO0hKYuBjIP27RSqhULqENamP-G8UQc8HUQA3NAkv_H2EqM6TQaDCO3yDFsA5TA3ijl5BKyQpvXLy2g
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F5A0
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEKs9GaJzJVJGlQAh4ojhdUw&google_cver=1&google_push=AXcoOmQod6k-KJePPkm3BtHXGCCXgOeGzx_MXZGlTLfcK4wouUEaYh3IZI-iimgRafUl9DW_xN475GNdrA0Ltdf3deVmZBn...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEKs9GaJzJVJGlQAh4ojhdUw&google_cver=1&google_push=AXcoOmQod6k-KJePPkm3BtHXGCCXgOeGzx_MXZGlTLfcK4wouUEaYh3IZI-iimgRafUl9DW_xN475GNdrA0Ltdf3deVmZ...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQod6k-KJePPkm3BtHXGCCXgOeGzx_MXZGlTLfcK4wouUEaYh3IZI-iimgRafUl9DW_xN475GNdrA0Ltdf3deVmZBnYydM

170 B
188 B

26ms
19ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQod6k-KJePPkm3BtHXGCCXgOeGzx_MXZGlTLfcK4wouUEaYh3IZI-iimgRafUl9DW_xN475GNdrA0Ltdf3deVmZBnYydM

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQod6k-KJePPkm3BtHXGCCXgOeGzx_MXZGlTLfcK4wouUEaYh3IZI-iimgRafUl9DW_xN475GNdrA0Ltdf3deVmZBnYydM
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET pub
cs.chocolateplatform.com/ Frame F5A0 0
0

GET google
sync-dmp.aura-dsp.com/match/ Frame F5A0 0
0

GET
H2

200

report
sync.teads.tv/um/ Frame F5A0
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEImWqKekI0uu...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRQIxjDlecNYvJITZTBukvrkjCBwW3HxGpCXHUyb92ue0nJzdTXrelRDbcZELVBxg11LgqbgmbCtaNhtCRfEPyb9zWMsd4
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

44ms
43ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

expires: Thu, 21 Sep 2023 11:26:48 GMT
pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F5A0
Redirect Chain

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_...
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=335c1656-a319-4d22-87d9-c95a84bdd15d&google_cver=1&google_gid=CAESEA3EEB5oqRUZCB5kQo0we14&gdpr_consent=${GDPR_CONSENT_109}&google_...

170 B
243 B

38ms
38ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=335c1656-a319-4d22-87d9-c95a84bdd15d&google_cver=1&google_gid=CAESEA3EEB5oqRUZCB5kQo0we14&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmTB3NVRSPf0wz1LrV3t289W9XHLX7czZVJkqvJ_QzHtZNwhT1_gOt_DxN3BwYeWOSRWjUIuHS-ea4-t-rvyTZwpgITXv6lL&gdpr=${GDPR}

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=335c1656-a319-4d22-87d9-c95a84bdd15d&google_cver=1&google_gid=CAESEA3EEB5oqRUZCB5kQo0we14&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmTB3NVRSPf0wz1LrV3t289W9XHLX7czZVJkqvJ_QzHtZNwhT1_gOt_DxN3BwYeWOSRWjUIuHS-ea4-t-rvyTZwpgITXv6lL&gdpr=${GDPR}
date: Thu, 21 Sep 2023 11:26:48 GMT
server: _
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F5A0
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEBAkF7tvzPdggSQ-SUuQImM&google_cver=1&google_push=AXcoOmR4kj2AjUJF7ENUHDHGu6s0wGH9bs3fEj52C_0xnSVCsekf8_ItZY6iDB4Hc55...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmR4kj2AjUJF7ENUHDHGu6s0wGH9bs3fEj52C_0xnSVCsekf8_ItZY6iDB4Hc55tfP_t87OTRWrdS-x9EAKw0sjPPLuAbGvh

170 B
232 B

36ms
35ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmR4kj2AjUJF7ENUHDHGu6s0wGH9bs3fEj52C_0xnSVCsekf8_ItZY6iDB4Hc55tfP_t87OTRWrdS-x9EAKw0sjPPLuAbGvh

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 27f39e31.3bdc078a
date: Thu, 21 Sep 2023 11:26:48 GMT
x-bytefaas-request-id: 202309211126473729E2937AF9763A039E
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-53-41-84.deploy.akamaitechnologies.com (AkamaiGHost/11.2.4-50766152) (-)
x-parent-response-time: 94,23.53.41.84
server-timing: cdn-cache; desc=MISS, edge; dur=86, origin; dur=9, inner; dur=5
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202309211126473729E2937AF9763A039E
x-cache-remote: TCP_MISS from a23-218-219-13.deploy.akamaitechnologies.com (AkamaiGHost/11.2.4-50766152) (-)
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmR4kj2AjUJF7ENUHDHGu6s0wGH9bs3fEj52C_0xnSVCsekf8_ItZY6iDB4Hc55tfP_t87OTRWrdS-x9EAKw0sjPPLuAbGvh
x-bytefaas-execution-duration: 3.75
access-control-allow-origin: *
access-control-allow-credentials: true
x-origin-response-time: 9,23.218.219.13
x-tt-trace-host: 0195610f43f1668655ce59191b110599c487f71b416944e94b36fee1afefe215a9eb9a69930f1f464832a13148780a45b7b21cff89f2dfc4528032ab5dec65f986e6cb254ff50e01787778eff82f0f6d4b6a9486c5e703a52c2c9c63e51222b33371ac370ece0a22107a64ff0b6e2e40de
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Thu, 21 Sep 2023 11:26:48 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame F5A0 0
130 B 76ms
33ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IzLNhI6JPYABbZtUjscvQEU8k8nSbcsxzjM6ueKGn3qm3zYd2fJ9TiYK_VauTlmQH3tM6Fx9VS4A

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 90ms
60ms Preflight
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 21 Sep 2023 11:26:47 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 montserrat-400.css
static.criteo.net/design/googlefont/montserrat/ Frame EF7E 2 KB
803 B 78ms
77ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a81d25118c6f7d835e9ca132b995b8aca46e3575ee4ab2136ab96ac8d5e4688b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H2 200 montserrat-700.css
static.criteo.net/design/googlefont/montserrat/ Frame EF7E 2 KB
803 B 77ms
76ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

77a44f65bb6894c92e3c7ccab98de0fc357172221cc1dd45949ab938c0c7756a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame BB50 302 B
286 B 31ms
29ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans+Text:400&text=%E2%86%90%E2%86%92%E2%86%91%E2%86%93&lang=en

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/54/6/util.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3fb3f4f18d94f4bcc3dbf87e16bd68982e85b46458a261f79c0e5c1852fd579e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 21 Sep 2023 10:12:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 21 Sep 2023 11:26:47 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame BB50 31 KB
2 KB 31ms
29ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Google+Sans:400,500,700|Google+Sans+Text:400&lang=en

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/54/6/util.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aba6041f1becadff83abfedddb95589247a601677eaea7e1979c4dc770b3a071

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 21 Sep 2023 09:33:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 21 Sep 2023 11:26:47 GMT

GET
DATA 200
OK truncated
/ Frame BB50 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 624be3bf55395ccdba7de5bed135b256b891ca3659b73a8c6559cfeff76b4eb4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 638 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 96827d119793d3b1f43be25de0a51e3fb1d6000412725f6c16171a6be280cd38

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 170 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e21f21ceee588a5075937d9c86ce41c2035489f6a33e612332919f001f506e43

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 170 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44f6af983bb8ac6c2ad7932b4f2e34afe733e6b0249731bdee1eab73aaf547e7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 170 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f19e80109c6b75e5a71833046247e1c120e9503028def5e62983bc8f97cde6ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 c
c.mgid.com/ 43 B
265 B 85ms
84ms Image
image/gif 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.mgid.com/c?f=1&pv=3&v=311|108|8|Ftm3yX-g6Ecu6Ql96hp4cAgE8fiBmvlue0SImQ0rB5J2_1bhN6RzfZLxzxZ9irkTsxj3m2OzBWpKuKk3Zpmo9g**&fw=1&extjs=66044&v=311|108|8|Ftm3yX-g6Ecu6Ql96hp4cLmhpUPdDGrJjqb5069EMDttpDRL5FUql9iBaoiFrx84PoFsIeNfnhIFTEP3xGB_8A**&h2=lhYiY_ofmgUB0niIDuRJVw37fxoOnrDH2eShcbwW0Pk*&rid=bfe6606a-5871-11ee-8d6b-e43d1a2a53a0&tt=Direct&iv=11&cid=1027625&pageImp=1&pvid=18ab77e0dd4948262b7&cbuster=1695295607959758155875

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-mg-request-uuid: 55872e67-7f9c-4509-8c7e-fae4a7e17d9d
server: cloudflare
content-type: image/gif
cf-ray: 80a1f48dcb613659-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H2 200 montserrat-400.css
static.criteo.net/design/googlefont/montserrat/ Frame 5B64 2 KB
803 B 167ms
167ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a81d25118c6f7d835e9ca132b995b8aca46e3575ee4ab2136ab96ac8d5e4688b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:47 GMT

GET
DATA 200
OK truncated
/ Frame BB50 120 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 863fd75928da215976eb773b7a5fa8a5b680ed4a2feede49c912fb41c50a99c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 120 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 306ca53db6fc90ca7241d690f151bfc8db6b55c8f2de5d878a268fe6e7d3754a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 120 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ccc291db38afc31c01ee7cea2f23d396deff81e172a6285faa672cca41e6e86a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 123 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 495beca2bdc18adfe4394c8048a0ea36681b8c4d6f023c624b387818c8a968cc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 104 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d39e44c97654457b55157f95b65e8af14f655fdb5319159b8135780f7eee005

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 104 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea3a3424497eb1c906f646385dcfe1f9465edd6f5428dc3240063cfccaaf7fa5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 104 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a647a0c3cdf71c5fa9d1d5485f78905cac9e6cc70d4dc09dd994f056a80461e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BB50 107 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a670ebf8c45333dfbe0c9142945e348b6d56b7e3478ca0d596b6f891158836a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BB50 15 KB
15 KB 47ms
47ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Google+Sans:400,500,700|Google+Sans+Text:400&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 16:50:19 GMT
x-content-type-options: nosniff
age: 66989
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Sep 2024 16:50:19 GMT

GET
H2 200 montserrat-400-latin.woff2
static.criteo.net/design/googlefont/montserrat/ Frame EF7E 12 KB
13 KB 346ms
34ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5f9376c77618bf0ef43bcabf8228c9e2befde3731087b944e140a88c34066873

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-31a4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 montserrat-700-latin.woff2
static.criteo.net/design/googlefont/montserrat/ Frame EF7E 13 KB
13 KB 362ms
51ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

28f403366c2c520bfff7d5a0883f1d53e1e87ba1c8202f3f29e6395a0b66806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-3230"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

POST
H3 200 GetViewportInfo Show response
maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/ Frame BB50 9 KB
2 KB 93ms
92ms XHR
application/json+protobuf 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en&region=id&callback=onApiLoad

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

efa2e58d3a62f36ff87ac37759dd995007ef91c767d0f250a6dbea1cb924cda4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/json+protobuf
X-Goog-Maps-Client-Id: google-maps-embed
Referer: https://www.google.com/
X-Goog-Api-Key
X-Goog-Maps-API-Signature: 84279
X-Goog-Maps-API-Salt: z9BVesupFK

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.google.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2202
x-xss-protection: 0

OPTIONS
H3 200 GetViewportInfo
maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/ Frame 0
0 41ms
40ms Preflight
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-goog-maps-api-salt,x-goog-maps-api-signature,x-goog-maps-client-id,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-goog-maps-api-salt,x-goog-maps-api-signature,x-goog-maps-client-id,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.google.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 21 Sep 2023 11:26:48 GMT
server: scaffolding on HTTPServer2
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H3 200 c
c.mgid.com/ 43 B
229 B 159ms
158ms Image
image/gif 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.mgid.com/c?pv=3&v=311|107|8|Ftm3yX-g6Ecu6Ql96hp4cI-jR63PWL6QpU0oAX01UYD5P6DHQxmtIecS0O_d6TVwhrw8I2h13KtfGkEs9pwx1Q**&extjs=66044&v=311|107|8|Ftm3yX-g6Ecu6Ql96hp4cG7Mh7BLQORjN_GNYkoJduSzro6Chva3YWarCVYLhAgobSKDxwZ5ET9CqYaqDHHt2A**&h2=lhYiY_ofmgUB0niIDuRJVw37fxoOnrDH2eShcbwW0Pk*&rid=bfe6606a-5871-11ee-8d6b-e43d1a2a53a0&tt=Direct&iv=11&cid=1027625&pageImp=0&pvid=18ab77e0dd4948262b7&cbuster=169529560810869455095

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-mg-request-uuid: 55bd77cf-813c-4dda-a01f-155de4885cb5
server: cloudflare
content-type: image/gif
cf-ray: 80a1f48ebcc53659-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H2 200 1x1.gif
a.mgid.com/ 43 B
119 B 142ms
124ms Image
image/gif 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.mgid.com/1x1.gif?id=704910&type=c&tg=4d7cb1e619931eded464816f448f177f&gdpr=1&gdpr_consent=&us_privacy=&mgbuster=02ddb

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cf-ray: 80a1f48edc55362b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H3 200 container.html Show response
af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F0F8 6 KB
3 KB 22ms
21ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Fri, 20 Sep 2024 11:26:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
477 B 65ms
64ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=belajarmakeup.com_fluid_lb%2Bsq_header&pn=2&sn=3&pc=0.23564789295196534&ds=true&e=wdp&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:48 GMT
cf-cache-status: HIT
age: 2
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f48f1c8a91d7-FRA

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
475 B 62ms
61ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.01&b=3&r=belajarmakeup.com_fluid_lb%2Bsq_header&sy=dacdbfef-fb34-4e24-9bb2-c8606eba5741&ts=87&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.belajarmakeup.com&mlre=undefined&mlin=0&mlsi=990x280&mlbw=4g&mlcs=NaN&mltp=37a06333-e3c2-4a33-8e4c-fcd8104c0da8&e=lm&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:48 GMT
cf-cache-status: HIT
age: 2
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f48f1c8b91d7-FRA

GET
H3 200 container.html Show response
af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CB01 6 KB
3 KB 15ms
14ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:46 GMT
expires: Fri, 20 Sep 2024 11:26:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
475 B 18ms
18ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=belajarmakeup.com_fluid_sq_inline&pn=1&sn=3&pc=0.30459941625595094&ds=true&e=wdp&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:48 GMT
cf-cache-status: HIT
age: 2
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f48f0c7d91d7-FRA

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
473 B 115ms
115ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.01&b=3&r=belajarmakeup.com_fluid_sq_inline&sy=dacdbfef-fb34-4e24-9bb2-c8606eba5741&ts=87&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.belajarmakeup.com&mlre=undefined&mlin=0&mlsi=640x280&mlbw=4g&mlcs=NaN&mltp=37a06333-e3c2-4a33-8e4c-fcd8104c0da8&e=lm&dsReferer=YmVsYWphcm1ha2V1cC5jb20vc2Fsb24ta2VjYW50aWthbi1wdXJ3b3Jlam8ta2xhbXBvay1iYW5qYXJuZWdhcmEv
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-nf-request-id: 01HASZ2Z5R1DMD71S78MC8FEJ8
date: Thu, 21 Sep 2023 11:26:48 GMT
cf-cache-status: HIT
age: 2
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "21c8841ebef55ccccd0fc71b96dfbd5f-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 80a1f48f0c8191d7-FRA

GET
H2 200 1x1.gif
a.mgid.com/ 43 B
96 B 112ms
111ms Image
image/gif 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.mgid.com/1x1.gif?id=485100&type=c&tg=a1b56198d07e21defa3010e40d4f3e4b&gdpr=1&gdpr_consent=&us_privacy=&mgbuster=00bdd

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cf-ray: 80a1f48f1cb4362b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H2 200 1x1.gif
a.mgid.com/ 43 B
96 B 107ms
106ms Image
image/gif 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.mgid.com/1x1.gif?id=436964&type=c&tg=f4e56af0c127afdc9f77d228b1a4c262&gdpr=1&gdpr_consent=&us_privacy=&mgbuster=0a6cd

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cf-ray: 80a1f48f2cb5362b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D2F4 624 B
416 B 63ms
54ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXplIsXLcD4ykLydkTeRPvBpVvrnmPiXOexDHJy8asPnDhggwO9fijPsN252AAToAWAZZ6uRIYOz1vKjjfhBN5DuybJsWS488DzMHyTT_cb0mO5MhNENUmL38fyXVsV_FO_oHz7gs28J0eTqnlmtvpsyYkTrxT9l9BiLbAu7QWIy3WBFZLd9IZ_FJzuj1pVhVCur2wAEeFFqE-Cgq4FVEjqd1UthQ

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F0F8 89 KB
31 KB 91ms
81ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4accbcd793680c2ea0a65714771ef37d5eeb42bdaedba9882dd0d78eae09e00e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31438
x-xss-protection: 0
server: cafe
etag: 13183557946744512263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 21 Sep 2023 11:26:48 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0F8 42 B
63 B 121ms
113ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BMyDdq8nbUjGCwlWFaeJ7_9FZEC_zuiY6OhAwTOHaVqQWJ9C4yLMmyKKKKeNqQd2DOsdYKGOEDhN7qnsBUy3RA3gMEJ1_7eCevRWXl9s5KY4aFj4Y

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0F8 0
20 B 124ms
116ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3279428604392885384&x=1&ct=77

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame F0F8 3 KB
1 KB 21ms
13ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/window_focus_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 10:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3245
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 10:32:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame F0F8 20 KB
8 KB 21ms
13ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 08:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9964
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 08:40:44 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F0F8 0
0 26ms
18ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSbH7pdrvzR55CjXl1ZG6cNWA5sQokkONmOPIl7pTUH1suQlMu5wKH3J8nkvPMScxsPf9ye5DkWlcGT99wVR608TV9q3g
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F0F8 182 KB
57 KB 50ms
42ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58105
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695209545430561"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Sep 2023 11:26:48 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D876 42 B
64 B 167ms
121ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssjCVt1zN1I2p_bv0kHp01oDHM4xtfexNB1XiF0LRdtoBXUcQro_eAJ1Dp0L-IU3K5bjjkJ0VH6TJdQ6FYigxtmPuukBmuWo4uGMng&sig=Cg0ArKJSzAf7q7e72Y7aEAE&id=lidar2&mcvt=1014&p=1110,315,1200,1285&mtos=1014,1014,1014,1014,1014&tos=1014,0,0,0,0&v=20230920&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=786148176&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1695295607013&rpt=148&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 montserrat-400-latin.woff2
static.criteo.net/design/googlefont/montserrat/ Frame 5B64 12 KB
13 KB 222ms
33ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5f9376c77618bf0ef43bcabf8228c9e2befde3731087b944e140a88c34066873

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-31a4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 5B64 0
127 B 16ms
15ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=3pI3icJ5d5qakzeUY6juN6UOWZvVHCxQIVR7iPQhMGhoDaA5mqsLbxSbANUjtUajAbnX5UPaPZWBBibLXdwzsRtPB2FlF_3xxnvVofgrz1dF07bOHuHaZhMBEHSEnWCr8KEzIQVtFN4ZVziWE3GhQ4cst0k9gDSHbZ8MpFle7SaGcp0RiRimsFJm8TaBXkHJknZgMxFBfpQhDVPfz0vvEbAs4jymWxF1iNj0AzR6-iaU04aqYmTgFnI8UzOQdfoMbFMv6g&sds=2&rev=88356&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 5B64 2 KB
1 KB 25ms
25ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 5B64 2 KB
1 KB 26ms
26ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame B0E4 199 KB
59 KB 85ms
84ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodwAMyqQKhZuSAAq1Qhl5GcNEjpTWmXcxlQ&u=%7C%2FBQyUNtUA%2B7lD54J6S56Ami7Rzj%2B3rk9uipSoJCnCCc%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVJ1_mLSg5t2RHThGC1MU6dKeg3-Gpk8zkM4W3y7D9b2afwlvn-3EmNGipJo7_Q3-d4dYdiEQXshzUvjwbIZ-YSEUqURZQtXYWw8JmwXl6G0pAaVrmAmJB5JGxUHK_yqtavIDyxm1VwvzO5-XJ_hAKJEEmcdYgzGV6s7hsXcKDmex03dlVrbadQMM-Ka55cbwxrvAn7imJidjDLf9SpiDi9UZDkiMltP0b1ELWCLHA19iHXw5xdPC9qAwk3yEhJ8YFmpYlhoSCJ1WttoyMCUv-5QOl9f6WEqveVSaKJXE44mi4KPJpvtO0aGiOyR0k1WN3uoY8XAQBfE4nwwNaMjZ3073PjezBugDYQoO68kWJbF7wOUtUXmeGEJzzqZwAVQ5KGwq8eOLyAO-0ePb4w55iCKu1l_2OrA2VIMjCLGHGvyN50u6crtsvzfQ58MSDrWUdpTG8OnifWwAODZTU-Uo9y1EjO9UOccctLyt5O2W2hCxX1OvLUm_YCUdf0tbLrrh9HbTGWrIxkn1n6DiiRuz-Rs9Mwz48RqHC8PaLYkAzkaQA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZnTIdygMZaSVM5K3lgTC6qrQDsme0rFclaKX93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0yAEJqQIhIj1b4eGxPuACAKgDAcgDAqoEhwNP0GhnC3FZ3GgEe0A1fifjqNRGXDI0QjP4NVf56UJsa2O-iVyiCqwcIMo1z0jLV0z3tjIKMAAQ7H4avt5bLomdepoBMM4Hg3tnX4cacxzeYbtEU4LofHxZ8xP5nCvLU1Y2_WxasttYb0jF7LobPtBhzWY_Mg35G8NbLfguFUi1SKuu9VyM-nf-xVBF-rSzfXONmy3xekubB8SAVUZLTQ6yMlx9Via9CrOEAGObZtxk3u2sr1U6SUaM6el-rChsO-UoVTAmT8hTlTdilHZZBtB9qX9d2hSBImG2S8S8aFVDKTlTayaqJbMpdSaxkbS9Cg8mmuQt-AuY1hHLIc7fgC6CempGHaB7GjF77niIsyXRx-D1bneD2eAPVY2bfjOGypa5UORO0w2b0QPaMrDr3226AcfDC87YyXJJbzo5MZ6DnSATusrIB2vBUxxaT_8rn2L5UuxravxuBlZTaONA7BjxG0RuQpJW6jFEbosGcA2uBzsfFfpWApoGrcGHV5oYNwad9kCDhqDo4AQBgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDD6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3letTf1NCToVS2AfVLAJAgWRXjHg%26client%3Dca-pub-3831894559014614%26adurl%3D

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

68fdd9e23adcf91b3570032b470a5f56b46148649d97da0b1e259a369276b3ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:47 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=UBdMmsJ5d5qakzeUXRKdm4zy_TkcaIUOsmX5Vt0jqJYRLg6LYRCaTZJEwZH_i8YMlZjR4LzuRQI3JS803czY6ETp7Sk48HZIkEsej4LAsoRzDjcqhi_J1x0d4ZGvMGjEp5SXJiWbaQup3U_ozgVE3Ia8yNMmHaFz8y3V3kCv1kvyLy9AGwnaHrHnQRm5iiFDJsLGKahjEa9RSsUZgB3r9pqMgOUfZt8qAckbm8RffyqN6Ev522r7YSoAK18sIxBEoCtoIg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 59759068
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame CB01 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/window_focus_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 10:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3245
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 10:32:43 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6ADA 1 KB
643 B 30ms
10ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 32275
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 02:28:53 GMT
etag: 48472445140208031
expires: Fri, 22 Sep 2023 02:28:53 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame CB01 20 KB
8 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 08:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9964
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 08:40:44 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CB01 0
0 24ms
21ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSJsuKNYI6rBOjpw_AXaCkIkKYe3YCJMln-qbje-_mUj2CiVkgqcitaZmTVa1ydYkmFlFtasWIO1WnHlZB-pJ2ObAIlCA
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame CB01 24 KB
6 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 07:26:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 187238
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 18 Sep 2024 07:26:10 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB01 182 KB
57 KB 68ms
52ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58105
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695209545430561"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Sep 2023 11:26:48 GMT

GET
H3 200 QuotaService.RecordEvent Show response
maps.googleapis.com/maps/api/js/ Frame BB50 62 B
83 B 25ms
24ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent?1shttps%3A%2F%2Fwww.google.com%2Fmaps%2Fembed&2sgoogle-maps-embed&7st38f6f&10e1&11b0&callback=_xdc_._wstv11&client=google-maps-embed&token=83663

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/54/6/common.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

1086414057ff05666d945db49dda754960b8cb67d9ab53bbd69ad03cece67aea

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
content-disposition: attachment
server-timing: gfet4t7; dur=9
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame D2F4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpDUYjZec1kbP-NcJrTseQ&google_cver=1

43 B
340 B

28ms
27ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpDUYjZec1kbP-NcJrTseQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXplIsXLcD4ykLydkTeRPvBpVvrnmPiXOexDHJy8asPnDhggwO9fijPsN252AAToAWAZZ6uRIYOz1vKjjfhBN5DuybJsWS488DzMHyTT_cb0mO5MhNENUmL38fyXVsV_FO_oHz7gs28J0eTqnlmtvpsyYkTrxT9l9BiLbAu7QWIy3WBFZLd9IZ_FJzuj1pVhVCur2wAEeFFqE-Cgq4FVEjqd1UthQ
Protocol: H2
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=otS%2FU73Dq7%2B%2F3ncMCEnAxcZXyuIrcTYcWT6i0YDb6Q2Io0Ea7ZIIdvqQyAtIRkiE2B7%2BzbfmN8Z4tJjzBEMV1JHiV2qO4Jt0oBpGLBxzkFx7x9THO6dsiooZtwpf%2BVUWh4IaQr%2BzGdgfOg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80a1f4908bfa9b28-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpDUYjZec1kbP-NcJrTseQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D2F4
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZQwoeKhTU0mByXTvkI-RtQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpDUYjZec1kbP-NcJrTseQ&google_cver=1

43 B
734 B

26ms
22ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpDUYjZec1kbP-NcJrTseQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXplIsXLcD4ykLydkTeRPvBpVvrnmPiXOexDHJy8asPnDhggwO9fijPsN252AAToAWAZZ6uRIYOz1vKjjfhBN5DuybJsWS488DzMHyTT_cb0mO5MhNENUmL38fyXVsV_FO_oHz7gs28J0eTqnlmtvpsyYkTrxT9l9BiLbAu7QWIy3WBFZLd9IZ_FJzuj1pVhVCur2wAEeFFqE-Cgq4FVEjqd1UthQ
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xFFdVHnDHD%2FUxGk5qCnelrAvpZO9utqibd%2F9gQ1jH58999tpEAk7FPpnr3OERGkTI6QRTpqJpbKq%2B3jelIdJMY3IRuFJwWs7ylaiYPq1t4mFZAnH95kZfy0NuLbfoBUelhhhHlw%2BHPrgNg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80a1f491cf83373a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpDUYjZec1kbP-NcJrTseQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame D2F4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECHKtM3-lo_ap28j3KAVJ1c&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECHKtM3-lo_ap28j3KAVJ1c%26google_cver%3D1

43 B
892 B

15ms
11ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECHKtM3-lo_ap28j3KAVJ1c%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXplIsXLcD4ykLydkTeRPvBpVvrnmPiXOexDHJy8asPnDhggwO9fijPsN252AAToAWAZZ6uRIYOz1vKjjfhBN5DuybJsWS488DzMHyTT_cb0mO5MhNENUmL38fyXVsV_FO_oHz7gs28J0eTqnlmtvpsyYkTrxT9l9BiLbAu7QWIy3WBFZLd9IZ_FJzuj1pVhVCur2wAEeFFqE-Cgq4FVEjqd1UthQ

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
an-x-request-uuid: 79174f0f-6479-4993-9da5-447701cb6024
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 37.58.58.248; 37.58.58.248; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
an-x-request-uuid: a44e239c-34a9-4bdf-bed3-6eba5f517476
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECHKtM3-lo_ap28j3KAVJ1c%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 37.58.58.248; 37.58.58.248; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D2F4
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2NzU3NTk3MTE4NjY4NDk5OA%3D%3D

170 B
188 B

22ms
18ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2NzU3NTk3MTE4NjY4NDk5OA%3D%3D

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
an-x-request-uuid: 717746cc-dab8-4ef8-8118-67103fa7ed3e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2NzU3NTk3MTE4NjY4NDk5OA%3D%3D
x-proxy-origin: 37.58.58.248; 37.58.58.248; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0F8 0
20 B 117ms
116ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9164127765772&version=m202309120101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0F8 0
20 B 124ms
123ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9164127765772&version=m202309120101&ct=77&x=1&cor=3279428604392885000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F0F8 16 KB
12 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BcAZntg5yt-8iR6kwip-PM0ofO2gQNmGJ1qbZp0kfrk7W57EPHiVT83bjseNeEl6lJJm1YiL-djf99y4FR77TBoX4DMYnMDRo-thEbt9PZi9-UPaUHr0wbLOPMCu-orv6-akCx1acoC94TJ0NUj16y0fAFyvNS21fahOUBLEYvXTx4BsU&cry=1&dbm_d=AKAmf-AKcINfbI-G4sXGzwuX-3LltxcSQC7Wxd17c_wqiHXHGAVJKujwwgCMWvvVFD_hB2MV6QNUg-y9mvjcmfY5WJIE_Dg3Zc-_bTinpZcWm74a39uy1fA9WKhENCu6iw6k_bSKLvMku4h8k85d6sAnh6_4dvi5OnldLjoS_QUO63X2Np552gyxvzAgUE6v7paqZBM1GGvCjk2bFJsZFA_bGgIzLmJ79HPbL7vt_rg1kgA3l6cD_FCzogDmIud2cQsQ7P29fDQitP63jb3i6DLLTcAqyl8t67CBz5XthOTSKg0GtOfXykCH463cw-QfKlBtRNiuvw7dxUg631k3HqsrUedz_VIeBE84pLrUVNEvTGFMSnr-C5SAWGL8XzqGCDEY9Hob6YACxfnshomOpzwmhYb7IhjeG_ZcunFYqRcrPG9DPBKuabW3boDVJLIBXAoXbf6oNLBIXDZtKn0IVJJvJfyW2ff9Y4KKIzs4g9wxNctbNSJHruUR-AZwCW2PJTjxZNkKyv1pCQiUN1yrr1uAZb2jA1bzHvRpVRLuYzzceBnnAupLNJMJ3DDAeWu_nlHbkUgnSevEoQd6FZvygVRxznlXzogORXug2SAa6-iFkjD06GCwf5UwqQtYfHfx7yAs0epzHBf1MI7ydG0yLCSGVtxisJ26iA1BivTZ6Yeh7lju4wvUxz7E1UcQKji5pIHuR_A5Z1QQjj7p1MU7plT74xRGmqyhTxjtldzq8eBJxu4NIi0DmouiAd5dPsAAA1Nu1nIkHvc9wJGmCPdau-zKxSdi5Pk9z0geRf3veLEBDqT1-387jGL3c6W81BDAie4OPIfjKdSGMMiBGIDCMp3HsAOejIhLuhP1vMoxi1spjvPUHPKb8R-7UJGZiXKBcWBm5rLBXlHU76MDudYFLzC3ygpz2BD0YN112t57GiqcmUHKP-UbmM1WgW7sog6Y8RciK5CWFgoXZn6IJF639UdE8ZVnXPXwwojn2lkTv597Sk3f7Rx2uJdXLgufssiD8MBWxCPJpKYpSQMVm-5U6BOtItn85ZTTKFADDRMWXpaciQDVmWPiUK0zNWoQqkCIN96k305EvWYsqOveYNXE8ya-lTKiMKNg1zzaCK5BV3pcDez2z0TGdWo4BgBxWF9Pg0FxcGi7Qd-uNOwzv-7XKgFPSTK3MlxKzyLi2W3_9IThJQ3J2CoABSOduM8_kcTTdjCwq1Ik43IYzk4bKelUk_j5f_2n6vkC5UYIjS6N8YWu_jIsUOyCQ1BDfnn_HpImU3MD5QZx1k8DB362tSdbg2o_TUj7YTCVgB7IhZ87YeLoqelizKmriAK99SfIr9-JJHi-l6IzhfILQRnSk5Ly7ZFz0nkxMzXh2HzOvsQxT1cdVn9qQVkAqbV4caZejmCL2uYlu1RpNXXmo1blNHrLGyuM-diSDeTh2HIPXd_EyrXZNEEWwZrDHSR6x6yo5zimTGnJtAx69ekbFGbmK6YInAWHkqJOUFapjNP9RdKxXadpe_BIiNHo17PDGAmFqgCpkzgqS3jfPAQsK2I7zILYtsxepsG2v_8ImOliyMMlC7IqdWd9_KMXx_YNBzQ2oZaDIa_P85zOjGjQT0xsTn9dNFxb-_Vbnxn_TfwP0AE3b5E4MwinvjZxGX63ne6DQxnsuXBPY701gsAC7_XBXjB84KfBkIp8ak2V2VGgWNtnnIu7TdBXlflvSHirQs7RNI2u7p-JHeuangUvocTncj7cq0-_L2dkg1Wbl7L9UV8ViqI4Xl3jPm6I862QnhSSNvJhwI9GLhlb0JYaywX8mBWv33MUY2bLCzFQEwtpiUK9h10aofqqipGk417qhIIHdm2WzjK7PlUX1Hcx6XFapK9qL_1G2SZr6nt8IgGUPPDdJCXvm5F0M3lgbHUIyecg8Ij42z5v40Do77_AxuKTOK_OtUpxY-PyJoxhGiQjzRG9n-XsFNZw3mi-bobyrsnuAG7oTGwhstjZv2sh2OAPWfy6odDdtYINz1Sgp56Kk2pv1PlsjZ-_uz8NVngK9GCkkLfIoDkLP2rsQpzpcGsRokeG8_oMNIXC0XlrNtxvIJnXl1Ny1VqgCfAzb_7Xk2ilHuCwajTBObQ2w2mVWsfY-DXiyjgAYLm2cX6pVYJW8b1-3tdL0Xe0AsmYBneHAI3QXfqO0tCm4hzRFyU4HfpA5JeqkocVGyJnxNfLcpVHsm4bjoNPk2iFs1Q2_EjXEr1bUehdHsAZXO2ndulRFMOASAMn4gBB7ZLnjnFqaX05v6XgAZr9x-wCkmrTy-4tOchDjoMHDrmFXQ6FktYmg4ldQlXZ9_Gr-6YXuZZJwx7cQidBX3nrIDy-8MeyHeWpaJJsj3k0xLPSgxE3eeP-mY2JJcAb-M_rGwONq108x5giaTSsUm8u_9jgnFKFH-eTz2SshKG3KpgaXRf3VPBXxnpvIxLSCEvC1xKwZJrdLIrmCciy69bxhSKojS1JcjJIc9Amqflg1ovh-zvrC1F0bPzR5fiO3KVe0cRvX_UM_m2grjbWDXRtk3GR6kFBH2Xa__21axe5TpXRRwA0cmIstAeqd9Sx4YennOedqgDqN3LqIFxLNso0QYvgFwcWU3TCqz8L51yqtQqaagiwaRbVMcap2dtC2ZbJu6BbkFhHOdZrMgZqU2mlE3ht0L-aXuvSf2LI1n3rM2cVecYaSNcA95B6zjXAaMV547HwfE4Gbk3RpXqh8zzVzc1ZKXAQHwRypYw8SRE8WN2zUHx2zCmdregYFq0jiACc7GO4QgoGdDSSQnmc2wpSPEqZiPcutNgDR2esaQfgG2twSwyifairp0B9IAqFOH_Ctq_vsCSY2K9993BugHMsl32-IqFSnDdsXSwtLF_poJzBafIAnoUOWLedpr31LroKgKEQPRfN3H-1DQnV1r217LTrNhWwRqb8XtAYzv0pl89PFLC2CzO86kAL7ghmYGUQiD0w2NVkxkn3TiKEFlECaGsD8LMWKACGcvWqdA65CrB6Q21wQEbKgV5JrVXoexlbngE-owTVcqH3qiUhiNgI9zqoT3SuzsTWAi1xE21xteyM-KH3c-nWQ_YdVGHPMgv5gJtRxLuq8wHTRbQz46Bn27kQmPOsweEZylnhwJMIKL5-YlKOYfo1tfaekW867saRAwaH6mrGyA74DJ8dMwInrOmWVQt5IMXVHottd3eHNWc8YPCBaiJwTtrQh5BS2TxKfFmfZVQbkI5K6kQnXzwzyjxL7mdboiD6HZ6X6jjrRuc8RaHn9W0o_7H9pLhrmbSvg0qGmHnXDEN8a1Gxtaww18aWKTUcc_TpDoz-psUWBrmfu4btsTSMBc6_1WF7LK5kzi9lVNwAtKV4rZ7Iuu5oaS4TrW2yV0dPg-t5-oc-fcRlb3QkUbMIRnAU8VLcTLJxJ3UdbUcE-ollvQFeJVv8oVaQRjgNNq2N1VhPDRrHDc1IeQh7a902k-LhML6vePYG1225F1XXNYL7JjE3_UCL_UpjG3pe9KFni7TfFo7XOflA1RO_eOVz2dUxNgMXy3dMLhMRYR2aAyPZ7ISKrPAna7K3UMuC2WVaIVJOh0e_zn0cRwYPV629lUZU9s7E4cPc4vJywoEkH0r38ROEUajabl_ggIVeN27Udc9rZDy1BFjjeiyb0VqdypmxT_NeNF-jFySHIDykl0nKxglUJMw66wa9ShIZfFdV8CzZVWhoP-wVODYz9kCkicx6PzPTGJcWeb9Sg-yi8xOu05oVotZm_tKZdQhhqWTiP1yhEdueZIDS3U0bj7rEIKz7ARTBYVltDIHDxnJzCfy0z2xgGpVokOC19uUk4hdjRXmwY8qTHS1XUAe2idVtrG0ni5PLw6P-Q454quxpWJA9FfQ1VTKT922xRr1inc42YuL0241r-M76DWs_pPXQd8o1xVaLZYxIQo3v7KzpAYlV3tHFdeaSVV2PLs8iLzvex9iijQeqRWPYaG-SI6sJQg04HQcS-82K09STG5CinmrJOm2dM2vVxRCW1d_8AV54qCdG44dWPTAqA5ZCf4zMr6nw00fDjz_uyunzi2fo1NTc-4DpDV5ftG3Mn2x-o426z60nVEfFiwP-D-2DU3UBflbdgZmtPcFUtuV5wQ0IBafS4LU2x2CHRLww-2LYd38&cid=CAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB&dv3_ver=m202309120101&rfl=https%3A%2F%2Fwww.belajarmakeup.com%2F&ds=l&xdt=1&iif=1&cor=3279428604392885000&adk=3944675600&idt=100&cac=0&dtd=59

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4a62911a0f12ac0b9e75dbd65bdad3a27f4ca26de8fdcc5e4d5b33b658bc13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12216
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame CB01 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9eea5fc9c25bb85d1a7680341abf2e439f379b259375266bc51a8facd443a16

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 6ADA 0
104 B 531ms
26ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEHIPJxzcqnvwNbH-Bfof-DQ&google_cver=1&google_push=AXcoOmTbu12EjEBDq80VnZ5f58E14b4lZFunP0tcQJsVWONG1Ybs0kcQsl69W27sp_aV8JW2lq47f7J70OhTgSE8F0J7kCDUMFKc
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 6ADA 43 B
146 B 91ms
33ms Image
image/gif 3.124.69.248
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEPcCQKdzhPr6Vikoi5ERHZY&google_cver=1&google_push=AXcoOmQo8fA9mEV6Nso-v7JyEMDMk_ghLR0GAAqDdT5_V0tVZJxPk9fp5uxHCF_LNAFS33277EFntZAshJS6AVdH3Q1gVVki9JA
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.69.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-69-248.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6ADA
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTNHx...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-_Njh10B3zynurw3uR8322_BaGgughLKFJxF--g&google_push=AXcoOmTNHxUM_8tnJCPadNpYGzJW9YEqkgiv51sT_TqzWCzJBbs4YVTDip82yXN07-jZ0Aw7vYZlGrVEjdbk...

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-_Njh10B3zynurw3uR8322_BaGgughLKFJxF--g&google_push=AXcoOmTNHxUM_8tnJCPadNpYGzJW9YEqkgiv51sT_TqzWCzJBbs4YVTDip82yXN07-jZ0Aw7vYZlGrVEjdbktaEqTTt92udASyRw

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-_Njh10B3zynurw3uR8322_BaGgughLKFJxF--g&google_push=AXcoOmTNHxUM_8tnJCPadNpYGzJW9YEqkgiv51sT_TqzWCzJBbs4YVTDip82yXN07-jZ0Aw7vYZlGrVEjdbktaEqTTt92udASyRw
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 876935
content-length: 0
expires: Thu, 21 Sep 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6ADA
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEFBXrgFzrhJnq4ZAYK88qJU&google_cver=1&google_push=AXcoOmQPO8oFi_7wZzwRUKb-eDIIfP603124blW-Dz_tCBnjHWsWzsubWmjylaL1mHJ09s0yk6eokN0knY9LC...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEFBXrgFzrhJnq4ZAYK88qJU&google_push=AXcoOmQPO8oFi_7wZzwRUKb-eDIIfP603124blW-Dz_tCBnjHWsWzsubWmjylaL1mHJ09s0yk6eokN0knY9LC...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQPO8oFi_7wZzwRUKb-eDIIfP603124blW-Dz_tCBnjHWsWzsubWmjylaL1mHJ09s0yk6eokN0knY9LCbuDT97dhU5yrO0n&google_hm=QTJDNkxrS1pDV0J1RDh5...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQPO8oFi_7wZzwRUKb-eDIIfP603124blW-Dz_tCBnjHWsWzsubWmjylaL1mHJ09s0yk6eokN0knY9LCbuDT97dhU5yrO0n&google_hm=QTJDNkxrS1pDV0J1RDh5dVJCUHo=

Requested by

Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 21 Sep 2023 11:26:49 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQPO8oFi_7wZzwRUKb-eDIIfP603124blW-Dz_tCBnjHWsWzsubWmjylaL1mHJ09s0yk6eokN0knY9LCbuDT97dhU5yrO0n&google_hm=QTJDNkxrS1pDV0J1RDh5dVJCUHo=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6ADA
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEChO217v1J8aycX0tRJYEnE&google_cver=1&google_push=AXcoOmQQe23z49EKJgL_y7k6yNrgqe8lA_Te035GwJdPy4WChEZjMJMJkk2KC3iKKw-xRBK_pT1LYTs2kMGvT8Po9...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEChO217v1J8aycX0tRJYEnE&google_cver=1&google_push=AXcoOmQQe23z49EKJgL_y7k6yNrgqe8lA_Te035GwJdPy4WChEZjMJMJkk2KC3iKKw-xRBK_pT1LYTs2kMGvT8Po9...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQQe23z49EKJgL_y7k6yNrgqe8lA_Te035GwJdPy4WChEZjMJMJkk2KC3iKKw-xRBK_pT1LYTs2kMGvT8Po90miJi92f60F&google_hm=HW6OpGZHog_BP2MLTTiZ6FoJ

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQQe23z49EKJgL_y7k6yNrgqe8lA_Te035GwJdPy4WChEZjMJMJkk2KC3iKKw-xRBK_pT1LYTs2kMGvT8Po90miJi92f60F&google_hm=HW6OpGZHog_BP2MLTTiZ6FoJ

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 21 Sep 2023 11:26:48 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQQe23z49EKJgL_y7k6yNrgqe8lA_Te035GwJdPy4WChEZjMJMJkk2KC3iKKw-xRBK_pT1LYTs2kMGvT8Po90miJi92f60F&google_hm=HW6OpGZHog_BP2MLTTiZ6FoJ
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 6ADA 0
44 B 785ms
259ms Image
text/plain 13.114.117.211
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEGh9FoQHnZ9f5mKvuXRkRXw&google_cver=1&google_push=AXcoOmS5i-DdgTV-sBuT6v5t2DmyurPR4glqTZxNLGlxK5IEtSLJeWOsg0T_vI5xr8VdQAejC-pWPw9Yxf_-qh6oX-EGyT9D_pkz
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.114.117.211 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-114-117-211.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
server: awselb/2.0

GET
H2

200

/
onetag-sys.com/match/ Frame 6ADA
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMwHjbfS4LrdO7h_7hRfKBM&google_cver=1&google_push=AXcoOmQVKCG8eys4wuCRn7zDb5oupfPIV9F-webCkRT2i9cPUrkyPhTdq8uocsVkEub3rb5f0smEcLRYPHP...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQVKCG8eys4wuCRn7zDb5oupfPIV9F-webCkRT2i9cPUrkyPhTdq8uocsVkEub3rb5f0smEcLRYPHPMGcV3gGyYVL-RSX8aUQ
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

17ms
17ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6ADA 0
12 B 30ms
29ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JRAc7KI_Aotl3YZ0H8ybJIzAMzv9R2hQDJ8IFbNeJnK-BXCOGxPBQmjmtD0syijCPh55Ra8w

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame B0E4 2 KB
1 KB 111ms
110ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQwodwAMyqQKhZuSAAq1Qhl5GcNEjpTWmXcxlQ&u=%7C%2FBQyUNtUA%2B7lD54J6S56Ami7Rzj%2B3rk9uipSoJCnCCc%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVJ1_mLSg5t2RHThGC1MU6dKeg3-Gpk8zkM4W3y7D9b2afwlvn-3EmNGipJo7_Q3-d4dYdiEQXshzUvjwbIZ-YSEUqURZQtXYWw8JmwXl6G0pAaVrmAmJB5JGxUHK_yqtavIDyxm1VwvzO5-XJ_hAKJEEmcdYgzGV6s7hsXcKDmex03dlVrbadQMM-Ka55cbwxrvAn7imJidjDLf9SpiDi9UZDkiMltP0b1ELWCLHA19iHXw5xdPC9qAwk3yEhJ8YFmpYlhoSCJ1WttoyMCUv-5QOl9f6WEqveVSaKJXE44mi4KPJpvtO0aGiOyR0k1WN3uoY8XAQBfE4nwwNaMjZ3073PjezBugDYQoO68kWJbF7wOUtUXmeGEJzzqZwAVQ5KGwq8eOLyAO-0ePb4w55iCKu1l_2OrA2VIMjCLGHGvyN50u6crtsvzfQ58MSDrWUdpTG8OnifWwAODZTU-Uo9y1EjO9UOccctLyt5O2W2hCxX1OvLUm_YCUdf0tbLrrh9HbTGWrIxkn1n6DiiRuz-Rs9Mwz48RqHC8PaLYkAzkaQA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZnTIdygMZaSVM5K3lgTC6qrQDsme0rFclaKX93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0yAEJqQIhIj1b4eGxPuACAKgDAcgDAqoEhwNP0GhnC3FZ3GgEe0A1fifjqNRGXDI0QjP4NVf56UJsa2O-iVyiCqwcIMo1z0jLV0z3tjIKMAAQ7H4avt5bLomdepoBMM4Hg3tnX4cacxzeYbtEU4LofHxZ8xP5nCvLU1Y2_WxasttYb0jF7LobPtBhzWY_Mg35G8NbLfguFUi1SKuu9VyM-nf-xVBF-rSzfXONmy3xekubB8SAVUZLTQ6yMlx9Via9CrOEAGObZtxk3u2sr1U6SUaM6el-rChsO-UoVTAmT8hTlTdilHZZBtB9qX9d2hSBImG2S8S8aFVDKTlTayaqJbMpdSaxkbS9Cg8mmuQt-AuY1hHLIc7fgC6CempGHaB7GjF77niIsyXRx-D1bneD2eAPVY2bfjOGypa5UORO0w2b0QPaMrDr3226AcfDC87YyXJJbzo5MZ6DnSATusrIB2vBUxxaT_8rn2L5UuxravxuBlZTaONA7BjxG0RuQpJW6jFEbosGcA2uBzsfFfpWApoGrcGHV5oYNwad9kCDhqDo4AQBgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDD6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3letTf1NCToVS2AfVLAJAgWRXjHg%26client%3Dca-pub-3831894559014614%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame B0E4 2 KB
1 KB 109ms
109ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame B0E4 308 B
636 B 63ms
60ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame B0E4 293 B
621 B 62ms
60ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame B0E4 43 B
347 B 39ms
37ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=g1MWMLjfJA5qzPl_WFU2Bjn1fdVc64-fXGq1U3NY_76r-fUee1MiCNSI8gZnv8g4ZLOo91C4bjFC3uD3EskFGRQcx-6Uwb2QQSD64jxWLWOHucAHsaFCz3s28ubnCp8dbd0hV_5reMUsF0qy0mrViRvCDqcGhGMgPEbEPlPQA39KPBiieu1WeUSX-pYjws3mme2JTr5aeeymYaglo4VB5ntkhwLSJeMXDKGJfExkJO_PzbwihK8lHOTeNOoC3555-Cxy6h7WqpSUPol9RY8ul55PEtAD-upvVYd3vmVU2x0gbZ3ZOncEXGGfx7XCoBSRhj_YerqrYJ4yXZ56tATXXGRGeaEQL1QtpX6zbY1E7embczzg6OkFSriW4QWQ7LOCLOjiSS1mnhwVLDgWxC4xJ8y2-PnIWTuiSG-ngQ2gRu_kOiwt

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2144352
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame B0E4 12 KB
5 KB 41ms
33ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3094443
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4418
last-modified: Thu, 22 Jun 2023 11:22:44 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942f04-1142"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5VFVrkdekIhBY8yWz0MgiEDCoWQWy86Zb29rBl6E7XopZvmT412kuBwurJ5Wz9FzEkv%2BbfX7EaGY9bZ%2BJluHBy5KthN%2FsVNXa0hu4FkaBpOpcRAlKdvNxCUDoWFz%2BETN4HsQZMGoCRKt4Zmr2%2FPJGKkd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 80a1f4910ed01a6d-FRA
expires: Tue, 10 Sep 2024 11:26:48 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame B0E4 12 KB
6 KB 49ms
48ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 20F4 0
0 53ms
52ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Clk5AdigMZbvuPMWU9fgP746ZkAnJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzgzMTg5NDU1OTAxNDYxNMgBCakCWDswZyTYsT7gAgCoAwHIAwKqBIMDT9DQa5wF43LDCvv1cr2gnXreO2Tmw_D414elsRFr_dXqtTac_0T_oNlhbaxE4K8_CCjbqvOXU6fP91f8xPunmL23qmOqR6L3MMqK_X7w-l_KqBL1AtuHd_Di0ySK9z-SYPtYlqvIv1A1p4FoF3u2TOZoNBW1GWM780IK6dee-GGlqqyuuw-C_2uwyxnprksvuPdgk438kynTRHQSnKRIgqCvv6T7A2lmLVIY_KkyW5i3EceZ4xaK9YNZqTvXSj4aS6qA_X1bN9fnePIODJX7h6yCvm98I3GR3tkUeD9j9rYwKwNmzCOrEfDPS8YLwWN3ZB8lRKb61Ej_4DXphXAYj7q4m3M5dx9ALm6UyQMIraPBIvfp-HRPLz8-0fNL275NcsbvZXK1uEGX3NsrAwYFZCqohRW3Ii8jpFWM3mQlIuIgipfflqPT3jNWPhXUbVzlZ7LCD-Y3_NU9NObrNNB0ZINEKF2dIYYsX5thjFlNCPWlhpojkdHw0yVgZ4M7ACvGR6WM4AQBgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMzgzMTg5NDU1OTAxNDYxNBj9-RM&sigh=R2LWBr8Us94&uach_m=[UACH]&cid=CAQSPABpAlJWHCq-m3zvJ95UMXXq1FSKiF_UIFl7scvhcqWEwmH5wBRCtvY-M7AZAHoXLn47rQ6NwCJ4f6WyfhgB&cbvp=2&vis=1
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 20F4 0
126 B 440ms
15ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kMWCFO_ZW6wC2ASdg2ICAgAAAHobFO5qgn2yEHYoDGXMWQuF5KTbGGfcAAASAAAKCkFRVUJBUUVCQVE&wp=ZQwodgAPNzsJHUpFAAZHbx3ZDvp0qqV99c9ueg&cbvp=2

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 185458
server: Kestrel
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 1C60 0
127 B 28ms
25ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 86AB 0
0 67ms
65ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CrcORdigMZZbxNMiTlgTW7b2IA8me0rFchf6X93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0yAEJqQIhIj1b4eGxPuACAKgDAcgDAqoEgANP0IXxygE-FF-ay5Jjl-eEY4UK2arkz2ThCFKKkbasJy1KFxohlylCvjMAJWuBbpks2vwhB2qjpLp8Q61Mmu9LzfVeyRLQeucA-MsuOR0mpzhX5F-q6V3uLG6aaTPeOFglL2uqSMXZclTEUZTq5TTdyiaj8DORJFHkODR6wLCmlRh01yw5F2khEpqe6LNEmS5VuyB6TGuC_RslICvYSYqW4aeMhoXkudbdGtmJa-h2QwKoUFyfA8b_UFsjXjPlnKTAChet0UJ_3xHgX9QXmYH91wpsfhhLTfpp9vlcm23ZcF0qCpceH7kF4hNZ15dTsQaliV5ORxZS6XwaXNzd9uwNDKLAHC2LCcZ8tYliQ6Ia-W1xe6bt3mlNL8NBdMzcFyYmq4c6_ch1eqbuSU34DC9C6qKQA-X6ONo45PZtUkgxX4a2Whq8no0pAg7QKGKUilVzXoJl0Az1lM_2I1rOMZ-heS-d-JZaFsZdwK-5YqzxSJwPrX050ltLHsdBWmvc9_jgBAGABqufqc3aouL1J6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjkyOTMzNTc2MzM5ODQ0MIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi0zODMxODk0NTU5MDE0NjE0GP35Ew&sigh=G4gZxVEZOGc&uach_m=[UACH]&cid=CAQSTABpAlJWYrneav249CclhjHzP_66c64wWMDmLLQC-lM3iYCNNvw6AZsGXnJ2n50zxJ86uHiWs5jIVH2ASIkob7qgf7_jt_nBkDi8Q7YYAQ&cbvp=2&vis=1
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 86AB 0
125 B 402ms
16ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kMWCFOzZW4AFmAKdg2ICAgAAAHobFO5qgn2yEHYoDGWiivHDh3hxebvSAAASAAAKCkFRVUJBUUVQQVE&wp=ZQwodgANOJYKhYnIAA921h0Egnul9AnI4prE1g&cbvp=2

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 136617
server: Kestrel
content-length: 0

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 178 KB
178 KB 37ms
33ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

05330d5dbbd10cec9453324b880390cd8e7fb10810fcdc68c1df8d16fefe88c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 182172
expires: Sun, 25 Aug 2024 14:53:55 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 3 KB
3 KB 25ms
21ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17504694KJ_14_F.JPG&v=3&w=400&s=Im0P5v6fxioV9HwJRUWTyRSs&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c342c53676dad7012ed7d53b8c658542fcd2557cd04a42e4b4aa0d973f6d83aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 3340
expires: Wed, 28 Aug 2024 20:00:47 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 6 KB
7 KB 30ms
27ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F45%2F45805163BI_14_F.JPG&v=3&w=400&s=kWjbeoQrPkw5RcskbCg0xxLx&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ed11ba9b3b2f532099cfd54e432be8d22a40a5f55802b2cab85c4052e21c8d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 6608
expires: Wed, 11 Sep 2024 06:37:38 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 3 KB
3 KB 26ms
23ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F14%2F14330491XU_14_F.JPG&v=3&w=400&s=RkdJVNc7pe5gQ7dlX6Cu-mE3&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

bc4951d8d2bd782e48d91ff43816e52a1749db33df0d35c98626d6278a82d1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 2908
expires: Thu, 05 Sep 2024 07:16:27 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 7 KB
7 KB 28ms
25ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17576488MW_14_F.JPG&v=3&w=400&s=sPF8jQ4cvKSpGDhKKckItpVv&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3dbbeaf54de486a9143afd90dd78305771ed82f5d6542d94a81c7f91b48a976f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 7338
expires: Tue, 10 Sep 2024 08:28:12 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 6 KB
6 KB 29ms
26ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F48%2F48317247XI_14_F.JPG&v=3&w=400&s=Z-WfR1AF3DWW68piHcOGnCz6&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ccf88565831ef00f60fca35716fd9fb895c4b43d61fa8913cde4e40ffe502114

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 5840
expires: Sun, 01 Sep 2024 13:37:46 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 8 KB
8 KB 26ms
24ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F45%2F45556646HG_14_F.JPG&v=3&w=400&s=XXrgOYsbSDg6ty-N5qV_zueQ&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f009783abd06f5969af2f4320808c4c8ea7aa1ca8a9b39fd623529b0560514ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 7740
expires: Sun, 01 Sep 2024 07:33:09 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 9 KB
9 KB 35ms
32ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F15%2F15190112NJ_14_F.JPG&v=3&w=400&s=0fjw0eKg2URcZmlRSRwN8omh&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9c8e7f047a78095f1dcb55dca5f44a187f49121b96d1b14b17edf0a564831139

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 8916
expires: Fri, 06 Sep 2024 11:30:04 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 11 KB
11 KB 28ms
25ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F15%2F15326673AE_14_F.JPG&v=3&w=400&s=uTHtSkT6zsLn6YmHKaDNlPNT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9cf1eeb5939d8e09fe23cbbe84cea81338d57c26cf667390b5116cc937d7ac8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 11084
expires: Fri, 06 Sep 2024 07:34:17 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 3 KB
3 KB 33ms
32ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17478590JS_14_F.JPG&v=3&w=400&s=7JD4OQVGcU5QYFjoDGewDv78&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b43835b36067f17f2cca398aa333c52cfd47f3c141d81a1c2af26868d6ffee71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 3350
expires: Fri, 30 Aug 2024 07:31:03 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 11 KB
11 KB 43ms
42ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F16%2F16087166CP_14_F.JPG&v=3&w=400&s=B0frtKdzdpnM6MflWoyqs5kz&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6ab64f3f845adcf026ec80f1d9bd3542dbe7cee6e06fffa390378b1078eee08f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 11046
expires: Tue, 03 Sep 2024 09:23:39 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 2 KB
3 KB 42ms
41ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17126192XO_14_F.JPG&v=3&w=400&s=5VsBVlk-_9ocbzHGWI-z56fG&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

028103bd94df87b9b7bcfc91619f3662a52051985d190604c2a7f7bf452aea6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 2472
expires: Sun, 08 Sep 2024 08:16:23 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame B0E4 11 KB
11 KB 41ms
40ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F10%2F10305594IX_14_F.JPG&v=3&w=400&s=7TPtFmDgtmXtZLXRfB285XKm&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cd7d08ed95043274869b994dbbd273c438f84bc72ed33c4405f270437d18b4c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:47 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 11020
expires: Thu, 22 Aug 2024 08:34:28 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame B0E4 0
127 B 26ms
26ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=UBdMmsJ5d5qakzeUXRKdm4zy_TkcaIUOsmX5Vt0jqJYRLg6LYRCaTZJEwZH_i8YMlZjR4LzuRQI3JS803czY6ETp7Sk48HZIkEsej4LAsoRzDjcqhi_J1x0d4ZGvMGjEp5SXJiWbaQup3U_ozgVE3Ia8yNMmHaFz8y3V3kCv1kvyLy9AGwnaHrHnQRm5iiFDJsLGKahjEa9RSsUZgB3r9pqMgOUfZt8qAckbm8RffyqN6Ev522r7YSoAK18sIxBEoCtoIg&sds=2&rev=88356&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame B0E4 2 KB
1 KB 27ms
26ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame B0E4 2 KB
1 KB 31ms
30ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F0F8 41 KB
13 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BcAZntg5yt-8iR6kwip-PM0ofO2gQNmGJ1qbZp0kfrk7W57EPHiVT83bjseNeEl6lJJm1YiL-djf99y4FR77TBoX4DMYnMDRo-thEbt9PZi9-UPaUHr0wbLOPMCu-orv6-akCx1acoC94TJ0NUj16y0fAFyvNS21fahOUBLEYvXTx4BsU&cry=1&dbm_d=AKAmf-AKcINfbI-G4sXGzwuX-3LltxcSQC7Wxd17c_wqiHXHGAVJKujwwgCMWvvVFD_hB2MV6QNUg-y9mvjcmfY5WJIE_Dg3Zc-_bTinpZcWm74a39uy1fA9WKhENCu6iw6k_bSKLvMku4h8k85d6sAnh6_4dvi5OnldLjoS_QUO63X2Np552gyxvzAgUE6v7paqZBM1GGvCjk2bFJsZFA_bGgIzLmJ79HPbL7vt_rg1kgA3l6cD_FCzogDmIud2cQsQ7P29fDQitP63jb3i6DLLTcAqyl8t67CBz5XthOTSKg0GtOfXykCH463cw-QfKlBtRNiuvw7dxUg631k3HqsrUedz_VIeBE84pLrUVNEvTGFMSnr-C5SAWGL8XzqGCDEY9Hob6YACxfnshomOpzwmhYb7IhjeG_ZcunFYqRcrPG9DPBKuabW3boDVJLIBXAoXbf6oNLBIXDZtKn0IVJJvJfyW2ff9Y4KKIzs4g9wxNctbNSJHruUR-AZwCW2PJTjxZNkKyv1pCQiUN1yrr1uAZb2jA1bzHvRpVRLuYzzceBnnAupLNJMJ3DDAeWu_nlHbkUgnSevEoQd6FZvygVRxznlXzogORXug2SAa6-iFkjD06GCwf5UwqQtYfHfx7yAs0epzHBf1MI7ydG0yLCSGVtxisJ26iA1BivTZ6Yeh7lju4wvUxz7E1UcQKji5pIHuR_A5Z1QQjj7p1MU7plT74xRGmqyhTxjtldzq8eBJxu4NIi0DmouiAd5dPsAAA1Nu1nIkHvc9wJGmCPdau-zKxSdi5Pk9z0geRf3veLEBDqT1-387jGL3c6W81BDAie4OPIfjKdSGMMiBGIDCMp3HsAOejIhLuhP1vMoxi1spjvPUHPKb8R-7UJGZiXKBcWBm5rLBXlHU76MDudYFLzC3ygpz2BD0YN112t57GiqcmUHKP-UbmM1WgW7sog6Y8RciK5CWFgoXZn6IJF639UdE8ZVnXPXwwojn2lkTv597Sk3f7Rx2uJdXLgufssiD8MBWxCPJpKYpSQMVm-5U6BOtItn85ZTTKFADDRMWXpaciQDVmWPiUK0zNWoQqkCIN96k305EvWYsqOveYNXE8ya-lTKiMKNg1zzaCK5BV3pcDez2z0TGdWo4BgBxWF9Pg0FxcGi7Qd-uNOwzv-7XKgFPSTK3MlxKzyLi2W3_9IThJQ3J2CoABSOduM8_kcTTdjCwq1Ik43IYzk4bKelUk_j5f_2n6vkC5UYIjS6N8YWu_jIsUOyCQ1BDfnn_HpImU3MD5QZx1k8DB362tSdbg2o_TUj7YTCVgB7IhZ87YeLoqelizKmriAK99SfIr9-JJHi-l6IzhfILQRnSk5Ly7ZFz0nkxMzXh2HzOvsQxT1cdVn9qQVkAqbV4caZejmCL2uYlu1RpNXXmo1blNHrLGyuM-diSDeTh2HIPXd_EyrXZNEEWwZrDHSR6x6yo5zimTGnJtAx69ekbFGbmK6YInAWHkqJOUFapjNP9RdKxXadpe_BIiNHo17PDGAmFqgCpkzgqS3jfPAQsK2I7zILYtsxepsG2v_8ImOliyMMlC7IqdWd9_KMXx_YNBzQ2oZaDIa_P85zOjGjQT0xsTn9dNFxb-_Vbnxn_TfwP0AE3b5E4MwinvjZxGX63ne6DQxnsuXBPY701gsAC7_XBXjB84KfBkIp8ak2V2VGgWNtnnIu7TdBXlflvSHirQs7RNI2u7p-JHeuangUvocTncj7cq0-_L2dkg1Wbl7L9UV8ViqI4Xl3jPm6I862QnhSSNvJhwI9GLhlb0JYaywX8mBWv33MUY2bLCzFQEwtpiUK9h10aofqqipGk417qhIIHdm2WzjK7PlUX1Hcx6XFapK9qL_1G2SZr6nt8IgGUPPDdJCXvm5F0M3lgbHUIyecg8Ij42z5v40Do77_AxuKTOK_OtUpxY-PyJoxhGiQjzRG9n-XsFNZw3mi-bobyrsnuAG7oTGwhstjZv2sh2OAPWfy6odDdtYINz1Sgp56Kk2pv1PlsjZ-_uz8NVngK9GCkkLfIoDkLP2rsQpzpcGsRokeG8_oMNIXC0XlrNtxvIJnXl1Ny1VqgCfAzb_7Xk2ilHuCwajTBObQ2w2mVWsfY-DXiyjgAYLm2cX6pVYJW8b1-3tdL0Xe0AsmYBneHAI3QXfqO0tCm4hzRFyU4HfpA5JeqkocVGyJnxNfLcpVHsm4bjoNPk2iFs1Q2_EjXEr1bUehdHsAZXO2ndulRFMOASAMn4gBB7ZLnjnFqaX05v6XgAZr9x-wCkmrTy-4tOchDjoMHDrmFXQ6FktYmg4ldQlXZ9_Gr-6YXuZZJwx7cQidBX3nrIDy-8MeyHeWpaJJsj3k0xLPSgxE3eeP-mY2JJcAb-M_rGwONq108x5giaTSsUm8u_9jgnFKFH-eTz2SshKG3KpgaXRf3VPBXxnpvIxLSCEvC1xKwZJrdLIrmCciy69bxhSKojS1JcjJIc9Amqflg1ovh-zvrC1F0bPzR5fiO3KVe0cRvX_UM_m2grjbWDXRtk3GR6kFBH2Xa__21axe5TpXRRwA0cmIstAeqd9Sx4YennOedqgDqN3LqIFxLNso0QYvgFwcWU3TCqz8L51yqtQqaagiwaRbVMcap2dtC2ZbJu6BbkFhHOdZrMgZqU2mlE3ht0L-aXuvSf2LI1n3rM2cVecYaSNcA95B6zjXAaMV547HwfE4Gbk3RpXqh8zzVzc1ZKXAQHwRypYw8SRE8WN2zUHx2zCmdregYFq0jiACc7GO4QgoGdDSSQnmc2wpSPEqZiPcutNgDR2esaQfgG2twSwyifairp0B9IAqFOH_Ctq_vsCSY2K9993BugHMsl32-IqFSnDdsXSwtLF_poJzBafIAnoUOWLedpr31LroKgKEQPRfN3H-1DQnV1r217LTrNhWwRqb8XtAYzv0pl89PFLC2CzO86kAL7ghmYGUQiD0w2NVkxkn3TiKEFlECaGsD8LMWKACGcvWqdA65CrB6Q21wQEbKgV5JrVXoexlbngE-owTVcqH3qiUhiNgI9zqoT3SuzsTWAi1xE21xteyM-KH3c-nWQ_YdVGHPMgv5gJtRxLuq8wHTRbQz46Bn27kQmPOsweEZylnhwJMIKL5-YlKOYfo1tfaekW867saRAwaH6mrGyA74DJ8dMwInrOmWVQt5IMXVHottd3eHNWc8YPCBaiJwTtrQh5BS2TxKfFmfZVQbkI5K6kQnXzwzyjxL7mdboiD6HZ6X6jjrRuc8RaHn9W0o_7H9pLhrmbSvg0qGmHnXDEN8a1Gxtaww18aWKTUcc_TpDoz-psUWBrmfu4btsTSMBc6_1WF7LK5kzi9lVNwAtKV4rZ7Iuu5oaS4TrW2yV0dPg-t5-oc-fcRlb3QkUbMIRnAU8VLcTLJxJ3UdbUcE-ollvQFeJVv8oVaQRjgNNq2N1VhPDRrHDc1IeQh7a902k-LhML6vePYG1225F1XXNYL7JjE3_UCL_UpjG3pe9KFni7TfFo7XOflA1RO_eOVz2dUxNgMXy3dMLhMRYR2aAyPZ7ISKrPAna7K3UMuC2WVaIVJOh0e_zn0cRwYPV629lUZU9s7E4cPc4vJywoEkH0r38ROEUajabl_ggIVeN27Udc9rZDy1BFjjeiyb0VqdypmxT_NeNF-jFySHIDykl0nKxglUJMw66wa9ShIZfFdV8CzZVWhoP-wVODYz9kCkicx6PzPTGJcWeb9Sg-yi8xOu05oVotZm_tKZdQhhqWTiP1yhEdueZIDS3U0bj7rEIKz7ARTBYVltDIHDxnJzCfy0z2xgGpVokOC19uUk4hdjRXmwY8qTHS1XUAe2idVtrG0ni5PLw6P-Q454quxpWJA9FfQ1VTKT922xRr1inc42YuL0241r-M76DWs_pPXQd8o1xVaLZYxIQo3v7KzpAYlV3tHFdeaSVV2PLs8iLzvex9iijQeqRWPYaG-SI6sJQg04HQcS-82K09STG5CinmrJOm2dM2vVxRCW1d_8AV54qCdG44dWPTAqA5ZCf4zMr6nw00fDjz_uyunzi2fo1NTc-4DpDV5ftG3Mn2x-o426z60nVEfFiwP-D-2DU3UBflbdgZmtPcFUtuV5wQ0IBafS4LU2x2CHRLww-2LYd38&cid=CAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB&dv3_ver=m202309120101&rfl=https%3A%2F%2Fwww.belajarmakeup.com%2F&ds=l&xdt=1&iif=1&cor=3279428604392885000&adk=3944675600&idt=100&cac=0&dtd=59

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 22:35:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 219081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Sep 2024 22:35:27 GMT

GET
H/1.1 200
OK vjdy8w6hewcq Show response
hal9000.redintelligence.net/zone/ Frame F0F8 12 KB
4 KB 318ms
14ms Script
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/vjdy8w6hewcq?subid=&gdpr=&gdpr_consent=&rnd=1695295607672675&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCFCIQdygMZaOHKbyi9fgPlZekuAum5b2gaZWTnKfJD_AuEAEglZvKIWCVAsgBCakCWDswZyTYsT6oAwHIA5sEqgSnAk_QEUnmNEivlABvrUl1yjjhgXHodGEzloFGli5TXVPgq0LlqlZ_gqjpD1TwAwCvdm9zW1qPbGI5ZAEIWrnV2WfLgLRaYPTfAhijowstC_59si-cq6-Cx2BvgdaoDTdehZ5PTUXpUkpU4wMa6Vw_UxA-46n5ASlu4QvCJ2S-qUdKUrQC0DG_ClYKs2n9W6vD_Ri6bMPAqxmSv_IYJSDWx2K_pbads_vLCgmgdsx7ZcOMhXaqprvnqNav13sbmeTArBodINSHntnUGdTK6S7OzGwUklcwtIGbyX2yMxFEAfqTqejCR6umnaIQIrbcfX1ZI1zbxDF_yougw4gmEJUYkoK1C1LMhvbxg2BDCy0fve38YfjyV32F1jSDYbbTl44adaKp-CD4kMTABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgOYCwHICwGADAGqDQJERcgNAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMI457wo8y7gQMVPFEdCR2VCwm3EAEYASAAEgLJwPD_BwE%26num%3D1%26cid%3DCAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB%26sig%3DAOD64_02BkOBfIj4deEzaYVHLvfoHxqszA%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-AczvIztoHkCmk4-Yx_wNT7XRh3RZshWWMDxQ0IpALvKHCiLMWwOrz4O-LSdRI8o_DxsWS_64K9DN0JFelslTxStlW12D09kHSxYNN1OxP5lq7yvz5PrlhkeEMGpop8Qy695zYXuoi4tEsYa594ZDjKfc2bRR05_nDMoMh3JVy3peZVQJE%26cry%3D1%26dbm_d%3DAKAmf-D0AK6A9GnnJ3E5Gj7VRkURtu93w-uTGwhhpGxHkMn91DaFq4_PfbwXgmrD2nHw1I74MsxHUfqO_heZLfjewZGnXCwDGpWYbnps0Kmd-MjKon7vItFA93XvEdkJzaqfPBrwpRErHa-DDnalYh3HBB88X_M0CMswx_woFbRbjtuVnSulZGaKWogsZSR_pbNeJYbWJFLMkyYYCtpf26bCwufmIWtADR6ByigjnX3xyAl6DstoEdacuk8G62c60MlTRBKi94pqGZ62UCsP3LqBt5GHUs-3vZlJQeaItD1ILNzRl8TuZIJ_H3W1lZepoUf0dBs1Va5Txhk9Y3bnsh9dsCAwx5pYYaeEUP7CMN4e1K2GaPoYWh6CLqwlNt2u34PAHds_6inIiVh3M7SL0jiwsjzNUUhjgCuLxaaVBs4DMsTUxB4xdDcq1GK7hogBwpz317fN8WQ2HqxgQM5iAsvytVAcj7jJUzpSjKNkWibp4l86x6EFNlRXwV_YDptz2r4CZixvOfwnCQU8IQyfu5YzNG1wSrCEw3cmLHMPlakJiNUhmIKvSDInIY8V-9k0gvpImukiz7a3nkLX1-siHwnmsPOcbSstxHhQ_kAyiOfZkGemp6RNcMk%26adurl%3D
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ecbbe6a38d7de94945510e533f730c8104b3955b9782a29392873b2521b57f1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:48 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4321
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 montserrat-400.css
static.criteo.net/design/googlefont/montserrat/ Frame B0E4 2 KB
803 B 18ms
17ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a81d25118c6f7d835e9ca132b995b8aca46e3575ee4ab2136ab96ac8d5e4688b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 montserrat-700.css
static.criteo.net/design/googlefont/montserrat/ Frame B0E4 2 KB
803 B 19ms
18ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

77a44f65bb6894c92e3c7ccab98de0fc357172221cc1dd45949ab938c0c7756a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 86AB 42 B
64 B 137ms
136ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCas57y2jdumffnxnRI1E-pS4ucZTKeykhdfefNi-6V7HDPA2ZmQo_ZqifJUgcwxo6MT7scM2zwtQZGi7eUbTuxB-LMYGvvPhx2es&sig=Cg0ArKJSzNXhVvFIFGZUEAE&id=lidar2&mcvt=1032&p=457,323,737,963&mtos=535,1032,1032,1032,1032&tos=535,497,0,0,0&v=20230920&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1175331981&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1695295607330&rpt=232&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 montserrat-400-latin.woff2
static.criteo.net/design/googlefont/montserrat/ Frame B0E4 12 KB
13 KB 19ms
18ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5f9376c77618bf0ef43bcabf8228c9e2befde3731087b944e140a88c34066873

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-31a4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H2 200 montserrat-700-latin.woff2
static.criteo.net/design/googlefont/montserrat/ Frame B0E4 13 KB
13 KB 23ms
23ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

28f403366c2c520bfff7d5a0883f1d53e1e87ba1c8202f3f29e6395a0b66806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-3230"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 11:26:48 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CB01 0
0 50ms
49ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAHuadygMZaSVM5K3lgTC6qrQDsme0rFclaKX93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0yAEJqQIhIj1b4eGxPuACAKgDAcgDAqoEhANP0GhnC3FZ3GgEe0A1fifjqNRGXDI0QjP4NVf56UJsa2O-iVyiCqwcIMo1z0jLV0z3tjIKMAAQ7H4avt5bLomdepoBMM4Hg3tnX4cacxzeYbtEU4LofHxZ8xP5nCvLU1Y2_WxasttYb0jF7LobPtBhzWY_Mg35G8NbLfguFUi1SKuu9VyM-nf-xVBF-rSzfXONmy3xekubB8SAVUZLTQ6yMlx9Via9CrOEAGObZtxk3u2sr1U6SUaM6el-rChsO-UoVTAmT8hTlTdilHZZBtB9qX9d2hSBImG2S8S8aFVDKTlTayaqJbMpdSaxkbS9Cg8mmuQt-AuY1hHLIc7fgC6CempGHaB7GjF77niIsyXRx-D1bneD2eAPVY2bfjOGypa5UORO0w2b0QPaMrDr3226AcfDC87YyXJJbzo5MZ6DnSATusrIB2vBUxxaT_8rn2L5UuxravxuBlZTaONA7FrzOtbu0UJrTOFjtAcmmamgIDGpH9ROgC7OkGd16IQ0L55XYmBq4AQBgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMzgzMTg5NDU1OTAxNDYxNBj9-RM&sigh=LKjAg1Upjhc&uach_m=[UACH]&cid=CAQSPABpAlJWGc6j7wutKkFnAbLs6uyK64s3XsAbLR-mg-CYGgItZOEXcg0sY5a2ibHBxedR9TdHU9epwmyv6hgB&cbvp=2&vis=1
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame CB01 0
125 B 215ms
17ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kMWCFOzZW4AFmAKdg2ICAgAAAHobFO5qgn2yEHYoDGUO5cPBdoiw-1kfAAASAAAKCkFRVUJBUUVCQVE&wp=ZQwodwAMyqQKhZuSAAq1Qhl5GcNEjpTWmXcxlQ&cbvp=2

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 166070
server: Kestrel
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame EF7E 0
127 B 15ms
15ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 20F4 42 B
64 B 113ms
113ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv3KglrB6G4FtO14yLmTLzAU54XEHcUvYa4ldeCsKx69D3a6NY0fG4gAlmVbZlvSOrvD6DQUMNO57-Mpo1AukvsVbKyVbuljvy8Kj4&sig=Cg0ArKJSzLKoEMqE74kFEAE&id=lidar2&mcvt=1003&p=438,977,1038,1277&mtos=248,1003,1003,1003,1003&tos=248,755,0,0,0&v=20230920&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3890895887&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1695295607405&rpt=460&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 29B3 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 570546
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 14 Sep 2023 20:57:42 GMT
expires: Fri, 13 Sep 2024 20:57:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900011.redintelligence.net/ Frame F0F8
Redirect Chain

https://hal900011.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900011.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

5 KB
2 KB

106ms
82ms

Script
application/x-javascript

138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900011.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCFCIQdygMZaOHKbyi9fgPlZekuAum5b2gaZWTnKfJD_AuEAEglZvKIWCVAsgBCakCWDswZyTYsT6oAwHIA5sEqgSnAk_QEUnmNEivlABvrUl1yjjhgXHodGEzloFGli5TXVPgq0LlqlZ_gqjpD1TwAwCvdm9zW1qPbGI5ZAEIWrnV2WfLgLRaYPTfAhijowstC_59si-cq6-Cx2BvgdaoDTdehZ5PTUXpUkpU4wMa6Vw_UxA-46n5ASlu4QvCJ2S-qUdKUrQC0DG_ClYKs2n9W6vD_Ri6bMPAqxmSv_IYJSDWx2K_pbads_vLCgmgdsx7ZcOMhXaqprvnqNav13sbmeTArBodINSHntnUGdTK6S7OzGwUklcwtIGbyX2yMxFEAfqTqejCR6umnaIQIrbcfX1ZI1zbxDF_yougw4gmEJUYkoK1C1LMhvbxg2BDCy0fve38YfjyV32F1jSDYbbTl44adaKp-CD4kMTABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgOYCwHICwGADAGqDQJERcgNAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMI457wo8y7gQMVPFEdCR2VCwm3EAEYASAAEgLJwPD_BwE%26num%3D1%26cid%3DCAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB%26sig%3DAOD64_02BkOBfIj4deEzaYVHLvfoHxqszA%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-AczvIztoHkCmk4-Yx_wNT7XRh3RZshWWMDxQ0IpALvKHCiLMWwOrz4O-LSdRI8o_DxsWS_64K9DN0JFelslTxStlW12D09kHSxYNN1OxP5lq7yvz5PrlhkeEMGpop8Qy695zYXuoi4tEsYa594ZDjKfc2bRR05_nDMoMh3JVy3peZVQJE%26cry%3D1%26dbm_d%3DAKAmf-D0AK6A9GnnJ3E5Gj7VRkURtu93w-uTGwhhpGxHkMn91DaFq4_PfbwXgmrD2nHw1I74MsxHUfqO_heZLfjewZGnXCwDGpWYbnps0Kmd-MjKon7vItFA93XvEdkJzaqfPBrwpRErHa-DDnalYh3HBB88X_M0CMswx_woFbRbjtuVnSulZGaKWogsZSR_pbNeJYbWJFLMkyYYCtpf26bCwufmIWtADR6ByigjnX3xyAl6DstoEdacuk8G62c60MlTRBKi94pqGZ62UCsP3LqBt5GHUs-3vZlJQeaItD1ILNzRl8TuZIJ_H3W1lZepoUf0dBs1Va5Txhk9Y3bnsh9dsCAwx5pYYaeEUP7CMN4e1K2GaPoYWh6CLqwlNt2u34PAHds_6inIiVh3M7SL0jiwsjzNUUhjgCuLxaaVBs4DMsTUxB4xdDcq1GK7hogBwpz317fN8WQ2HqxgQM5iAsvytVAcj7jJUzpSjKNkWibp4l86x6EFNlRXwV_YDptz2r4CZixvOfwnCQU8IQyfu5YzNG1wSrCEw3cmLHMPlakJiNUhmIKvSDInIY8V-9k0gvpImukiz7a3nkLX1-siHwnmsPOcbSstxHhQ_kAyiOfZkGemp6RNcMk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.belajarmakeup.com%2F&ancestorOrigins=https%3A%2F%2Fwww.belajarmakeup.com&random=4722467057404&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f56ba1e3bfedd748399b2ba1364a2fe9e401ebbc597d4094eeaa29aea5b3f30d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Sep 2023 11:26:49 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 49465100060433704444990012454011
Connection: close
Content-Length: 1466
Expires: Thu, 21 Sep 2023 12:26:49 +0200

Redirect headers

Pragma: no-cache
Date: Thu, 21 Sep 2023 11:26:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCFCIQdygMZaOHKbyi9fgPlZekuAum5b2gaZWTnKfJD_AuEAEglZvKIWCVAsgBCakCWDswZyTYsT6oAwHIA5sEqgSnAk_QEUnmNEivlABvrUl1yjjhgXHodGEzloFGli5TXVPgq0LlqlZ_gqjpD1TwAwCvdm9zW1qPbGI5ZAEIWrnV2WfLgLRaYPTfAhijowstC_59si-cq6-Cx2BvgdaoDTdehZ5PTUXpUkpU4wMa6Vw_UxA-46n5ASlu4QvCJ2S-qUdKUrQC0DG_ClYKs2n9W6vD_Ri6bMPAqxmSv_IYJSDWx2K_pbads_vLCgmgdsx7ZcOMhXaqprvnqNav13sbmeTArBodINSHntnUGdTK6S7OzGwUklcwtIGbyX2yMxFEAfqTqejCR6umnaIQIrbcfX1ZI1zbxDF_yougw4gmEJUYkoK1C1LMhvbxg2BDCy0fve38YfjyV32F1jSDYbbTl44adaKp-CD4kMTABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgOYCwHICwGADAGqDQJERcgNAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMI457wo8y7gQMVPFEdCR2VCwm3EAEYASAAEgLJwPD_BwE%26num%3D1%26cid%3DCAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB%26sig%3DAOD64_02BkOBfIj4deEzaYVHLvfoHxqszA%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-AczvIztoHkCmk4-Yx_wNT7XRh3RZshWWMDxQ0IpALvKHCiLMWwOrz4O-LSdRI8o_DxsWS_64K9DN0JFelslTxStlW12D09kHSxYNN1OxP5lq7yvz5PrlhkeEMGpop8Qy695zYXuoi4tEsYa594ZDjKfc2bRR05_nDMoMh3JVy3peZVQJE%26cry%3D1%26dbm_d%3DAKAmf-D0AK6A9GnnJ3E5Gj7VRkURtu93w-uTGwhhpGxHkMn91DaFq4_PfbwXgmrD2nHw1I74MsxHUfqO_heZLfjewZGnXCwDGpWYbnps0Kmd-MjKon7vItFA93XvEdkJzaqfPBrwpRErHa-DDnalYh3HBB88X_M0CMswx_woFbRbjtuVnSulZGaKWogsZSR_pbNeJYbWJFLMkyYYCtpf26bCwufmIWtADR6ByigjnX3xyAl6DstoEdacuk8G62c60MlTRBKi94pqGZ62UCsP3LqBt5GHUs-3vZlJQeaItD1ILNzRl8TuZIJ_H3W1lZepoUf0dBs1Va5Txhk9Y3bnsh9dsCAwx5pYYaeEUP7CMN4e1K2GaPoYWh6CLqwlNt2u34PAHds_6inIiVh3M7SL0jiwsjzNUUhjgCuLxaaVBs4DMsTUxB4xdDcq1GK7hogBwpz317fN8WQ2HqxgQM5iAsvytVAcj7jJUzpSjKNkWibp4l86x6EFNlRXwV_YDptz2r4CZixvOfwnCQU8IQyfu5YzNG1wSrCEw3cmLHMPlakJiNUhmIKvSDInIY8V-9k0gvpImukiz7a3nkLX1-siHwnmsPOcbSstxHhQ_kAyiOfZkGemp6RNcMk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.belajarmakeup.com%2F&ancestorOrigins=https%3A%2F%2Fwww.belajarmakeup.com&random=4722467057404&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Thu, 21 Sep 2023 12:26:48 +0200

GET
H3 200 kgPu8ucFjQWm9sPwItG3xGC9C84b-jPcUt_enD3F6OI.js Show response
pagead2.googlesyndication.com/bg/ Frame 29B3 38 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgPu8ucFjQWm9sPwItG3xGC9C84b-jPcUt_enD3F6OI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9203eef2e7058d05a6f6c3f022d1b7c460bd0bce1bfa33dc52dfde9c3dc5e8e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 07:20:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 101178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14666
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 15:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Sep 2024 07:20:30 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame C809 930 B
931 B 65ms
7ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCFCIQdygMZaOHKbyi9fgPlZekuAum5b2gaZWTnKfJD_AuEAEglZvKIWCVAsgBCakCWDswZyTYsT6oAwHIA5sEqgSnAk_QEUnmNEivlABvrUl1yjjhgXHodGEzloFGli5TXVPgq0LlqlZ_gqjpD1TwAwCvdm9zW1qPbGI5ZAEIWrnV2WfLgLRaYPTfAhijowstC_59si-cq6-Cx2BvgdaoDTdehZ5PTUXpUkpU4wMa6Vw_UxA-46n5ASlu4QvCJ2S-qUdKUrQC0DG_ClYKs2n9W6vD_Ri6bMPAqxmSv_IYJSDWx2K_pbads_vLCgmgdsx7ZcOMhXaqprvnqNav13sbmeTArBodINSHntnUGdTK6S7OzGwUklcwtIGbyX2yMxFEAfqTqejCR6umnaIQIrbcfX1ZI1zbxDF_yougw4gmEJUYkoK1C1LMhvbxg2BDCy0fve38YfjyV32F1jSDYbbTl44adaKp-CD4kMTABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgOYCwHICwGADAGqDQJERcgNAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMI457wo8y7gQMVPFEdCR2VCwm3EAEYASAAEgLJwPD_BwE%26num%3D1%26cid%3DCAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB%26sig%3DAOD64_02BkOBfIj4deEzaYVHLvfoHxqszA%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-AczvIztoHkCmk4-Yx_wNT7XRh3RZshWWMDxQ0IpALvKHCiLMWwOrz4O-LSdRI8o_DxsWS_64K9DN0JFelslTxStlW12D09kHSxYNN1OxP5lq7yvz5PrlhkeEMGpop8Qy695zYXuoi4tEsYa594ZDjKfc2bRR05_nDMoMh3JVy3peZVQJE%26cry%3D1%26dbm_d%3DAKAmf-D0AK6A9GnnJ3E5Gj7VRkURtu93w-uTGwhhpGxHkMn91DaFq4_PfbwXgmrD2nHw1I74MsxHUfqO_heZLfjewZGnXCwDGpWYbnps0Kmd-MjKon7vItFA93XvEdkJzaqfPBrwpRErHa-DDnalYh3HBB88X_M0CMswx_woFbRbjtuVnSulZGaKWogsZSR_pbNeJYbWJFLMkyYYCtpf26bCwufmIWtADR6ByigjnX3xyAl6DstoEdacuk8G62c60MlTRBKi94pqGZ62UCsP3LqBt5GHUs-3vZlJQeaItD1ILNzRl8TuZIJ_H3W1lZepoUf0dBs1Va5Txhk9Y3bnsh9dsCAwx5pYYaeEUP7CMN4e1K2GaPoYWh6CLqwlNt2u34PAHds_6inIiVh3M7SL0jiwsjzNUUhjgCuLxaaVBs4DMsTUxB4xdDcq1GK7hogBwpz317fN8WQ2HqxgQM5iAsvytVAcj7jJUzpSjKNkWibp4l86x6EFNlRXwV_YDptz2r4CZixvOfwnCQU8IQyfu5YzNG1wSrCEw3cmLHMPlakJiNUhmIKvSDInIY8V-9k0gvpImukiz7a3nkLX1-siHwnmsPOcbSstxHhQ_kAyiOfZkGemp6RNcMk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.belajarmakeup.com%2F&ancestorOrigins=https%3A%2F%2Fwww.belajarmakeup.com&random=4722467057404&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Thu, 21 Sep 2023 11:26:49 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Thu, 28 Sep 2023 11:26:49 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame F8D7 0
467 B 187ms
107ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=49465100060433704444990012454011&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCFCIQdygMZaOHKbyi9fgPlZekuAum5b2gaZWTnKfJD_AuEAEglZvKIWCVAsgBCakCWDswZyTYsT6oAwHIA5sEqgSnAk_QEUnmNEivlABvrUl1yjjhgXHodGEzloFGli5TXVPgq0LlqlZ_gqjpD1TwAwCvdm9zW1qPbGI5ZAEIWrnV2WfLgLRaYPTfAhijowstC_59si-cq6-Cx2BvgdaoDTdehZ5PTUXpUkpU4wMa6Vw_UxA-46n5ASlu4QvCJ2S-qUdKUrQC0DG_ClYKs2n9W6vD_Ri6bMPAqxmSv_IYJSDWx2K_pbads_vLCgmgdsx7ZcOMhXaqprvnqNav13sbmeTArBodINSHntnUGdTK6S7OzGwUklcwtIGbyX2yMxFEAfqTqejCR6umnaIQIrbcfX1ZI1zbxDF_yougw4gmEJUYkoK1C1LMhvbxg2BDCy0fve38YfjyV32F1jSDYbbTl44adaKp-CD4kMTABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgOYCwHICwGADAGqDQJERcgNAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMI457wo8y7gQMVPFEdCR2VCwm3EAEYASAAEgLJwPD_BwE%26num%3D1%26cid%3DCAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB%26sig%3DAOD64_02BkOBfIj4deEzaYVHLvfoHxqszA%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-AczvIztoHkCmk4-Yx_wNT7XRh3RZshWWMDxQ0IpALvKHCiLMWwOrz4O-LSdRI8o_DxsWS_64K9DN0JFelslTxStlW12D09kHSxYNN1OxP5lq7yvz5PrlhkeEMGpop8Qy695zYXuoi4tEsYa594ZDjKfc2bRR05_nDMoMh3JVy3peZVQJE%26cry%3D1%26dbm_d%3DAKAmf-D0AK6A9GnnJ3E5Gj7VRkURtu93w-uTGwhhpGxHkMn91DaFq4_PfbwXgmrD2nHw1I74MsxHUfqO_heZLfjewZGnXCwDGpWYbnps0Kmd-MjKon7vItFA93XvEdkJzaqfPBrwpRErHa-DDnalYh3HBB88X_M0CMswx_woFbRbjtuVnSulZGaKWogsZSR_pbNeJYbWJFLMkyYYCtpf26bCwufmIWtADR6ByigjnX3xyAl6DstoEdacuk8G62c60MlTRBKi94pqGZ62UCsP3LqBt5GHUs-3vZlJQeaItD1ILNzRl8TuZIJ_H3W1lZepoUf0dBs1Va5Txhk9Y3bnsh9dsCAwx5pYYaeEUP7CMN4e1K2GaPoYWh6CLqwlNt2u34PAHds_6inIiVh3M7SL0jiwsjzNUUhjgCuLxaaVBs4DMsTUxB4xdDcq1GK7hogBwpz317fN8WQ2HqxgQM5iAsvytVAcj7jJUzpSjKNkWibp4l86x6EFNlRXwV_YDptz2r4CZixvOfwnCQU8IQyfu5YzNG1wSrCEw3cmLHMPlakJiNUhmIKvSDInIY8V-9k0gvpImukiz7a3nkLX1-siHwnmsPOcbSstxHhQ_kAyiOfZkGemp6RNcMk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.belajarmakeup.com%2F&ancestorOrigins=https%3A%2F%2Fwww.belajarmakeup.com&random=4722467057404&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Thu, 21 Sep 2023 11:26:49 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 253A3AF8:B63A_91EFC182:01BB_650C2879_1664B550:22022

GET
H2

200

htlp Show response
futalis.de/ Frame 679A
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=49465100060433704444990012454011&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3111259052

350 B
401 B

61ms
12ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3111259052
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCFCIQdygMZaOHKbyi9fgPlZekuAum5b2gaZWTnKfJD_AuEAEglZvKIWCVAsgBCakCWDswZyTYsT6oAwHIA5sEqgSnAk_QEUnmNEivlABvrUl1yjjhgXHodGEzloFGli5TXVPgq0LlqlZ_gqjpD1TwAwCvdm9zW1qPbGI5ZAEIWrnV2WfLgLRaYPTfAhijowstC_59si-cq6-Cx2BvgdaoDTdehZ5PTUXpUkpU4wMa6Vw_UxA-46n5ASlu4QvCJ2S-qUdKUrQC0DG_ClYKs2n9W6vD_Ri6bMPAqxmSv_IYJSDWx2K_pbads_vLCgmgdsx7ZcOMhXaqprvnqNav13sbmeTArBodINSHntnUGdTK6S7OzGwUklcwtIGbyX2yMxFEAfqTqejCR6umnaIQIrbcfX1ZI1zbxDF_yougw4gmEJUYkoK1C1LMhvbxg2BDCy0fve38YfjyV32F1jSDYbbTl44adaKp-CD4kMTABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgOYCwHICwGADAGqDQJERcgNAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMI457wo8y7gQMVPFEdCR2VCwm3EAEYASAAEgLJwPD_BwE%26num%3D1%26cid%3DCAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB%26sig%3DAOD64_02BkOBfIj4deEzaYVHLvfoHxqszA%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-AczvIztoHkCmk4-Yx_wNT7XRh3RZshWWMDxQ0IpALvKHCiLMWwOrz4O-LSdRI8o_DxsWS_64K9DN0JFelslTxStlW12D09kHSxYNN1OxP5lq7yvz5PrlhkeEMGpop8Qy695zYXuoi4tEsYa594ZDjKfc2bRR05_nDMoMh3JVy3peZVQJE%26cry%3D1%26dbm_d%3DAKAmf-D0AK6A9GnnJ3E5Gj7VRkURtu93w-uTGwhhpGxHkMn91DaFq4_PfbwXgmrD2nHw1I74MsxHUfqO_heZLfjewZGnXCwDGpWYbnps0Kmd-MjKon7vItFA93XvEdkJzaqfPBrwpRErHa-DDnalYh3HBB88X_M0CMswx_woFbRbjtuVnSulZGaKWogsZSR_pbNeJYbWJFLMkyYYCtpf26bCwufmIWtADR6ByigjnX3xyAl6DstoEdacuk8G62c60MlTRBKi94pqGZ62UCsP3LqBt5GHUs-3vZlJQeaItD1ILNzRl8TuZIJ_H3W1lZepoUf0dBs1Va5Txhk9Y3bnsh9dsCAwx5pYYaeEUP7CMN4e1K2GaPoYWh6CLqwlNt2u34PAHds_6inIiVh3M7SL0jiwsjzNUUhjgCuLxaaVBs4DMsTUxB4xdDcq1GK7hogBwpz317fN8WQ2HqxgQM5iAsvytVAcj7jJUzpSjKNkWibp4l86x6EFNlRXwV_YDptz2r4CZixvOfwnCQU8IQyfu5YzNG1wSrCEw3cmLHMPlakJiNUhmIKvSDInIY8V-9k0gvpImukiz7a3nkLX1-siHwnmsPOcbSstxHhQ_kAyiOfZkGemp6RNcMk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.belajarmakeup.com%2F&ancestorOrigins=https%3A%2F%2Fwww.belajarmakeup.com&random=4722467057404&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Thu, 21 Sep 2023 11:26:49 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3111259052
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame F0F8 2 KB
2 KB 147ms
73ms Script
text/html 13.42.176.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=49465100060433704444990012454011&nw=1
Requested by: Host: www.belajarmakeup.com
URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.176.194 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-176-194.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 7f2499f841c0f34815b415fca66c3fd53d1dec92110df016fd4459cf742ea57f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
last-modified: Thu, 21 Sep 2023 11:26:49 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 21 Sep 2023 11:27:49 GMT

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame F0F8 0
466 B 184ms
96ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=49465100060433704444990012454011&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:49 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 253A3AF8:B638_91EFC182:01BB_650C2879_1680235F:B82A
X-IPLB-Instance: 40028
Vary: Origin
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame F0F8 43 B
483 B 183ms
86ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=49465100060433704444990012454011&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:49 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 253A3AF8:B636_91EFC182:01BB_650C2879_1664F5BE:22023
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H2 200 impression.php
t23.intelliad.de/ Frame F0F8 43 B
555 B 54ms
20ms Image
image/gif 3.65.87.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t23.intelliad.de/impression.php?cl=2353636373136323131303&cp=101&ag=248&bm=100&bmcl=5373735313236323131303&crid=101&timestamp=1695295609&co=
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=a40a305b4d&subid=&uid=f5e71daa8a949dee&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCFCIQdygMZaOHKbyi9fgPlZekuAum5b2gaZWTnKfJD_AuEAEglZvKIWCVAsgBCakCWDswZyTYsT6oAwHIA5sEqgSnAk_QEUnmNEivlABvrUl1yjjhgXHodGEzloFGli5TXVPgq0LlqlZ_gqjpD1TwAwCvdm9zW1qPbGI5ZAEIWrnV2WfLgLRaYPTfAhijowstC_59si-cq6-Cx2BvgdaoDTdehZ5PTUXpUkpU4wMa6Vw_UxA-46n5ASlu4QvCJ2S-qUdKUrQC0DG_ClYKs2n9W6vD_Ri6bMPAqxmSv_IYJSDWx2K_pbads_vLCgmgdsx7ZcOMhXaqprvnqNav13sbmeTArBodINSHntnUGdTK6S7OzGwUklcwtIGbyX2yMxFEAfqTqejCR6umnaIQIrbcfX1ZI1zbxDF_yougw4gmEJUYkoK1C1LMhvbxg2BDCy0fve38YfjyV32F1jSDYbbTl44adaKp-CD4kMTABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTY5MjkzMzU3NjMzOTg0NDCACgOYCwHICwGADAGqDQJERcgNAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMI457wo8y7gQMVPFEdCR2VCwm3EAEYASAAEgLJwPD_BwE%26num%3D1%26cid%3DCAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB%26sig%3DAOD64_02BkOBfIj4deEzaYVHLvfoHxqszA%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-AczvIztoHkCmk4-Yx_wNT7XRh3RZshWWMDxQ0IpALvKHCiLMWwOrz4O-LSdRI8o_DxsWS_64K9DN0JFelslTxStlW12D09kHSxYNN1OxP5lq7yvz5PrlhkeEMGpop8Qy695zYXuoi4tEsYa594ZDjKfc2bRR05_nDMoMh3JVy3peZVQJE%26cry%3D1%26dbm_d%3DAKAmf-D0AK6A9GnnJ3E5Gj7VRkURtu93w-uTGwhhpGxHkMn91DaFq4_PfbwXgmrD2nHw1I74MsxHUfqO_heZLfjewZGnXCwDGpWYbnps0Kmd-MjKon7vItFA93XvEdkJzaqfPBrwpRErHa-DDnalYh3HBB88X_M0CMswx_woFbRbjtuVnSulZGaKWogsZSR_pbNeJYbWJFLMkyYYCtpf26bCwufmIWtADR6ByigjnX3xyAl6DstoEdacuk8G62c60MlTRBKi94pqGZ62UCsP3LqBt5GHUs-3vZlJQeaItD1ILNzRl8TuZIJ_H3W1lZepoUf0dBs1Va5Txhk9Y3bnsh9dsCAwx5pYYaeEUP7CMN4e1K2GaPoYWh6CLqwlNt2u34PAHds_6inIiVh3M7SL0jiwsjzNUUhjgCuLxaaVBs4DMsTUxB4xdDcq1GK7hogBwpz317fN8WQ2HqxgQM5iAsvytVAcj7jJUzpSjKNkWibp4l86x6EFNlRXwV_YDptz2r4CZixvOfwnCQU8IQyfu5YzNG1wSrCEw3cmLHMPlakJiNUhmIKvSDInIY8V-9k0gvpImukiz7a3nkLX1-siHwnmsPOcbSstxHhQ_kAyiOfZkGemp6RNcMk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.belajarmakeup.com%2F&ancestorOrigins=https%3A%2F%2Fwww.belajarmakeup.com&random=4722467057404&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.65.87.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-87-76.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
server: Apache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW NID PSAo PSDo OUR STP OTC"
content-type: image/gif
cache-control: no-store, no-cache, max-age=0, must-revalidate
content-length: 43
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 29B3 0
20 B 112ms
112ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bxf3UeCgMZcr-GMyGjuwP5P21oAsAAAAAOAHgBAI&bg=!AgGlAU7NAAbbC4-Z-ws7ADQBe5WfOOrKZL_vXpJH6d3ypdAf-ZkWPfYwssUFySRvF2USLpyAkCw-dPSQglgbHMk_mFgsAgAAAI9SAAAACWgBB5kDDvBY6IpQWorMdIAiNE1OiZF3OFyUQFr_LV3rjoWtLGHIcHm8yK4VuJ01T6VRgpixsL6YhyLxBLI4eZmNB05kn39PPpvga3zReqAV84skeWDJ7pXPMf1gDCKA9DCp32rmeEtZrVvWZUDsnK42vAYKW6WH8d8ihkSwTp19DpoFn-z1xj_C0BZ6B7Mpwh7-lrxQjo86I7v45TRIitW9s-WZ_SnFKpCeXlGPjk2dOOxDWd_6E2LWdt7uOcorQUQjqgjDFndCNMs2mCI2gyJOHFlY0Fe-gQz4RWyVEo1JTPE7woMGBaAyIrAP19WkObIUXwpG76PcSHjFznF5S2YHPn5oDQfgSr9pjXjkDlgqK1YoVzGkZXzUgu51qewPKXrqH9LeBAlSmQGewXqiEj1zud7-M2ndTK70i5VPMLB1MOYYq5vIatLp_0BBXBtqbpYxG4eK2lQP2pdLrwkhbWoBMKRQgZdNbkinTn8GhL7-JHPitnugcDUmFtRlvFz0gRqtioAXDkBQY8WQjcmwOHqV8t5Gn3Im_t_E8Aq1Gl4rUj3FYQYX3B_Le_ydy8C-59hHh9MfjhL8utPujfojMvlpKyg8R58Gz4_9glNHWfp9iLbjNEjtWzeHVIB5gpyhokTRIDcHn53PMJ-_k4c9iLS7k8WQnOOtbOd2p5MJhsJ4UC1jkbTntn1KfzL1NplnhR74VwhYqo7qHrIY-kteK45vL1KiPC_Rh8sk9pveUxus6mFDO4xB7iIQSKachlIRvmecrBH1xZ3f3T_qoH9fTd1HFPHg6-jybXJhODT2Di2Ol8L3VeA_l25lKuuspbIUIAtZEacDxc6gl-Qqk36aR_zWWCBRs91VMW5h6Pja8xfSzDtRxi5KUg2NthKi_fT7RuGrAZj1TAp_cwUVSwuWNxc-DI5906ejMgfygmnK9rKIyAALZmMVKkDA-J6_vQ9f9VMvnezxsTA-G2895-Ik2Kf2b5jm-K3DofcR6Hq_rx0v6mp0zekxTVCi1YV05-hT270TCoYA0cU58jVI8BmI84vc2UXS

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame C809 171 KB
62 KB 41ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4ab711283498f751cac366ab6381c28fa812be449994a4fe9bfbf9744aff92cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63125
x-xss-protection: 0
last-modified: Thu, 21 Sep 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 21 Sep 2023 11:26:49 GMT

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 679A 5 KB
5 KB 12ms
11ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3111259052
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

POST
H2 200 all
csm.eu.criteo.net/ Frame 5B64 0
127 B 15ms
15ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame C809 271 KB
90 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2aede64d1a69f513ce3a953630a3439a8a503aea839c8851ec8853de1f380e51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92550
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 21 Sep 2023 11:26:49 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame F0F8 51 KB
18 KB 55ms
8ms Script
text/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=49465100060433704444990012454011&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 17:56:23 GMT
content-encoding: gzip
via: 1.1 6b25d4ce9efa3f2699980e1915129606.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 63026
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: RadhJGn_WxJSSFhxLY8Gi_1NDBuj-Tgxy-XBeetywV657jEHalQ2VQ==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame F0F8 3 KB
3 KB 38ms
8ms Image
image/png 99.86.4.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1695295909&Signature=Gdis4GFupcG5pES6OPwNxKQfHjm8R4bhMsIhEVKzdTpEkgqf3WEu5rO0rzhEFI1EmN2RU8QLp1NvioUTTo2HdQ3tQyqhO3fU59EThoe04zzbcyfURJUMoe67A2ZHiB7hNjVQ3qkDuv7tPSC8L16FkF89auuTcCX~YoBqD6C~McfFRLZktVOU6A40FeuZdsHRm7wqVBhPX0Pu06cAxxxCszRslXLR0DEq29G2OdLsA6tlF7iHnv5K1nLiI1vLBD9IIV7cDjhzmXX~AHftVq5BpDwQeZW~efB7TbG6Qi3MPgSPXRIKupSm~YZTQLF6aPzn4w~2w1jXlVQB2BxP6UiqPA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-53.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 21 Sep 2023 04:18:29 GMT
via: 1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 25700
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: f-k71CHOltOlp9bOObN5JR21j47SkEalT2tVfOt15ZZwWcHrqTQUSw==

GET
H2

200

activityi;dc_pre=CM7C2qTMu4EDFW4TogMdiTwH8w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909 Show response
8019191.fls.doubleclick.net/ Frame DC3A
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CM7C2qTMu4EDFW4TogMdiTwH8w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909?

391 B
332 B

89ms
88ms

Document
text/html

216.58.212.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CM7C2qTMu4EDFW4TogMdiTwH8w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909?

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f166.1e100.net

Software

cafe /

Resource Hash

f987b1fd6fd33a1b1c5799dbdf68f2f34e791934800cb5e57ff4bb7641e25ed9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 223
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:49 GMT
expires: Thu, 21 Sep 2023 11:26:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:49 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CM7C2qTMu4EDFW4TogMdiTwH8w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900011.redintelligence.net/ Frame 2CC9 7 KB
3 KB 36ms
13ms Document
text/html 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 382f6ecabc4c373befbec143fc9c00948621a1757282f43cd71a6af48ae3c414

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2242
Content-Type: text/html; charset=utf-8
Date: Thu, 21 Sep 2023 11:26:49 GMT
Expires: Thu, 21 Sep 2023 12:26:49 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 36B8 1 KB
643 B 9ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 32276
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 02:28:53 GMT
etag: 48472445140208031
expires: Fri, 22 Sep 2023 02:28:53 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F0F8 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c9cfb4e8e5e13475dca14e1f088719724e6f4a116801ea8e8212eb13e84d442

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 2CC9 5 KB
682 B 20ms
19ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900011.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 21 Sep 2023 11:26:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 21 Sep 2023 11:23:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 21 Sep 2023 11:26:49 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2CC9 56 KB
56 KB 45ms
19ms Image
image/png 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 88f4f91456e939e0490e23296f48f6b39a9808c8ecc1f50b02144b5be4c2a5df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900011.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 57466
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2CC9 64 KB
64 KB 39ms
12ms Image
image/png 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 10d81ddd95304488a44cf1c40f09ff60da92ac1b67056ec6a07719a61000330f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900011.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2CC9 40 KB
40 KB 41ms
14ms Image
image/png 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/71572/creativesup/iQ_Online-Deutschkurse_1200x627px.jpg
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d7fc3e93277973a620126d674f6d37fe6fe78b59dd39db073145947b76cad9bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900011.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 41077
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2CC9 46 KB
46 KB 40ms
13ms Image
image/png 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: bd7a1c0837764d97008df34fde45b62a6f0195dc3a4b68101565eb3c9fc431e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900011.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 47178
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 36B8 0
103 B 16ms
12ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEHIPJxzcqnvwNbH-Bfof-DQ&google_cver=1&google_push=AXcoOmTtF9Ry3xUsh9tONkG2B93E6twO9EX6DX8kINlaV8yAfgPdm1qRvKSqVS1pAFRD75kK8TOSY70R3H6CXnLCSrB4ar0LH1g
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 36B8 43 B
145 B 13ms
9ms Image
image/gif 3.124.69.248
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEPcCQKdzhPr6Vikoi5ERHZY&google_cver=1&google_push=AXcoOmTNMHc2dyqDokU3FsPGRihFGhou2n3m_BLDY8KD1_fSugFL9obNuLa-186P1PkVjqgaD7-WBpm-j2qzvZRkkLWA1INKA_w
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.69.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-69-248.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 36B8
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmScNH...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-_Njh10B3zynurw3uR8322_BaGgughLKFJxF--g&google_push=AXcoOmScNHE0Wri5dc0ALlCk2-JYvH8Bsx5cR3Qwrq-LrlN0X8Jt5weUkYi_bUNA0Q8xtTM7bhE8i518iaof...

170 B
188 B

26ms
26ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-_Njh10B3zynurw3uR8322_BaGgughLKFJxF--g&google_push=AXcoOmScNHE0Wri5dc0ALlCk2-JYvH8Bsx5cR3Qwrq-LrlN0X8Jt5weUkYi_bUNA0Q8xtTM7bhE8i518iaofPUC05GrpMt4X5f-X

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-_Njh10B3zynurw3uR8322_BaGgughLKFJxF--g&google_push=AXcoOmScNHE0Wri5dc0ALlCk2-JYvH8Bsx5cR3Qwrq-LrlN0X8Jt5weUkYi_bUNA0Q8xtTM7bhE8i518iaofPUC05GrpMt4X5f-X
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 737904
content-length: 0
expires: Thu, 21 Sep 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 36B8
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEFBXrgFzrhJnq4ZAYK88qJU&google_cver=1&google_push=AXcoOmTvW9qS-MzhX06kLeCEYHhc_VZzeUGdD797PmVjAUhFggjMdr_dMQK0Tlu4AimCmPioKjbVM8-T9tboT...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmTvW9qS-MzhX06kLeCEYHhc_VZzeUGdD797PmVjAUhFggjMdr_dMQK0Tlu4AimCmPioKjbVM8-T9tboT4keaJyfLKU_Jpfj&google_hm=QTJDNkxrS1pDV0J1RDh5...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmTvW9qS-MzhX06kLeCEYHhc_VZzeUGdD797PmVjAUhFggjMdr_dMQK0Tlu4AimCmPioKjbVM8-T9tboT4keaJyfLKU_Jpfj&google_hm=QTJDNkxrS1pDV0J1RDh5dVJCUHo=

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 21 Sep 2023 11:26:49 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmTvW9qS-MzhX06kLeCEYHhc_VZzeUGdD797PmVjAUhFggjMdr_dMQK0Tlu4AimCmPioKjbVM8-T9tboT4keaJyfLKU_Jpfj&google_hm=QTJDNkxrS1pDV0J1RDh5dVJCUHo=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 36B8
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEChO217v1J8aycX0tRJYEnE&google_cver=1&google_push=AXcoOmRmYD451Eq4yUZYXCrrCK0Y8dbywgullMTrXZ1EWqkxpaGZhNc2q5-tuvrpiPi964n5GxZ7MztKm1TA4hpmv...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRmYD451Eq4yUZYXCrrCK0Y8dbywgullMTrXZ1EWqkxpaGZhNc2q5-tuvrpiPi964n5GxZ7MztKm1TA4hpmvwNpN3RB_3I7&google_hm=HW6OpGZHog_BP2MLTTiZ6FoJ

170 B
188 B

21ms
20ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRmYD451Eq4yUZYXCrrCK0Y8dbywgullMTrXZ1EWqkxpaGZhNc2q5-tuvrpiPi964n5GxZ7MztKm1TA4hpmvwNpN3RB_3I7&google_hm=HW6OpGZHog_BP2MLTTiZ6FoJ

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 21 Sep 2023 11:26:49 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRmYD451Eq4yUZYXCrrCK0Y8dbywgullMTrXZ1EWqkxpaGZhNc2q5-tuvrpiPi964n5GxZ7MztKm1TA4hpmvwNpN3RB_3I7&google_hm=HW6OpGZHog_BP2MLTTiZ6FoJ
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 36B8 0
43 B 260ms
257ms Image
text/plain 13.114.117.211
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEGh9FoQHnZ9f5mKvuXRkRXw&google_cver=1&google_push=AXcoOmTso15hXsMnn-N55O1kCXGcx1mNklZcykSxeSu_lzEs1rKH55UEtBGFSfxlBC1tf1JQWuKv6B6-0bh-vknkhuDF5PlY7pQ
Requested by: Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.114.117.211 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-114-117-211.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
server: awselb/2.0

GET
H2

200

/
onetag-sys.com/match/ Frame 36B8
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMwHjbfS4LrdO7h_7hRfKBM&google_cver=1&google_push=AXcoOmS4WXwwL-0Ahi2jiEPGTa6ozvjeVllgDwvb-Ndk-DzGSw19KPaGE2eLgIXWnjdiPmN8gE7rBBTF5Mf...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS4WXwwL-0Ahi2jiEPGTa6ozvjeVllgDwvb-Ndk-DzGSw19KPaGE2eLgIXWnjdiPmN8gE7rBBTF5MfmVKUxCZqRJIgQvl8fuA
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

16ms
16ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 36B8 0
12 B 20ms
19ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J0SZfH09OewLJZ2x4vYQmbpZlPgifS24CDquddB0Ta-mbiWgkp4hdP5WGNaHlA2HbrvsM73Q

Requested by

Host: af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900011.redintelligence.net/ Frame 2CC9 0
150 B 36ms
12ms Script
text/html 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900011.redintelligence.net/viewability?s=49465100060433704444990012454011&a=6281983d&vb=m
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:49 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 2CC9 14 KB
15 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900011.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 14 Sep 2023 21:33:46 GMT
x-content-type-options: nosniff
age: 568383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Sep 2024 21:33:46 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 2CC9 15 KB
15 KB 11ms
11ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900011.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Fri, 15 Sep 2023 09:02:57 GMT
x-content-type-options: nosniff
age: 527032
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Sep 2024 09:02:57 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CB01 42 B
64 B 113ms
113ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss50bI9uxGTgm8uzNB7B7_mlCN13JJtAcEsEDBgnjVVwjPneMbxlxGlwN1GH-pYrD2T97qIaPO1Xx5QguqA6hmgQHArWt-acChrkkA&sig=Cg0ArKJSzGXgOv88CfalEAE&id=lidar2&mcvt=1036&p=549,323,829,963&mtos=1036,1036,1036,1036,1036&tos=1036,0,0,0,0&v=20230920&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=209278443&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1695295608155&rpt=307&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CM7C2qTMu4EDFW4TogMdiTwH8w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909
adservice.google.com/ddm/fls/z/ Frame DC3A 42 B
401 B 110ms
48ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CM7C2qTMu4EDFW4TogMdiTwH8w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CM7C2qTMu4EDFW4TogMdiTwH8w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5662082255894.909?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame B0E4 0
127 B 15ms
15ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:48 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 100ms
99ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309140101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05f9940c3c3d96001b39ce8f1a1e5b93d1a0bbb87a46ca1300dbe23e170ddd42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12254
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Sep 2023 11:26:49 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7C5D 13 KB
5 KB 8ms
8ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3199
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 10:33:31 GMT
expires: Fri, 20 Sep 2024 10:33:31 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F726 829 B
561 B 18ms
18ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a417e6287a5a856542f803e5179f6c7b76cf24d2624396cd88f32047662c9d77

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-__p6NwNl0QRU48KeV98IAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.belajarmakeup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-__p6NwNl0QRU48KeV98IAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 11:26:50 GMT
expires: Thu, 21 Sep 2023 11:26:50 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 122ms
24ms Preflight 3.9.77.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.77.36 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-77-36.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Thu, 21 Sep 2023 11:26:50 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame F0F8 16 B
209 B 61ms
60ms Fetch
application/json 3.9.77.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.9.77.36 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-77-36.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 21 Sep 2023 11:26:50 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F726 0
0 110ms
109ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309140101&jk=102211537610441&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

GET
H3 200 tGcDLxZnxcZjneq6ZTfMhLSKmVRaNAcBIKHxIKG0fIc.js Show response
pagead2.googlesyndication.com/bg/ Frame 7C5D 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tGcDLxZnxcZjneq6ZTfMhLSKmVRaNAcBIKHxIKG0fIc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b467032f1667c5c6639deaba6537cc84b48a99545a34070120a1f120a1b47c87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 09:48:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5892
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14772
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 15:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 20 Sep 2024 09:48:38 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7C5D 0
11 B 7ms
7ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?DIAyVw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 11:26:50 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F0F8 42 B
64 B 114ms
114ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssb_gaWsQSqCvY1iFNnplS_A0-ZAtNx_UaYgl0Wz3uRCvuDpcpDqg_gcACl_3NLHLN8kBPs2clISLZat9sQtPanptuRhmKKL6FhipCY62Ae8E2ugMFpFuo98lDijNxJ3pk&sai=AMfl-YQ1VN6gFgYZvqgfLmCReFOZ8zW1tcd1HEQYC5Z8gmrMI_uL_fmY6m47PAOjiUB0jFcv7ynStUbzpF1S7iLeDde3SZ5pFPYnC9FsjZkcTQETkXdwpU3Du8Iu2JeD&sig=Cg0ArKJSzHhf4PB-LrBOEAE&cid=CAQSPABpAlJWjppNE2CukILs8l_rFFj-e8YsJ4rnjfPItdZfCIiwBVHhheoik38rCe9eTO_aKcF7eEOGFTjE8xgB&id=lidar2&mcvt=1027&p=135,315,385,1285&mtos=1027,1027,1027,1027,1027&tos=1027,0,0,0,0&v=20230920&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2616755907&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1695295608121&rpt=1246&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900011.redintelligence.net/ Frame 2CC9 0
150 B 36ms
12ms Script
text/html 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900011.redintelligence.net/viewability?s=49465100060433704444990012454011&a=6281983d&vb=v
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900011.redintelligence.net/request_content.php?s=49465100060433704444990012454011&a=9d7fc62b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 11:26:50 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0F8 0
20 B 108ms
107ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9164127765772&version=m202309120101&ct=77&x=1&cor=3279428604392885000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 11:26:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 114ms
113ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309140101&jk=102211537610441&bg=!4-Cl4K_NAAYrDsWMCw47ADQBe5WfODHONbVWmy0L-b5kidQ2cGvtK4Yalro57FUt6H4LXFmP2HsaXq3KriFTP-IitMWuAgAAAINSAAAACWgBBwoAuBbGecRvkA0qsFVOfC7k6CJa25iLTnYaH22Tf962tXsr_XgfaYD-asRDH-DNao2mgmttCuWkr3jiTu3KlnwduVznifa5cuHIZo0MU3qdjqMzYHRomty8nkWdEUekxK0t4hGuIqFXe30zBTdFCcfvZCUskTu0_SWIb9uJ5lccFEWICxaf05TA7xLYZfNgH143heek95VV2EIX-m0_xIovCbYdzdgBc8kTGtJupQs5bEsGUD7mMEODiZKZArWy9En8ikeKlSZCfCVP60iLNM6gvOsdk02gMb1hUMyoKeX8QjNcEy5nK-Yx4V1oGVLyEAs5uil9cfp0H95WKv2VN-4kI20_unlZqTvIBH4780BR_yarElwVy_96dOgT-Htt0KhUs-JOIOHj7M3XJNETxpqriwSdiLNoUgjyq4xxcTMCSI5gf_RgoFqIW37xEZVKPiRr4w5_r10H7R646LYp9LFeqwyazYOhVGXeJbBtOSUaC7qY9bevlW55ye0ljsc18YJAS1zfS79KlARxD6v6Xs0YIMzCaezuHPwoU_mrT5M37uI5SeGZFZbCugxckT1T7HadRzS8j3FV-eLu9nk09sJB7CYGZszvsbj_c-bYXKh2rwLWkXziL3jTWq1FQS0I73pRq2-Gbo058fIeNxXkkoH5glhyKcAz_hy3GNKn6WyB_Qct_1LjeZD9yLbQYTrjPYoltR6L0Z6ao8lq_RRDYZ_W84rPvb1phCUPikBdtkW16EW0efUtS99XmkD19N2hvJIjb1Zs6sqTfsEmY_DbXSoWy4lom2S48UNRkYDS1fTT3AQD8h-Yp5vOotRnzL8xHbzOHpGfHwKzrH-vSdBLl8FC-xRsgLkZEpOMzJ2uSCkYtb6r61XKsQsId7kWgAj4apBItrloErD2DgRfgKPBo0Ce8DhQRZrHLkN-J-z72UBCP-ABPvVxaEENEuDUxG3ohtyEzt2CM9V830bz6qV37B0FoY2sJVth_xvyjRFS7-bVr1rysWTqyaoEdKH76wMthL03ymExaqGbr0MFNEhwGx95i6I4-jcLDibPaufj7ZwmyfC8wSMZQFV7HUWKBJEDLm2tPLnOW_mz5JKGhGE34oxNph6olF_GghaJ1qWQn_aaB3Z_rOrIYJIvhLGRdIwFs3QWVThoMl8zuKy5YVhdEuqH8_0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.belajarmakeup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstiEzcCB239I5G2gRBqHnOje1iZVxA119MjVcLE8Ot6je_UF1WwAMJ3x_vK7QGgjkooh6r1iEr9zyeoEWlXOgWlYbYaUWmF83iPh3pVlpqhWJp7C8bkuqt5qouTECRQrO1pGiNU1lQlERYnpYD3pmllIYmJAEnhESMp0FzKCwJHYQlztdN0weMWSGhSxSgFJBlu4d2m12VCA8zSE_0yqhDO2hmhZLFGE6FP-2gNUOJIvjSkosMs7F9zSkaMlLCblYq-TounsdF1o7Mu__Q2i9PsjAD1UeiaD33DaGsS4uNGUjwQlgGEvXrpiqU0TbjTT-D5xKWSybwahvDHlotXf3MyVj0eBVnk6ubGDzBSVLpydoAPYKPItFSFQdSTjbAGvb_VfAkZYOx_QBlejmmBJ_rPFw&sai=AMfl-YTpsTNRzGwEW4KEG6kJQVRlYQXdDYlML-Wa_pSKbWHwrja3iuNFmHQfBteW8qcMDUTdo88N9mTCv4zIDmfucDdRDA0UJRGQwcV-4r1Cu6wCldWXjoWbeqvUsLuOJ6XWaC9ZoVjE7hmD22urHbWI&sig=Cg0ArKJSzGdd_XcGtasyEAE&uach_m=[UACH]&urlfix=1&adurl=

Domain: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstFaLBSehXkQ5AcPMNHq9oDyNXRwqznng4_5BfkSv_ihuKpC8RnlmpljOH_e9IKT0PkmWI7CgrJD3R36OH0pDZprxDMAZhH-u60L9fB3yf8t1bTeHyJ50zwWaX7pHsHP0SPM1Kh2wYt7zPRrJX37xivU0vvowXwchbHeWIUgP_tg72aYZE5POm3Lrlb39HQltTTEow2FLn63QU28kOaJotbgboeoMUTZmLAPm5u52F8xjr2_TAxWaG-5FKJUK4Nps7NVVGImS_Jfeawnu4rm7DAkcj6BDZ07rN8OlWIAVsIR0Db11q-2l0SCsRSH5B_WiV41-Fe9G28O7KmXdxa_RXjTIyvMyg2VbDeG6ZPcAb4ZUqxvMn_4LUmOvS1fwpInLLQK4VGOB_G_8087QX56V90FL0&sai=AMfl-YTohLm478p2PE5ALWfS9YwXvbqVMpH7cpcjYHcPtSqpS3zqX9GpPTq0bxf_2C-1dnAMtxwELDRDFrtw887I2IHbs2sNIJJw5Bd64T1JZbLUe9ZaNv8yjgjM8yh-WUjuX6lpR8QPiqOM8tDksUw&sig=Cg0ArKJSzJR4GoJsJyJ5EAE&uach_m=[UACH]&urlfix=1&adurl=

Domain: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMKuGKiIVvzQy0kqCVKZxvmtgqPUcXwXTxk6WwymBKZ0xhb19njr71eWJ3prVNJd0sZI1zpT-xgdXD0AYhnLTGxURYZ1aV6okQAf8sMBw1dmMMk_quBZKOevHymORbxuvoMnjzgrEgnPYwVfR_gSSWtleaIyPwQk8F9eS8r_bfcLHWDN62v8iY99Qo3olwMQyp0b2qlFDbC1yFvV9BcuxUagHYcX9iUroFPJi7H6BUnlVp-c_Tj2q9KbOrihmlbca7vHUi-nY3GJdF8Ezexq2B5tgKqYrJ7t545RD7se1KUb2_vuiOUgj6eSTLkm1V1hUCrFfcrbXCvCd-2HDB4Lc2UHtyvKMUsJJfK_8vRvBzU2ZWSjNG_RGcoqFN87EfdAukN3Iw47RUI8lWJfWKa7FMXNQ&sai=AMfl-YTvjN5pe9ynHpgYRJaFWE7tmZffbvfbxFTFQNredYE_U5PJKEzbXu9j_0yt2poy7KlrwlHgwfbI7Y9htmYfoA9L5M5yy4FvCbafV0UUxu3mRdFbV89DfrI7h__PhQs&sig=Cg0ArKJSzEg1uMZwvLucEAE&uach_m=[UACH]&urlfix=1&adurl=

Domain: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssl_a-Znk9hlsyOWbDygJGWsJq8LrNpLtNyam8MgJPQVykRuQdgNDrxSfxgtJ0Gcd9AxIpFcswoovqv52hw2lhYsE9G595_SgiUtJYeP82AICIOpo38yGDjpcsYSxctI_sTO7RV3YqfpYRQ7lQYPXD9NDTWV3rtMXT7DfmutB4QeJqbdKmwSEkQcsV2ZOyLONUzt9oH3iGBqIo9BXLsNc1f9uVDIOKIkpna22l8vRdIXuqqr-BUzjZMUNBwArKJfWonT-HUIqfCFNDmX2BlLVQ4YqlG8Kt0NbUviuRPwSnJsMMO-MbLD_8c_xIFaUEZHM6Q1lOCWiBEAIL_lO_EVDp7vwpLjgLX7m0klBs-Ms-CCZszgusIP6J2z2vUKp7-OQ2AKnOOBzTMxRU33vIV9PZwBPM&sai=AMfl-YS1s9B_O12S84ZgqSsD4DO4zGYsM911EF2yvnKcMvL_YuWMcXad4g7oiq4LPB1E3oRPhXxqWixz8w63z8o2gQbmcXDT7-Ie-AIyKA12ZTVIH5Q6qU4OTzTyT5b9RA&sig=Cg0ArKJSzAwEtRs9ic8TEAE&uach_m=[UACH]&urlfix=1&adurl=

Domain: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Domain: cs.chocolateplatform.com
URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEOIfY21yr6gCHeCl9e09qAM&google_cver=1&google_push=AXcoOmRui_sJvgJubKJJ28a35rXNbok5bAnxn34gjPEczZtAJwGgTB323fCuI-xvDkvqKz1he3W0ufhJ7HpnMhmxcmGY-U5RNKQ

Domain: sync-dmp.aura-dsp.com
URL: https://sync-dmp.aura-dsp.com/match/google?google_gid=CAESED9Nlqt6G6ndiVeBSfXvmQo&google_cver=1&google_push=AXcoOmTODfd74mz1ru-l6M0Z-43NRJMsiXP6a0BwRcs5wOQc0XWRxx-9KC3m83bgDK8bEiNl-TzWZnwV8_09gLWy8XS435C_ewft

Verdicts & Comments Add Verdict or Comment

202 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
live.demand.supply/	1970-01-21 00:30:55	Name: demandSupplyTi Value: 37a06333-e3c2-4a33-8e4c-fcd8104c0da8
.demand.supply/	1970-01-20 14:54:57	Name: __cf_bm Value: GjPKB1d4QLmv8bfyySGZuGR6WEgErV1QG8Njyziu7Ec-1695295605-0-AVA1G23mYvDf8cExXUygWVl+aamGocYNOeO2+q9Kvk65Q/LlVY3+gtlEZhwtf1kkJhvWpU7WC+m5f8YO7zTh674=
.mgid.com/	1970-01-20 14:54:57	Name: __cf_bm Value: 2p.3qasGpnUaK40R6561xblyREvqoo5y1XNOhNJFC8Q-1695295605-0-AdqMvoOR3EW1ZUwW6l+MtESWzn4NWGJq5nHBRJSU8jlcXMRwnFSvle50VVgtdOXqGxP7znw6n/MPRW2zy3urAZA=
uidsync.net/	1970-01-20 23:40:31	Name: rauid Value: eL9E2vXyERv8fRA8RpPVYi
.belajarmakeup.com/	1970-01-20 14:54:55	Name: lotame_domain_check Value: belajarmakeup.com
.criteo.com/	1970-01-21 00:16:31	Name: uid Value: c4b937a6-95f3-44b2-beb2-d362a9ada3c4
.belajarmakeup.com/	1970-01-21 00:16:31	Name: cto_bundle Value: LAH61F9rcUNQVUF6Qnpqa2Y1bmRNTDNLS000a1pxbnFncjV2RW0wUmgzYWklMkJ4d2NnN3Q5ZDZUSklTajlLMnBQc0Jscnh3SGRDajZleFZUdWM4a29NTU9lUnV1U3I0Zk80N24lMkZHYWI3STNMcllNZzlMc2xldW9CMXdqclBhWUFVJTJGbnhjZHBKdCUyQiUyRnB5b3paNVRKN0pFNjM1MU41MyUyRkg4dEZNaXclMkJhVUJsVlZpUmhaWSUzRA
www.belajarmakeup.com/	1969-12-31 23:59:59	Name: MgidStorage Value: %7B%220%22%3A%7B%22svspr%22%3A%22%22%2C%22svsds%22%3A1%7D%2C%22C1027625%22%3A%7B%22page%22%3A1%2C%22time%22%3A%221695295606965%22%7D%7D
www.belajarmakeup.com/	1970-01-20 15:38:07	Name: _pbjs_userid_consent_data Value: 3524755945110770
.belajarmakeup.com/	1970-01-21 00:16:31	Name: __gads Value: ID=930eb98dd228511d:T=1695295606:RT=1695295606:S=ALNI_MYV1Ih5ZXVGemIq1c8zLVXCrXVB7Q
.belajarmakeup.com/	1970-01-21 00:16:31	Name: __gpi Value: UID=00000cacdfb29891:T=1695295606:RT=1695295606:S=ALNI_Mbp6dfNZS7er8qvuJhrfRpG14uJqg
.doubleclick.net/	1970-01-21 00:16:31	Name: IDE Value: AHWqTUlJW0SElXgt0RLgHI0QoLTPapyBAqvVPNOliaRXRYtLTtGHEIG0qgsOQgaDUU4
.csync.loopme.me/	1970-01-20 17:05:58	Name: viewer_token Value: 335c1656-a319-4d22-87d9-c95a84bdd15d
.de17a.com/	1970-01-20 23:33:19	Name: guid Value: 1.7006946107019966895
.googleadservices.com/	1970-01-20 17:04:31	Name: ar_debug Value: 1
.casalemedia.com/	1970-01-20 23:40:31	Name: CMID Value: ZQwoeKhTU0mByXTvkI-RtQAA
.casalemedia.com/	1970-01-20 17:04:31	Name: CMPS Value: 3228
.casalemedia.com/	1970-01-20 17:04:31	Name: CMPRO Value: 3228
.adnxs.com/	1970-01-20 17:04:31	Name: uuid2 Value: 5767575971186684998
.doubleclick.net/	1970-01-20 19:14:07	Name: APC Value: AfxxVi6Arjx9olBfY_t99XHIoSm7YWEduoGgfUptHa2iHs8TiSpz6Q
.lijit.com/	1970-01-20 23:40:31	Name: ljt_reader Value: HW6OpGZHog_BP2MLTTiZ6FoJ
.adnxs.com/	1970-01-20 17:04:31	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Il^nTU%h!]tbPl1M>e)ZlrFUfJ+tGXxpKPRjX^_$6@hLy'^m:D6kE!nXp_K?Q2+ho4:3If)y3KL9D3I?+YunTi
.redintelligence.net/	1970-01-20 17:04:31	Name: 8lcfmzhxc8d6_uid Value: c9c14685d41a2040
.zemanta.com/	1970-01-20 23:40:31	Name: zuid Value: A2C6LkKZCWBuD8yuRBPz
.retailads.net/	1970-01-20 15:38:07	Name: ppb2172 Value: 3111259052
.t23.intelliad.de/	1970-01-20 17:18:55	Name: iact Value: 000128927751FC61B05ABFF6B1969FC6EA05
.t23.intelliad.de/	1970-01-20 17:18:55	Name: iaimp_42842 Value: 1695295609:42842:100:137:101:248:101:202309211126491795935acf61c416
.futalis.de/	1970-01-20 16:21:19	Name: raSIDb Value: 3111259052
.office-partner.de/	1970-01-21 00:30:55	Name: source Value: {"webgains_webgains":{"timestamp":1695295609310,"clickCookie":false}}

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://i0.wp.com/live.staticflickr.com/65535/50377386941_75f7e8f4f7_z.jpg?w=1140&ssl=1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://i0.wp.com/live.staticflickr.com/65535/49332793888_8a5840c330_z.jpg?w=1140&ssl=1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://i0.wp.com/live.staticflickr.com/65535/50411901351_ebd2298621_z.jpg?w=1140&ssl=1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://i0.wp.com/live.staticflickr.com/65535/50377386876_e6c6022d39_z.jpg?w=1140&ssl=1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://i0.wp.com/live.staticflickr.com/65535/49333485142_6976dfc56d_z.jpg?w=1140&ssl=1 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
network	error	URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEOIfY21yr6gCHeCl9e09qAM&google_cver=1&google_push=AXcoOmRui_sJvgJubKJJ28a35rXNbok5bAnxn34gjPEczZtAJwGgTB323fCuI-xvDkvqKz1he3W0ufhJ7HpnMhmxcmGY-U5RNKQ Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
javascript	warning	URL: https://www.belajarmakeup.com/salon-kecantikan-purworejo-klampok-banjarnegara/ Message: The resource https://live.demand.supply/p4/v17-10-0/d3d3LmJlbGFqYXJtYWtldXAuY29tLw== was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8019191.fls.doubleclick.net
a.mgid.com
ads.eu.criteo.com
ads.pubmatic.com
adservice.google.com
adv.office-partner.de
af3b854f7290f4e4dad1e7f71bc9860e.safeframe.googlesyndication.com
analytics.pangle-ads.com
analytics.webgains.io
ap.lijit.com
api.demand.supply
api.webgains.io
b1sync.zemanta.com
bcp.crwdcntrl.net
c.mgid.com
cat.fr3.eu.criteo.com
cc.adingo.jp
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.mgid.com
cdn.prod.uidapi.com
cdn.retailads.net
cdn.track.production.webgains.team
cdnjs.cloudflare.com
cl.imghosts.com
cm.g.doubleclick.net
cm.mgid.com
cs.chocolateplatform.com
csm.eu.criteo.net
csync.loopme.me
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900011.redintelligence.net
i0.wp.com
ib.adnxs.com
id5-sync.com
imageproxy.eu.criteo.net
imp.accesstra.de
invstatic101.creativecdn.com
jsc.mgid.com
lb.eu-1-id5-sync.com
live.demand.supply
maps.googleapis.com
maps.gstatic.com
match.adsrvr.org
mts0.google.com
mug.criteo.com
onetag-sys.com
pagead2.googlesyndication.com
pixel.wp.com
pv.medialead.de
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
s-img.mgid.com
s3-ap-southeast-1.amazonaws.com
securepubads.g.doubleclick.net
servicer.mgid.com
static.criteo.net
stats.wp.com
sync-dmp.aura-dsp.com
sync.teads.tv
system-notify.app
t23.intelliad.de
tags.crwdcntrl.net
tpc.googlesyndication.com
track.webgains.com
uidsync.net
www.belajarmakeup.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
cs.chocolateplatform.com
securepubads.g.doubleclick.net
sync-dmp.aura-dsp.com
www.googletagservices.com
104.18.26.193
13.114.117.211
13.42.176.194
136.243.56.135
138.201.63.164
138.201.64.38
141.95.98.65
142.250.186.130
145.239.193.130
157.90.33.121
157.90.33.68
162.19.138.117
178.250.1.9
178.250.7.13
178.250.7.9
18.66.147.98
192.0.76.3
192.0.77.2
213.155.156.182
216.52.2.91
216.58.212.162
216.58.212.166
23.32.184.192
23.32.185.35
23.53.41.88
2600:9000:2250:1a00:a:e047:753:6381
2606:4700:10::6816:3456
2606:4700:1::6813:814c
2606:4700:4400::6812:297f
2606:4700::6810:5814
2606:4700::6810:8516
2606:4700::6811:190e
2a00:1450:4001:806::2002
2a00:1450:4001:808::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:812::2002
2a00:1450:4001:812::2004
2a00:1450:4001:827::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::2001
2a00:1450:4001:82a::200a
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2008
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a01:4f8:d0a:2321::2
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:2638:d::13
2a02:2638:d::4
2a02:2638:d::c
2a02:2638:d::d
2a02:fa8:8806:12::1370
2a0b:4d07:101::1
3.124.69.248
3.33.220.150
3.65.87.76
3.9.77.36
34.96.70.87
35.214.244.115
37.252.171.85
49.12.16.151
51.89.9.252
52.219.125.74
52.221.3.211
54.77.82.203
64.74.236.127
65.9.66.122
99.86.4.53
018e5246c558914b4537dc48bea241a728d7ffd93dd4b8b2661e56b8bd83a402
01cbb105faef1373e9d53ddc5e62c9c7b5f66cbc64c2c045a3daec0328b831e6
0239d84800d90f767050e8e528d7be59743db88b3ac79a498bc2077b22f11189
028103bd94df87b9b7bcfc91619f3662a52051985d190604c2a7f7bf452aea6a
04315554200d1da1135a22ffa5e07c21ca40f8cba46b70242bfd55f6d789f9ac
05330d5dbbd10cec9453324b880390cd8e7fb10810fcdc68c1df8d16fefe88c3
05f9940c3c3d96001b39ce8f1a1e5b93d1a0bbb87a46ca1300dbe23e170ddd42
07a170a7411835031a08ba9a8499c88b73eb0e9ca71729ad3bdcfce3c4332242
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0868aacf6285975b446b3e8dfc53cfc744eda42ec10ea833745dfcf87d1b3f88
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c9cfb4e8e5e13475dca14e1f088719724e6f4a116801ea8e8212eb13e84d442
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce
0e0848fdfc6210af48d9b25475f7cb73bb4c67dce8efb4b0445d9bf0061c2faf
0ea842ad92b2cb342a00d74293e6036981ec07854e082223080525efa9c88528
1086414057ff05666d945db49dda754960b8cb67d9ab53bbd69ad03cece67aea
10d81ddd95304488a44cf1c40f09ff60da92ac1b67056ec6a07719a61000330f
11e65367d121fdf873a914818c52c557697614867c769e54bd6a0b0b9929c2cf
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1bde658df6e7fc967fdfa663ef601083be84e4dfb80de29e5423d8d618bf790e
1d39e44c97654457b55157f95b65e8af14f655fdb5319159b8135780f7eee005
22720521128fa6c4c72b340f612e896df620e89fab597ad1a4063d4601a036d4
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
236ad1751a315730db4bd8c83d1e0091b9c8ad0adad9b3ce1e921cf332ae030f
28f403366c2c520bfff7d5a0883f1d53e1e87ba1c8202f3f29e6395a0b66806d
2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc
2aede64d1a69f513ce3a953630a3439a8a503aea839c8851ec8853de1f380e51
2d1e00ef1df6db817421f50095d5bf6e8c7a6b7fe50a73413cceb35c7e16f8ad
2e51f289e778c324e22a4b396cb38d00305cc483327e07fef2c152736de238cf
306ca53db6fc90ca7241d690f151bfc8db6b55c8f2de5d878a268fe6e7d3754a
30ea956b12ae502e529c24365e9422d2428b75595511de013abc64d79eb510e8
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
331f5de5931f1217c7c4ba45843880fe26986ecd3713377632730da9caa45a5b
3467033d37d162c3413db45a0d6c20529a17e7076167dd45f5d79d6c1f41aa93
359456fbc71667b68bbb79ff729e32cab72ba7e8d2a824b0f552511fc866af2a
382f6ecabc4c373befbec143fc9c00948621a1757282f43cd71a6af48ae3c414
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
398f4f5de3d8b611dff130d46f08c0601ddecc95f5605b21e272a5b99f9f1332
3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3dbbeaf54de486a9143afd90dd78305771ed82f5d6542d94a81c7f91b48a976f
3de920c1b1936d7ffb7ea434867bfd9c7d89482d1ae8d47216f46ec2191f0947
3dea1fc2bb42675be172a791fa9e294d2b50461d447d3b6d6979ad043f8f8edf
3fb3f4f18d94f4bcc3dbf87e16bd68982e85b46458a261f79c0e5c1852fd579e
40f4eeb522900a0a71228a17352f0bdce5e5180874f8610b4b2fd4cee57118e5
41b7f4ef86f2344e72da822fe79265700ff1bf3361450a02ab4397ff1a5eb040
42b5c1d5959b02f267904bac36729e8fad2d743f182e4189c3435c7e3749198c
43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74
44f6af983bb8ac6c2ad7932b4f2e34afe733e6b0249731bdee1eab73aaf547e7
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
470192ad7f33e79b358b78986ebcbcb62f74663dc24dc4d44b3230874cd1b3ea
476d8d8a5ee6c842a16e5ae6a58cec35ff7649729b77de0319644cdc128340eb
48782d29803eecb3f8ba7b55981a988258f8d1a9f19e67a08114548ce1ad8008
495beca2bdc18adfe4394c8048a0ea36681b8c4d6f023c624b387818c8a968cc
4ab711283498f751cac366ab6381c28fa812be449994a4fe9bfbf9744aff92cd
4accbcd793680c2ea0a65714771ef37d5eeb42bdaedba9882dd0d78eae09e00e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c1862cf4f7a0d00b0b56e97e6e7be2fb7fb82371cdae31692bf6b75584d86ee
4db9321c02e95969c5ca62f886c28c807bb82690c98adae0bbae3c1eadfed5fe
4dd7bb90334bb1abdce8d03082a82101e34777ee6260886f88e93989572617f9
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5645723759befb687a1be1dc493eb8a437fbe94778cad7962653bd7c317b59b8
5646855f0a13134e57aa75cac93947329df5094e02537442ff804ef03474fcc3
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5a4ee1824ce35ef5d06d6789e291072d107100260813022b373ac2d6fb8c40dd
5a670ebf8c45333dfbe0c9142945e348b6d56b7e3478ca0d596b6f891158836a
5b7efd6d37de2602371b70c8017f9a533b66246b64bcab1317f6333b6ee6392d
5caac0e33b4b8eefa079b6551c74609c59fe1dab4801dbd7a341b86528a77f8d
5e15c078d1ef8df08dbd077e55ee1569b5f0dba4e02fb73f9e3d7556149aa801
5f9376c77618bf0ef43bcabf8228c9e2befde3731087b944e140a88c34066873
5f9b158ffacaa6b3c5a93875860f8c072827f7f27dbc2d3226c0979e62599a9e
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
624be3bf55395ccdba7de5bed135b256b891ca3659b73a8c6559cfeff76b4eb4
657e6dbb6cf905fa06929854e64618f0aee6d1c08804cef18fc01507833c0c7d
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
65f22d8aa0690bd9cf8ffe5d68e5f6866b05ed8fc6f6c9083b996c1b3c4c75f4
66fe841ddd73f22a61f9a030cc9580fd3a09949ff768de77ded4f81448d2cf50
68fdd9e23adcf91b3570032b470a5f56b46148649d97da0b1e259a369276b3ab
695d34963031ace845727c8cd337fd8d3bda87cbf8085e489ee40aeab105eb90
6a32dad78ccf6285d00190b3be9af38fefed014e35bc1b14e86817435b5a6c64
6a647a0c3cdf71c5fa9d1d5485f78905cac9e6cc70d4dc09dd994f056a80461e
6ab64f3f845adcf026ec80f1d9bd3542dbe7cee6e06fffa390378b1078eee08f
6d35a9eb7cad90707e0c74a18ef480f06f714a8c5d022b9311648790bf8f2262
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
7342f390b12f636d14e25f698fc5e38cf6240994dc0c07fefbbb4e78ec4d03c7
7548256472bfd02ede86487078011a5318dd4da095bb2de68f28a0e830a2564f
76dfda93e21c353da8ba5be3ff2df8669ddbb0e23250cf2895bc9ffef61b2c5b
77a44f65bb6894c92e3c7ccab98de0fc357172221cc1dd45949ab938c0c7756a
789946bd8a00bf5f8bd567f5b0a5299913681b0f348f1e65d8394fcfae2b6030
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5
7a0a8bd137d9ddc1eaafad68e42ad3544b0a4e7df6f42f5d236c499de94180d5
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7cd372d99ce5dafed02870bb8d710d245aa305e356bb69818904360d16270691
7ef7020b6a27f36a0813a0c8c2cd4cfbeb525a8ce86fb992382e2a73979bd2be
7f2499f841c0f34815b415fca66c3fd53d1dec92110df016fd4459cf742ea57f
7fae98d4d69121fd70a693b6c6fdada43e57e0add1760d93c629870d9fc3fb59
7fe1a648e52d65ae165075793f9ab45bc14433e6bc24214e1fb890cc4923803a
81d104905898809cf555d82520bcd0611dbbe441f5798f63e2b5f634b365c0b9
831ff38da677066efd7cc309a7bc7489086997e2e4aee722196d1e42102737e9
858fbf83e99a035f695b945086df091d52657d5503f53215fc7dd2446e753926
863fd75928da215976eb773b7a5fa8a5b680ed4a2feede49c912fb41c50a99c1
874fc9ec44139a20e0d1be513a13b13fbe666cc256d2d677b791dbb8a2ac8720
88a15c899390516f013d4c84218b503f4385bac0c2a30996bb187610eb742a19
88f4f91456e939e0490e23296f48f6b39a9808c8ecc1f50b02144b5be4c2a5df
89f4e55e5cc8d9c62c22f4e2af50e340786991994c19d33d9753cc13d9410ac3
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e1d00770709c4f33c3a0acfa71398a5d4c87137134acbbbd86b33291057c939
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9d88352b286107f60c320c4c088f718c2a3a273818cd61901edb7f235a9339
9203eef2e7058d05a6f6c3f022d1b7c460bd0bce1bfa33dc52dfde9c3dc5e8e2
94e66b6aac93dbe2a6967c473aa7df238e0f3237f6a9f6eb104b2fe8d99890ea
96827d119793d3b1f43be25de0a51e3fb1d6000412725f6c16171a6be280cd38
98876031571d2de830fdaffdb73fb9f72546656d34b346ff7b580359a2b01879
9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb
99456b3711ac205efcbdbc08ae9dae0124aa6a94d0edf9701a80caa6fc38b5db
9a3783289b656f3bb1e6c0ce02906336b2e7131ef4f64c17f984dc1928c32628
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c8e7f047a78095f1dcb55dca5f44a187f49121b96d1b14b17edf0a564831139
9cf1eeb5939d8e09fe23cbbe84cea81338d57c26cf667390b5116cc937d7ac8a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a137b92fb0de67248f994cdf095d81f7cf2de4cc8c58b8215140bb9c2a2d8077
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a417e6287a5a856542f803e5179f6c7b76cf24d2624396cd88f32047662c9d77
a4d637a9c1768ab4d95142e39b9c69f5f55d48fbd35fce3ddfd7c8ced216c429
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a774f3af05035eeeb54900443b87b79950d50582c199c7d3859f242114f6c0e5
a81d25118c6f7d835e9ca132b995b8aca46e3575ee4ab2136ab96ac8d5e4688b
a829616c9d041b31d3480389fc5d38f9d7e4a836d8dec2606fe5f1d56461e370
a9ebc2469db29ab3edab311e7f0ca5e3c027881a2b6feb30c84636ecb102fa74
a9f959272120a8fe9fc940b8df6a07a9e6c79d9b72773d62878e82fcd1c51951
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
aba6041f1becadff83abfedddb95589247a601677eaea7e1979c4dc770b3a071
abb8827cb68d7c3f5c7a0368292737b203dbbb9ba874b15f7ac936ac5ce3c1bf
ac3c5479912462d1736e6ad9360aac31b7595247426cfcc0652b53452097b4cb
ac71e808efbc097128b986fcf6eefe862ce1114e4778618e83774160a58eef84
b0044d91b724bb429337d6dcd9d2332e855bc0b4452c1d3fc9beea9973017521
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b096099c35c814539ead6feb59d4b4ef4eb09be5b359596af2939b470a3db512
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1c4853f87ee676fa7610760cb0d33da5d53e1c011be7a34d9de03ec4b7b4f3c
b29b1817692148eb026c359732d2cc65c21a259050825754cecc42bc2f388ae0
b43835b36067f17f2cca398aa333c52cfd47f3c141d81a1c2af26868d6ffee71
b467032f1667c5c6639deaba6537cc84b48a99545a34070120a1f120a1b47c87
b519c652777c636add992fcfc14ff1360572af19ba11151ea78c17d3c44d153b
b66f89a4b746a43121522ce93c6614ab626b6fa1aed8c6857eb2e629d6bb43c8
b6af307e25c3ff6b4aa1bccc0e4514f7f887f0410e0a474c8b8768cf2214940e
b8383aefa10c185403f189b4aea05f4167e4e5efb7dcfd2193b7fc67bb574328
b9f0312e6b8299e97a3a68365e4a20a1fdaf8fd6245bbf5081e79788a5969c58
bc4951d8d2bd782e48d91ff43816e52a1749db33df0d35c98626d6278a82d1d6
bc7e38eeb9ad8134272c19594b02722fd1d7ea39854d4fdc5a5f2cfcc050a796
bd7a1c0837764d97008df34fde45b62a6f0195dc3a4b68101565eb3c9fc431e6
bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309
be1825e52a0dc7df04df9322f62abe2a2f2a25d98aac186de0140dfc7f6bdcae
be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e
c0bdf17616abb8f807e48430492db1e6975bfa3b273bc184b6e06da3fa33e3e8
c342c53676dad7012ed7d53b8c658542fcd2557cd04a42e4b4aa0d973f6d83aa
c57d2be5f0f65ada562a5566604b2cc546ff958a61a20031582e2364d58ec092
c746ca687b3e79023240e45eb684f036fd9a1312b454758a6018b3ece635dafb
c8400466ff98ad8afa7e14a7863a5764d334b1482e86744b2c3d7e46569844d7
c8a951714d99bacc94f043465e2f60c97b83686c37035d4522aa6c51ba003ba9
c932b035051f092ce711f18131794928fa674b91f4292c11deffa7b733af2fae
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
cb104f899d6c039d8f171fce2121b7d44a60b4beea95d77e0ef4b2fd292186be
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
ccc291db38afc31c01ee7cea2f23d396deff81e172a6285faa672cca41e6e86a
ccebb3668d65d3268223556ecdbe14e98305dd0abeffe6308c75e7fb21188fc5
ccf88565831ef00f60fca35716fd9fb895c4b43d61fa8913cde4e40ffe502114
cd7d08ed95043274869b994dbbd273c438f84bc72ed33c4405f270437d18b4c3
ce67d1dc40dc6a780bc4eb446e0e33d6de7686a21ee9fe1bf766c29443bd03da
ce867fb97439e887ed523630ff205dbe5159c013238f7d60706680178f64fda9
d317afe3bd41a42fa95ab022cee15717cfb12f75a63459a0b9aa90f611aecb8c
d4e2573fb08e0da93cae34ca6717d319d1c16386006bf6245a9c0e213149da38
d5afe6c33d091af7c18129d4a4e0b04e1e788bca54ab3444c83a7ed5c808f4fe
d681a059ec0bc7044b46a6c514b96997e28b00b466767cb232cd7910cb3d3ffa
d762eda914152a5a0a38c18b8ee098a44f0135571ce94bb9de34f5c860981ca9
d7fc3e93277973a620126d674f6d37fe6fe78b59dd39db073145947b76cad9bf
d9e196b7da840d57fc7a6b693daa2cbb3364da5d96464dec52a83b9f4cce166d
dbb3d4180894950a45ea0ef183c33262ad123164aba2a83325d9d9d48ced57e7
dcccb2680f053e97760df92d73620611629aba41492d27f770828f780d84b302
df0d6388a427c5486152d297fcdf88e53b2af09729382be8d7cfcb258fe625de
e0d152aa7ac9377aa22394a39e5bde8eb5d5f94bf4cae9dec414fbc4c388d2e4
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e108a555a2faabb0cb7d550331b4efb35094db1e295131c5411c10849edafa9c
e21f21ceee588a5075937d9c86ce41c2035489f6a33e612332919f001f506e43
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a708967f4d81badd3b291f53dd67077e2ac0c6921c7f9a9ea92a7acd72b661
e7aff8c7c9d5cfc40e11a0f6634d8e17a1e86b9048aa0b885eb4ec690581091f
e805daad736c81d30a75267cb1e27b97b2e508ac410334305946935940dba584
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
e8db5084ffdb049ecc8d67bd45dc90e457d845470be67c0036f5c7b47dfaec48
e8f86ced4bf118125af6d06cda5c251b474bf497c69b807fd01fdf141a34a470
e9eea5fc9c25bb85d1a7680341abf2e439f379b259375266bc51a8facd443a16
ea3a3424497eb1c906f646385dcfe1f9465edd6f5428dc3240063cfccaaf7fa5
eade078bf4a83a42256ac775df70dd4b90cc16a378367ebe2be8439404396cbf
eb4a62911a0f12ac0b9e75dbd65bdad3a27f4ca26de8fdcc5e4d5b33b658bc13
ecbbe6a38d7de94945510e533f730c8104b3955b9782a29392873b2521b57f1c
ed11ba9b3b2f532099cfd54e432be8d22a40a5f55802b2cab85c4052e21c8d66
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef58b7ef932798e6be346eb33fc2de9943e48b950f8cd130192321e7c824e705
efa2e58d3a62f36ff87ac37759dd995007ef91c767d0f250a6dbea1cb924cda4
f009783abd06f5969af2f4320808c4c8ea7aa1ca8a9b39fd623529b0560514ec
f19e80109c6b75e5a71833046247e1c120e9503028def5e62983bc8f97cde6ae
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3e5861d58be1ac4e11d97f069884c0d40eca9e7fe8402b30205e471afc3cd96
f56ba1e3bfedd748399b2ba1364a2fe9e401ebbc597d4094eeaa29aea5b3f30d
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f863be111b2d42870de932ccf1f93851be761a81494c2cdecc5d5c48b06286f1
f987b1fd6fd33a1b1c5799dbdf68f2f34e791934800cb5e57ff4bb7641e25ed9

www.belajarmakeup.com Open in urlscan Pro 136.243.56.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

378 Requests

91 %HTTPS

43 %IPv6

51 Domains

82 Subdomains

64 IPs

11 Countries

18243 kBTransfer

22643 kBSize

29 Cookies

17 Outgoing links

Redirected requests

378 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 26 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.belajarmakeup.com Open in urlscan Pro
136.243.56.135 Public Scan

Screenshot
Live screenshot

Full Image

378
Requests

91 %
HTTPS

43 %
IPv6

51
Domains

82
Subdomains

64
IPs

11
Countries

18243 kB
Transfer

22643 kB
Size

29
Cookies

378 HTTP transactions
26 data transactions