lookbook.nu Open in urlscan Pro
2606:4700:3034::6815:48a4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://app.lookbook.nu/brushtip
Effective URL:
https://lookbook.nu/brushtip
Submission: On September 26 via manual (September 26th 2022, 12:11:49 pm UTC) from IN — Scanned from DE

Summary HTTP 117 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 33 IPs in 5 countries across 20 domains to perform 117 HTTP transactions. The main IP is 2606:4700:3034::6815:48a4, located in United States and belongs to CLOUDFLARENET, US. The main domain is lookbook.nu. The Cisco Umbrella rank of the primary domain is 323791.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 28th 2021. Valid for: a year.

This is the only time lookbook.nu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	2606:4700:303... 2606:4700:3034::6815:48a4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	2606:4700:20:... 2606:4700:20::681a:112	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
3	108.138.4.10 108.138.4.10	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:3800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	13.32.121.17 13.32.121.17	16509 (AMAZON-02) (AMAZON-02)
1	108.138.4.150 108.138.4.150	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:400d:80c::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0d::9d	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223d:2000:11:615:7240:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3031::ac43:9926	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:400d:80a::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 6	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
7	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:223... 2600:9000:223c:da00:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
4	178.250.2.135 178.250.2.135	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 4	142.250.185.134 142.250.185.134	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80c::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
117	33

3 2606:4700:3034::6815:48a4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

app.lookbook.nu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lookbook.nu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700:20::681a:112 (United States)

ASN13335 (CLOUDFLARENET, US)

lbstatic.nu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wasabi-files.lbstatic.nu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States)

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.4.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-4-10.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:3800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-17.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.4.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-4-150.fra56.r.cloudfront.net

aax-dtb-cf.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223d:2000:11:615:7240:93a1 (United States)

ASN16509 (AMAZON-02, US)

pxl.qccerttest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3031::ac43:9926 (United States)

ASN13335 (CLOUDFLARENET, US)

lookbook.nu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:400d:80a::2001 (Ireland)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:da00:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.134 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80c::2006 (Ireland)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	googlesyndication.com 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 105 tpc.googlesyndication.com — Cisco Umbrella Rank: 142	309 KB
20	lbstatic.nu lbstatic.nu — Cisco Umbrella Rank: 671882 wasabi-files.lbstatic.nu — Cisco Umbrella Rank: 840116	1018 KB
16	doubleclick.net 2 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 180 stats.g.doubleclick.net — Cisco Umbrella Rank: 79 ad.doubleclick.net — Cisco Umbrella Rank: 178 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41	194 KB
13	criteo.net static.criteo.net — Cisco Umbrella Rank: 673 pix.eu.criteo.net — Cisco Umbrella Rank: 8383 csm.eu.criteo.net — Cisco Umbrella Rank: 8385	33 KB
7	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 75 www.google.com — Cisco Umbrella Rank: 2	2 KB
5	lookbook.nu 1 redirects app.lookbook.nu — Cisco Umbrella Rank: 829164 lookbook.nu — Cisco Umbrella Rank: 323791	33 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 275 aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 6415	47 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 190	158 KB
3	criteo.com rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 12695 ads.eu.criteo.com — Cisco Umbrella Rank: 8147 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 10454	50 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 271	79 KB
2	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 153	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	89 KB
2	quantserve.com edge.quantserve.com — Cisco Umbrella Rank: 14789 pixel.quantserve.com — Cisco Umbrella Rank: 423	11 KB
1	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1495	752 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 9081	792 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 113
1	qccerttest.com pxl.qccerttest.com — Cisco Umbrella Rank: 983	550 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 846	685 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 293	33 KB
117	20

	Domain	Requested by
22	tpc.googlesyndication.com	securepubads.g.doubleclick.net 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com tpc.googlesyndication.com lookbook.nu
17	lbstatic.nu	lookbook.nu lbstatic.nu
8	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	static.criteo.net	ads.eu.criteo.com
7	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net lookbook.nu
6	www.google.com	2 redirects 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com tpc.googlesyndication.com
4	googleads.g.doubleclick.net	6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
4	ad.doubleclick.net	2 redirects 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
4	pix.eu.criteo.net	ads.eu.criteo.com
4	6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	www.googletagservices.com	lookbook.nu 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
4	lookbook.nu	lookbook.nu
3	c.amazon-adsystem.com	lookbook.nu c.amazon-adsystem.com
3	wasabi-files.lbstatic.nu	lookbook.nu
2	s0.2mdn.net	tpc.googlesyndication.com
2	csm.eu.criteo.net	ads.eu.criteo.com
2	sb.scorecardresearch.com	lookbook.nu
2	www.google-analytics.com	lookbook.nu
2	connect.facebook.net	lookbook.nu connect.facebook.net
1	secure-gl.imrworldwide.com	ads.eu.criteo.com
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
1	rtb.nl.eu.criteo.com	lookbook.nu
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.facebook.com	connect.facebook.net
1	pixel.quantserve.com	lookbook.nu
1	pxl.qccerttest.com	lookbook.nu
1	stats.g.doubleclick.net	www.google-analytics.com
1	aax-dtb-cf.amazon-adsystem.com	c.amazon-adsystem.com
1	rules.quantcount.com	edge.quantserve.com
1	edge.quantserve.com	lookbook.nu
1	ajax.googleapis.com	lookbook.nu
1	app.lookbook.nu	1 redirects
117	34

This site contains links to these domains. Also see Links.

Domain
watercolorpencil.wordpress.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-10-28` - `2022-10-27`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-07-05` - `2022-10-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon	`2022-06-15` - `2023-06-15`	a year	crt.sh
qccerttest.com Amazon	`2022-04-04` - `2023-05-03`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-02` - `2022-11-01`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-03` - `2022-11-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-01` - `2022-11-30`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-21` - `2022-11-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://lookbook.nu/brushtip
Frame ID: C190A5CF02C5894F9D6A968A32732D5E
Requests: 48 HTTP requests in this frame

Frame: https://lookbook.nu/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1664193600
Frame ID: 5DB10E8A71859ACCE2B2B428712A420F
Requests: 3 HTTP requests in this frame

Frame: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 67D773AECC1878F1716105F0276D1CBD
Requests: 1 HTTP requests in this frame

Frame: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E622003A1B3803E38750CAF29959638D
Requests: 10 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YzGXAAAD_WwIu-cXAAtH9tgWaozvz0LTc0RkpA&u=%7CKeEPnlMCqVGEXJTcTVI6LRCiHUBJYtHHlQb7h8ptH1Q%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srE7f174gicdGkk4lLKrDrp-XsO9ayBZtOKsXUQlD2NjW1W9UsVdHgZEtvealSVp-wBjcWPovlmMMgRBHtt5QYGvI4Bm06Lrp_B3YfdtmTEFi7SJxrOpEvhVSsx-BMUZ8YLQ0K42cUqXGuv8COXoj8GeCBeXNGjh_O7u1M-LUF51flPAXkIx_JPr3Mb4NxRaQJnun6GVhtGvIsl0gSF-j86FKuoLFYAL5rgp3QLCKw0cc--eBJaixnnfg68x4u4Lz8JUI2hmfLLFuoobq-Q8Qwr5AUM31769JUucAowXddQY3-mCHtkCKBlJMdPi-L2ienkyhnCH3z7MUqL5JRoWIZZhqgASvODd1tQ94AtAEh061lKHxS34oP89RJE-Z-z7XFY043CBXARKo1PsWUzieRBAstWmE0HYpZi6Q2bJnIcxGDp0mvAnIxzPPQU06-YpaGMQI_VAjrQ20_v4zpm2XyuUm-LlbvSgmYNogOWA-zlZoDoQHtpqonSAi1lg3ZsxqvIyZ6jeqX83vH-YmSXvq3d0X6tPgt1RZVxR-qjkBha_vRbBA2bU-bytV45SMI2l0g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjxF0AJcxY-z6D5fO7_UP9o-tyA3JntKxXNWdkfdwwI23ARABIABglYKAgLAHggEXY2EtcHViLTA3OTA4OTQxNDg0NTE3ODWgAdW20uoDyAEJqQIEhvLbJCewPuACAKgDAaoE4QFP0N7zfIcIn6KFzi-D9zLOcXlLQ9hfUpN1rue-K7Z72ReCBdGMJHYHD1E8CJsKM1h_w6lvvR9PtfoDII5k5R9K4ghCZhSZsTWHQLJ2Qe5EOfpjsNMmAZIjNxJnE24ViLsdf9o1Wvh8kTVbvhHEEhLPBfXcLuH6sCgHk6sx-CoCdo18j4x-Y2AMVQgqrOdFi3_RAdWhykiyztAc4aiQYchNvnY_2zL0BXcsQjotigRaKJo45imV7QdE-Xko6f6HVNn5s_5aaYpMWHJM0_sKNn8EaJhdkCFuZ4SERPNilBxbEzngBAGABsfNz5jfnu2p-QGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggQCIjhgBAQATIDqoIBOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0RIdV4TC8Iim49VxEWVfviVhh4lQ%26client%3Dca-pub-0790894148451785%26adurl%3D
Frame ID: 378ADE281D91223E6C6A7C668F0AD159
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9C01FB8B3CE9A193C5AB0DD67309EA97
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 240822623EEEBEEDCD27BDB88D76AC87
Requests: 2 HTTP requests in this frame

Frame: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BAD374DE192E412EA2D82D2F90A29C2F
Requests: 10 HTTP requests in this frame

Frame: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 25A2E078EA8B11E4E22F4B4A410FBF6A
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html
Frame ID: 4EF1A111A00003149FE5FE49069E25E9
Requests: 22 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html
Frame ID: 8A3396F8FE260A8E57E0A01E0A1BC7C6
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F052F0535A11033D69B71464026D1CC5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E9071DD51B180856E087FDAC920E9EED
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Brush Tip (@brushtip) | Lookbook

Page URL History Show full URLs

https://app.lookbook.nu/brushtip HTTP 302
https://lookbook.nu/brushtip Page URL

Detected technologies

Stimulus (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-controller

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

117
Requests

98 %
HTTPS

78 %
IPv6

20
Domains

34
Subdomains

33
IPs

5
Countries

2079 kB
Transfer

4985 kB
Size

15
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://watercolorpencil.wordpress.com/
Title: watercolorpencil.wordpress.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://app.lookbook.nu/brushtip HTTP 302
https://lookbook.nu/brushtip Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82

https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_trk_aid=537600811;dc_trk_cid=177787622;ord=3303278328;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_pre=CLnpn_O2svoCFY7ddwodz60NXw;dc_trk_aid=537600811;dc_trk_cid=177787622;ord=3303278328;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 86

https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_trk_aid=537600811;dc_trk_cid=178141746;ord=2976086892;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_pre=CJ3rn_O2svoCFTfKuwgdvQIHSg;dc_trk_aid=537600811;dc_trk_cid=178141746;ord=2976086892;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 110

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 111

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

117 HTTP transactions
33 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request brushtip Show response
lookbook.nu/
Redirect Chain

https://app.lookbook.nu/brushtip
https://lookbook.nu/brushtip

31 KB
10 KB

46ms
36ms

Document
text/html

2606:4700:3034::6815:48a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:48a4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b8fddb840a11acd7d184ef5612e0c13eedfcd5895a6fd772cef42806676bd88

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 7169
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=14400, must-revalidate
cf-cache-status: HIT
cf-ray: 750be75b7c5590d6-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 26 Sep 2022 12:11:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ArUCAJhbKvwXB9WjcpxagWZf27oLJvMoziKkSYytfhnbGywtUJvKROLV4OSZzRFvJQt%2BMp6aDiH1sxUipN9t%2BwXPEGj6dEmrrim9B9mIhBHNDj5tL85eqmfTSjR5%2BaN5HmE0FzK7%2B2VoiA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding Accept-Encoding
x-rack-cache: miss
x-request-id: abfd836eb52fca21f073d046b9b3b1cd
x-runtime: 0.075577
x-ua-compatible: IE=Edge,chrome=1

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 750be757bd8090d6-FRA
content-type: text/html; charset=utf-8
date: Mon, 26 Sep 2022 12:11:43 GMT
location: https://lookbook.nu/brushtip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C8A%2B645KLk6fZHJY2ZXz5UKjHh35aPPNcrodAz2vATkHamRUgtr7LEN6cgsQIK6DPh6hwG2LpZL93JE2m2XGUmRTDBgOx49SIlph7%2F8NZMQiCpzwqX7yAJok5ejXBwIT67emOmeAUTYXHUSfOMM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-rack-cache: miss
x-request-id: 237c36c16734a34e52c39c7aec1a4e01
x-runtime: 0.028847
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 application-e4fe603c2b70ce160ad7d335edb27021.css
lbstatic.nu/assets/ 575 KB
77 KB 92ms
38ms Stylesheet
text/css 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9aab9a81ed9cdb217eefe585e153cc2f64ea8792d5adf9060538a9b0b44ce4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 5065
etag: W/"628c3598-8fa63"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gSC6FiUYeFHW6qrYWijciAwSvCcxj%2Fac0fsRd7o6J81PKf5xeN0JQBLhKR7MJ1mS%2FFWQg%2F1cXuZjmOoQ%2BQN9i%2FLmL2jupvkdnoDtvM2OXTFip7wopBI2p%2FW5Ga5q22M3nAh0LesaWri8"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750be75c19babb55-FRA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ 94 KB
33 KB 75ms
22ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 08:42:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12582
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33434
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Sep 2023 08:42:01 GMT

GET
H2 200 application-7b818775488356777838903bd9f8728f.js Show response
lbstatic.nu/assets/ 556 KB
158 KB 110ms
57ms Script
application/javascript 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/application-7b818775488356777838903bd9f8728f.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd4bc601b2d6cdd261ca5f70037aaefd1766fee638771a12fb8aeb1854e3d76b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 5065
etag: W/"628c3598-8b177"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XvTo7ftSs2tdl0bAHsZiPjZdhqIqG8rLirGpxIJRLvfKwvFfoC4PuJWusTRgKZFcll2YwwXn%2BBYddKiM9T8dg5j%2B5gKTOxevBJqVIqw4rDd5uk%2FaTBWsvmK%2BQmmVsdnVyeuwTjyhv%2B%2BQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750be75c19bcbb55-FRA

GET
H2 200 application-d09c4e65376710846df00b38a9418a27.js Show response
lbstatic.nu/assets/moo/ 91 KB
25 KB 83ms
31ms Script
application/javascript 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/moo/application-d09c4e65376710846df00b38a9418a27.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 553678e59fceeacafd5154462c78076454ba407aa61ad43bb7d3537f7145998a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 7169
etag: W/"628c3598-16a8e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uwV0fhkz1WT3Ak8%2BIh80djCOSN00TjMYHdueKGLj8Lr9JH6bypztSDurVbYX7UEcN97pygDeIYUDR5Qib93pHSHWSLrP%2BLsfttgyG8BNOv3tlYJTubE%2FmcJEPFD9mxA1KmS00C3b19dB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750be75c19bdbb55-FRA

GET
H2 200 prox-new-6f58470807ac660d8f50fe544c823bba.png
lbstatic.nu/assets/logos/ 953 B
1 KB 34ms
34ms Image
image/png 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/logos/prox-new-6f58470807ac660d8f50fe544c823bba.png
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1852ec5957212ab1ddc679453216178799dd25a2c75985a885e7d467328795e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 6230
etag: "628c3598-3b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6ZWu6ZRZEF%2F0d%2BOZ2CyDXR1m%2B8g1aKNYZHFfYjcGe1UXSRy5VQy%2FfPlFBDmOJD1DRNocQWLeaUPbH6v7GfUF4EgtW8do2xteJv8LpnKj3TTk3DK7ffWtxY8BO7ImhJvQNo4AGv%2F54w2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 750be75caad4bb55-FRA
content-length: 953

GET
H2 200 more-0b061e84918c4f68f8a0aad60ae58625.png
lbstatic.nu/assets/header/icons/ 19 KB
20 KB 46ms
43ms Image
image/png 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/header/icons/more-0b061e84918c4f68f8a0aad60ae58625.png
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b0df5acd41c11fc146d64795aa729d99370a98109ce1e441db4ac0b7f69d025

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 5065
etag: "628c3598-4cce"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gv67Q6o5wX558RcpbJpLzMNq5lUGPz%2Bd0SoN7kMOkxTNoU1GjcHzHUAkxPe4PVpzsewQZaPKVUDrsSkoOVuw3T%2FgJQgu2KG5vrHOvV94T4DrH%2BfiyfPUKvHrXUJh5mCnb4qrsi%2FJK9Lg"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 750be75ceb3abb55-FRA
content-length: 19662

GET
H2 200 agnija-grigule-2f74ada3538a714bdbd2350af98e0774.jpg
lbstatic.nu/assets/cover-photos/ 302 KB
302 KB 40ms
37ms Image
image/jpeg 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/cover-photos/agnija-grigule-2f74ada3538a714bdbd2350af98e0774.jpg
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ecd897fcbf30e018adca739ce3029844651a6e80b4a62e4d63098ad2f571159

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4274
content-length: 309051
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
etag: "628c3598-4b73b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9PFWYicQsfpYfWkMWF0ww7dnM5uGKbbDZBlFLSRNPElSZ5KDF26WOUoJhO%2FdKbrQ8v1gw3pO9kMoX3FjPcKLFOcRjfQb9j%2BmknK7WAsw0aRaVsVLlpqluCYMnqY8nNftDGYSG6pwXZr0"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 750be75ceb4abb55-FRA
cf-bgj: h2pri

GET
H2 200 guy.gif
lbstatic.nu/assets/ 580 B
889 B 46ms
43ms Image
image/gif 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/guy.gif
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d7600604cb30e42b1511c91d29c886de204d3f46d8c265b9c35b0960ccf8195

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 1875
etag: "628c3598-244"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TfJ75gtTHc0z%2BWujgu2FPt%2FVmk0IuaW4Cgm6TpReoSNBl4KBrJyrzHR%2F%2FT3HKFSPDeHp3nWGv65OQn%2Foa%2FujdgaNa12Ls%2BDudBuOrZOT9im8beJ9wcwIwYQhOtZtkHEcmIk3p2turMqA"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 750be75ceb4dbb55-FRA
content-length: 580

GET
H2 200 ajax-loader-big-0d4c0c710c24223145d172f44db328d0.gif
lbstatic.nu/assets/ 3 KB
3 KB 36ms
33ms Image
image/gif 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/ajax-loader-big-0d4c0c710c24223145d172f44db328d0.gif
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 1876
etag: "628c3598-a30"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Whx%2Bwb1Q0XexUw1hpL1r9mihEglh8%2Bmi9WCj6JrTWrc0RJUH4kyhXLh67gtQEq1TE1VFK36TkBxc6nwnA9GIAKNuw4pOdSNyVmIlDoLpNAtjlwVbM5OpQfyOk2Fr7NyOfkAl9KyswBq"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 750be75ceb4ebb55-FRA
content-length: 2608

GET
H2 200 ajax-loader-fb-4fbe973b96349c727a1d97957527acc3.gif
lbstatic.nu/assets/ 723 B
1 KB 37ms
34ms Image
image/gif 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/ajax-loader-fb-4fbe973b96349c727a1d97957527acc3.gif
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1cf81bef2ea82eaa43265a5ff786b7cd74e7d5f4f2de104b586f092ca0fb886

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 4273
etag: "628c3598-2d3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nlflpJY4V1N7v9XqZmMFgO%2FTG3TryebW%2FUV7y6AUSLpbme167vl6ThdJWR09O%2BlVCZoXnGd3q%2BDiOfih94RODvbGbZJRBH6k2%2Fhz9KoXLyLWntjSMg8refx%2F2zaZ63v7b9rO%2FQtpX04G"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 750be75ceb51bb55-FRA
content-length: 723

GET
H2 200 5211302_image.jpg
wasabi-files.lbstatic.nu/files/users/small/ 6 KB
7 KB 45ms
35ms Image
image/jpeg 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wasabi-files.lbstatic.nu/files/users/small/5211302_image.jpg?1658722423
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2579fb4bf15b68eba12f5bfc6cb49425a7a4d1c4995bebe6530b75d4d0924483

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 559784
cf-ray: 750be75cfb5ebb55-FRA
content-length: 6175
x-amz-id-2: LV0zVMdN/Ux7C5iBueumdEQxsnUaTslrgEw/lTkvHdPR7Vs6vkbFdW6MTn8DTpH0U/LD6AlJ89D6
last-modified: Mon, 25 Jul 2022 05:06:50 GMT
server: cloudflare
etag: "7984858f8dbe0e2667af06c5a1d4d718"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMMXu2aaL%2FFwf46ilLK%2BeY1sEv6mydZuLLoBqFltnBiGHv%2BSThcTbxeCz5LfoylqxmOYdlS9nRaecajPysey9mT8ZfLdo8WpBy5QXlWcUlQcgSJx2sNx7V6Mq2xAXVZc0a%2F9FVqug3iYhgtnzaVe3cEklKJbNw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 67EDFC1253BC6B90
cache-control: max-age=1382400
x-amz-version-id: 001658725609536120316-hl25Iwz1Mk
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H2 200 5914565_image.jpg
wasabi-files.lbstatic.nu/files/users/small/ 4 KB
5 KB 51ms
40ms Image
image/jpeg 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wasabi-files.lbstatic.nu/files/users/small/5914565_image.jpg?1656910946
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c57420d89de92fca086ef932b37c93b7d88fa19ec2a56870baa6e0e4336a58e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 589920
cf-ray: 750be75cfb61bb55-FRA
content-length: 4150
x-amz-id-2: CmKwWYdmhSf9li/hGjvOZLQKQZCuf2QZdXl72r32F9uGb5E9W5e74QC9WLp8jBP0m2E9cAq4Ruz3
last-modified: Mon, 25 Jul 2022 05:01:39 GMT
server: cloudflare
etag: "6cafd64690d899a102cb485974526bea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wH7dxVxoAEqnTkkdZxYMKcee%2Fv%2FTTfzZj7N7YfAPKS71tgPh%2BEx4nAFG32FPDATrE%2BX9DWWRxr1trRMUKrowPaO5lXwsVqmtAJQiIJ6LPc7BZNrRY4k%2BkJjd8W0utqAglUywgWtiY2s1NOpKqyzJzsCJuhsoIw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 69491A12280FFEB2
cache-control: max-age=1382400
x-amz-version-id: 001658725299025820138-U977rk0cX0
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H2 200 5729247_image.jpg
wasabi-files.lbstatic.nu/files/users/small/ 3 KB
3 KB 45ms
35ms Image
image/jpeg 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wasabi-files.lbstatic.nu/files/users/small/5729247_image.jpg?1556689270
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e6d52cda07540ae13ea2ba6fdf52ab1bd57530880afd1815e8845f041966067

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 562575
cf-ray: 750be75cfb5bbb55-FRA
content-length: 2912
x-amz-id-2: 2NbSZPKzipg5heg8zmqYN8FMUmK/KCHHR7hJmXOCDSmGM3hEZsFdb8kmMM7pd+Xczx3lcQRUhNra
last-modified: Mon, 24 Aug 2020 13:02:12 GMT
server: cloudflare
etag: "344be71b97008c6959a5edbf49ccb08c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wQrBGX2M2WMkk1XmVsK94igzHnd1GyQVAm1CyAJ2Y52azLtGlTT3TZZmFsPfjFl%2Bxlu0P0EOY1x56wVGwBGM3Zp1Dk9C694tmfIpR0bFt%2Fnhu5x%2B8JYBUBONWloBTUoJAEAfxJ6DtagQPVkPJWmiG2m6jN9tw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: CEBDE5489AF38980
cache-control: max-age=1382400
x-amz-version-id: 001598274131855475062-etLEFSyPAT
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H2 200 arrow-up-white-5b97dd7bb071edf6b965bf452cda9fc2.svg
lbstatic.nu/assets/icons/ 686 B
738 B 36ms
34ms Image
image/svg+xml 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/icons/arrow-up-white-5b97dd7bb071edf6b965bf452cda9fc2.svg
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c53cb61e2947d208c306c8680d407115d7663d1920ef125ecdb1ffa417f22fcc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 5065
etag: W/"628c3598-2ae"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d0a4wlR0bRUdT70UOEK2rH6Dzb1cszkekfvyTQSnM380LCizpE6y4EUXGfBZVgtxh%2F%2Fj%2F%2FYYG1jLzFKN1GV3vkY5xgBUX%2FTU2xwsTjNc0kBWMaEUqoqpD5jaOxVRXKZQBzGGVY6r1Z%2FY"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750be75ceb52bb55-FRA

GET
H2 200 quant.js Show response
edge.quantserve.com/ 26 KB
10 KB 80ms
20ms Script
application/javascript 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.quantserve.com/quant.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 34686cba28b7d374710a0b8204ae2cbce77ced594bcac71bef4f5260a8d99745

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: gzip
etag: "eN3sxSgaav0x5wHLxGB1gQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Mon, 03 Oct 2022 12:11:43 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
28 KB 82ms
31ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fec775e0d2f31c6bea40fbfb57583f6c9b753757aaca891717fdc89ce0dcaf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27851
x-xss-protection: 0
server: sffe
etag: "1345 / 826 of 1000 / last-modified: 1664190364"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 26 Sep 2022 12:11:43 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 167 KB
43 KB 81ms
25ms Script
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d420ee64cb607d68e208a3105b39934807ed2e4d43ced2542f7b6b0cd153ca43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 26 Sep 2022 11:14:03 GMT
via: 1.1 8eee0c5143f92bd7600d25e3dc25ce5e.cloudfront.net (CloudFront), 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
last-modified: Thu, 15 Sep 2022 20:15:35 GMT
server: AmazonS3
age: 3461
etag: W/"da0e8e1151d3ebb7a34f07d19a6e05d0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA56-P6
content-encoding: gzip
x-amz-cf-id: Km2TzYMjRELw1xc1dThR6CHwCSZkXvhrzUT4Lp1jg_OEGbZ-BtaF1g==

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 64ms
21ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6c5d18d8779f46855f68988de4e2b10846cac19228c4a28e500a942ede974fdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: vt8zBSlYc/b5yWyhFQaZhg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: V4ECR6Deigw32OSpjvql71w8mhDKZFItZz6+/694MjGgejt7+AjBKFBlLyXQLtCqKAcMj3GYh6km4YSi4gTRsw==
x-fb-trip-id: 917726464
x-fb-content-md5: 2b9a251437d827751dfd1139848a191a
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 26 Sep 2022 12:11:43 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "8860515c3b15c0dfb14f346a4e562a8f"
timing-allow-origin: *
expires: Mon, 26 Sep 2022 12:24:36 GMT

GET
H2 200 ProximaNova-Regular.woff
lbstatic.nu/assets/ 85 KB
86 KB 93ms
49ms Font
application/font-woff 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/ProximaNova-Regular.woff
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99f73ec26d9716363ea8ea73560d10f91d63cf18e32103bcead35559ba1ac361

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 6331
etag: W/"628c3598-155b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d26%2F%2Fp9iN7CDKDF2Jo%2FDgEoCck22pg1kMEkA49arzAX8zQa3X01c7t%2FfkGcz72CuCglE%2FsnPkqdl1DR9FAyRj0uZ0%2FjdKlOcstH2p2jbGciSo%2BZJk8OGchW3bCRXcz0HecNwO%2BMBF8K%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750be75d2f365c9e-FRA

GET
H2 200 ProximaNova-Bold.woff
lbstatic.nu/assets/ 76 KB
76 KB 73ms
29ms Font
application/font-woff 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/ProximaNova-Bold.woff
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cfab6a75576c6827a6d5dd7f823e993678ee3161fed858ca4bb51ae8ce96677

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 6331
etag: W/"628c3598-12e63"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmh48PB%2FYw2w7HLSBMkSi6s70JXX9MLLTS9RudykBooEPw5ZPP3JQM6YJ69fmyuwgbXJRZx8BsPqsUoPS7Zsr81kmP9yI7dDHTWtjIGH0LMHPb0f2tYbF8fXWV7V8wdJrRh0DXXzB%2FLk"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750be75d2f3c5c9e-FRA

GET
H2 200 ProximaNova-Semibold.woff
lbstatic.nu/assets/ 80 KB
80 KB 103ms
61ms Font
application/font-woff 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/ProximaNova-Semibold.woff
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 299920669c7ec8c0add3c58f21eea89871a531545df0b8d70c46db2f44ff4cc4

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 6330
etag: W/"628c3598-13e7b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hztR%2BnZOl%2FI9sP628NLIpQ6i%2FY8G7rSvgLl86nZkV23Y1bPq1JSJAlrDXiVUiUi6th0p6JTldRB6gzq6t3nJIZTpcnbNOUp65INNGdK9MgjJUUdaP8hdrRIf4n3G0d2cYDuT4nAwzRB9"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750be75d2f3f5c9e-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 69ms
19ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
server: Golfe2
age: 3345
date: Mon, 26 Sep 2022 11:15:58 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19826
expires: Mon, 26 Sep 2022 13:15:58 GMT

GET
H2 200 rules-p-15_abpQY22gxg.js Show response
rules.quantcount.com/ 209 B
685 B 95ms
21ms Script
application/javascript 2600:9000:223c:3800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-15_abpQY22gxg.js
Requested by: Host: edge.quantserve.com
URL: https://edge.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:3800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f18603569ccd052775409baed22faf7d0577c3577e812822e1d31f580545fefa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:45:13 GMT
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
age: 1591
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 209
last-modified: Mon, 22 Aug 2022 14:06:41 GMT
server: AmazonS3
etag: "a952b857d73c8d9ec8c074944566310f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
x-amz-cf-id: 7bhWYg8ZvEKDfNX5xeZ9S5JouKXLES5LHYB-1mrgFryBjjSFznrxFw==

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 77ms
22ms Script
application/javascript 13.32.121.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-17.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 03:52:27 GMT
content-encoding: gzip
etag: W/"eaf85c1c6758e84acfe134efd70e9373"
last-modified: Tue, 28 Jun 2022 13:19:23 GMT
server: AmazonS3
age: 29957
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: HIuUo9DSHcnm9tVhQTkdi01tG0px3UuKalycRVg5iyLADf5XryAuZw==

GET
H2 200 new_sprite.png
lbstatic.nu/assets/ 26 KB
26 KB 28ms
27ms Image
image/png 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/new_sprite.png?cb=9
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fca1fb4990a3abf9e6bba05433ed88ac85bfc8471a273c9c306a7685ace89d26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 3385
etag: "628c3598-6771"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kIFu2x45DRzWRSQX6qH5YgJ%2BEEUENvqAz68eZN407lo0d%2B5nPW9h1AQuboe6RAuWPc%2BMMjkitgqjdCrrRkx4M0OPsLZvfBBdjdUuuooxXrXvVgUyEduR5UUNfA7eWDzuIaqUKh9kj8Js"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 750be75d3bd9bb55-FRA
content-length: 26481

GET
H2 200 ProximaNova-Light.woff
lbstatic.nu/assets/ 91 KB
90 KB 53ms
53ms Font
application/font-woff 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/ProximaNova-Light.woff
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 202f5a44ef1b1fac13c36c93eee29c52cd61f6e4f3f3ccbc35ce23683cc605bd

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 7168
etag: W/"628c3598-16c17"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8wf6hrBvhpT41%2BuQ0tBDmRWxC%2FyN6cizPXdV5cpiX6GxfNZmJwTY7xGTUWIAZDZS2I8ViY74kYX7tYsbVVrGpWMW3Nuz0K4R3qaOlCbz95BzVn8WwvN0BVVMqKaNaDnKquBRYQjsfYn"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750be75d3f635c9e-FRA

GET
H2 200 fontawesome-webfont-6a928d6875c980852c3823caf78dfc43.woff2
lbstatic.nu/assets/ 55 KB
56 KB 53ms
52ms Font
application/octet-stream 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/fontawesome-webfont-6a928d6875c980852c3823caf78dfc43.woff2?v=4.3.0
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
last-modified: Sun, 15 Jul 2018 18:53:39 GMT
server: cloudflare
age: 3480
etag: "5b4b9833-ddcc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exDEadr88vd3uH2NXiNddIbgqZV0DjRNZHOsxE3rvkFpe%2BjWxx4lzhues%2BJN8xGpG1mZBpadKiukuw7NG1Lcli7gQK4MeflO%2B8%2FbTAxMNAAaD9v01x%2FYLNSgm4EQx6xmnb5aHYamIKUJ"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 750be75d3f655c9e-FRA
content-length: 56780

GET
H2 200 bubble-e7fec504b573a5fe7aa9a6f1b12e7976.png
lbstatic.nu/assets/ 294 B
692 B 35ms
34ms Image
image/png 2606:4700:20::681a:112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/bubble-e7fec504b573a5fe7aa9a6f1b12e7976.png
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd66670e33f248ddc8f8accfb0173af1e10af2389bd59f04ff148ed3e7ff3025

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
cf-cache-status: HIT
last-modified: Tue, 24 May 2022 01:32:08 GMT
server: cloudflare
age: 4864
etag: "628c3598-126"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2Bbx2Gw75YO2TeJRWF4p88qkNwRynr8ZZ4tYkLD9N5wcSHrwu4LA7TuL3O2i1xGyJkmxMH6qqCZSueGVL6YCE%2F54ScQv3QMP2S%2FmtDXvMXJFrlGowUn36cD1MJgPWGJfTnPlti66nsx8"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 750be75d8c66bb55-FRA
content-length: 294

GET
H2 200 invisible.js Show response
lookbook.nu/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 5DB1 39 KB
14 KB 30ms
29ms Script
application/javascript 2606:4700:3034::6815:48a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lookbook.nu/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1664193600
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:48a4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: becca89a4a3acdd091038603f9c9f921183b0cf6e7a8952c4ddbf80b4df31b79

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=alc%2FucWPzPaxH8LGXD700WULo1r3mepqWEL76SW1u%2BpUntPhCr8NPEvK0pUqDaGISy3Jyud%2F9o5FXX1u%2B61mBVuF1pvJlkFViJx728PNdoOWtw6838%2FbOlOorStADLu2Ojn%2FFETjthvqGg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 750be75d882990d6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 318 KB
87 KB 46ms
21ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=0d75586c73a7cc4736f9cb8d8e4943a2

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7489af9ca18d36a15c90d20b0712d0dec91bdf36e000a605f9f7b1683c0b0ae3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://lookbook.nu/
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: tLs29WnBJoq5W32x9e5VVQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 88800
x-fb-rlafr: 0
x-fb-debug: 7qCJCXEyus/3wR/IVWY80IjQXyAlzhF0yRpbBE9j5IB0b3C5OsWc6lV5xDp54t0kDlGhx5YEW1LoUTGplepqdQ==
x-fb-content-md5: 034aecea23ef0f9c01dc9df9df2c9a8d
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 26 Sep 2022 12:11:43 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "92805346d66c0957db33ab67d8bae94a"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 26 Sep 2023 09:59:38 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
309 B 22ms
22ms XHR
text/plain 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Flookbook.nu&pubid=32930239-e300-4e84-8205-3dc868716562
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:46:55 GMT
via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
server: Server
age: 15888
x-cache: Hit from cloudfront
access-control-allow-origin: https://lookbook.nu
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: Bj1-aGDZMY4rSNYY_DKYYwPExp7YhfrE3RMSuv8krc1WqnsJi5woYg==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
461 B 255ms
58ms XHR
text/javascript 108.138.4.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Flookbook.nu%2Fbrushtip&pid=MhvFJpbHVdQPd&cb=0&ws=1600x1200&v=22.9.81452&t=2000&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1509568888555-0%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F1093101%2Fex_hp_728x90%22%7D%5D&pubid=32930239-e300-4e84-8205-3dc868716562&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.4.150 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-4-150.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
via: 1.1 ecb3ea567a6c6095a23354fbdc938128.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: W1Y16EVKWMYGD6YTRCME
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://lookbook.nu
access-control-allow-credentials: true
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: El4CJvX6ZKFldTj5fclwiVpOeZpENkqcAuUlRQdQkjsvFfWV7-Ogow==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 62ms
21ms XHR
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: I95TjGhhrR3O7F99m0mjPLrSrnJRj9o4
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 29022
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Mon, 19 Sep 2022 09:37:07 GMT
server: AmazonS3
date: Mon, 26 Sep 2022 04:08:02 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: REAO3WvYf4rVBcqtBf4NZjJP1qCgaNdaoAJWCMWtOQ-psy3o7peAUw==

GET
H2 200 pubads_impl_2022092101.js Show response
securepubads.g.doubleclick.net/gpt/ 379 KB
129 KB 218ms
33ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09af6caefeb671f4527e8bf54659bb482eea031fe6899bafc12f149bb14155d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 10:54:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 350258
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131360
x-xss-protection: 0
last-modified: Wed, 21 Sep 2022 08:34:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Sep 2023 10:54:05 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 110 B
725 B 249ms
66ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=lookbook.nu

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa154aae30700d792a088ec67e9e94878f0947772590d3dd49bb69dcdb1fc3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89
x-xss-protection: 0
expires: Mon, 26 Sep 2022 12:11:43 GMT

GET
H2 204 b
sb.scorecardresearch.com/ 0
188 B 22ms
21ms Image
text/plain 13.32.121.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=8354559&cs_it=b3&cv=3.8.0.210223&ns__t=1664194303631&ns_c=UTF-8&c7=https%3A%2F%2Flookbook.nu%2Fbrushtip&c8=Brush%20Tip%20(%40brushtip)%20%7C%20Lookbook&c9=
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-17.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: IS9luE-rplrcqvNsn4FAOK1zPRFw_srmFiiLm5vgh_6rEZeF_19AQg==
x-cache: Miss from cloudfront

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
436 B 193ms
27ms XHR
text/plain 2a00:1450:400c:c0d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-4019432-1&cid=769653455.1664194304&jid=1847682895&gjid=913892753&_gid=1466398807.1664194304&_u=YGBAgAABAAAAAE~&z=1944072791

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://lookbook.nu/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 26 Sep 2022 12:11:43 GMT
content-type: text/plain
access-control-allow-origin: https://lookbook.nu
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 64ms
21ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j97&a=283702740&t=pageview&_s=1&dl=https%3A%2F%2Flookbook.nu%2Fbrushtip&dp=%2Fuser%2F10889134&ul=en-us&de=UTF-8&dt=Brush%20Tip%20(%40brushtip)%20%7C%20Lookbook&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgAAB~&jid=1847682895&gjid=913892753&cid=769653455.1664194304&tid=UA-4019432-1&_gid=1466398807.1664194304&cg1=User%20Profiles&z=1972023840

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 20:06:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 57925
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
pxl.qccerttest.com/ 35 B
550 B 173ms
19ms Image
image/gif 2600:9000:223d:2000:11:615:7240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pxl.qccerttest.com/pixel?r=702675994;fpan=1;fpa=P0-769458854-1664194303657;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;ref=;cm=;gdpr=0;d=lookbook.nu;dst=0;et=1664194303656;tzo=0;url=https%3A%2F%2Flookbook.nu%2Fbrushtip;ogl=site_name.Lookbook%2Ctitle.Brush%20Tip%2Ctype.lookbook-nu%3Auser%2Curl.http%3A%2F%2Flookbook%252Enu%2Fbrushtip%2Cimage.%2F%2Flbstatic%252Enu%2Fassets%2Fguy%252Egif%2Cdescription.A%20pointed%20tip%20is%20essential%20for%20allowing%20your%20pencil%E2%80%99s%20pigment%20to%20enter%20your%20pape

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:2000:11:615:7240:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 01:48:50 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 37374
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000
content-length: 35
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 04 Aug 2022 16:01:04 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "55d25e9dc950d5db4d53a3b195c046c6"
vary: Accept-Encoding, Origin
content-type: image/gif
x-amz-cf-pop: FRA56-P3
accept-ranges: bytes
x-amz-cf-id: pjMoXlNOHbajAxKx5pmG_1Mtyet6dMYihdXRCy4Ns7kglpOg_Nx5Wg==

GET
H2 200 pixel;r=596052815;rf=0;a=p-15_abpQY22gxg;url=https%3A%2F%2Flookbook.nu%2Fbrushtip;uht=2;fpan=0;fpa=P0-769458854-1664194303657;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;cm=;gdpr=0;ref=;d=lookb...
pixel.quantserve.com/ 35 B
371 B 23ms
22ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=596052815;rf=0;a=p-15_abpQY22gxg;url=https%3A%2F%2Flookbook.nu%2Fbrushtip;uht=2;fpan=0;fpa=P0-769458854-1664194303657;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;cm=;gdpr=0;ref=;d=lookbook.nu;dst=0;et=1664194303659;tzo=0;ogl=site_name.Lookbook%2Ctitle.Brush%20Tip%2Ctype.lookbook-nu%3Auser%2Curl.http%3A%2F%2Flookbook%252Enu%2Fbrushtip%2Cimage.%2F%2Flbstatic%252Enu%2Fassets%2Fguy%252Egif%2Cdescription.A%20pointed%20tip%20is%20essential%20for%20allowing%20your%20pencil%E2%80%99s%20pigment%20to%20enter%20your%20pape;ses=8eb22389-c19a-4cc9-8139-d757353d5adb

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 12:11:43 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 pica.js
lookbook.nu/cdn-cgi/challenge-platform/h/g/scripts/ Frame 5DB1 20 KB
8 KB 31ms
31ms Other
application/javascript 2606:4700:3031::ac43:9926
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lookbook.nu/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:9926 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9fe387c0add86d0dbbc32cd4f158af07c45147eca6a237d69d7dd6ae5cdf1a5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:43 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pPLu3LU5hEUjMUufKhcnK5Q7pXsz3sbDb9i%2FINK4A7dV9E7o9p399s2vHmb2FzV35gDjgaWkCSfzG3e3%2BtAGeNEqPIE2Yg04r9xfQ0vzpqrlTvisCxiqguTuORRIu2rytiUjUmQ0EI6lyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 750be75df89d90a3-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 152ms
44ms Fetch
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=71607949800&input_token&origin=1&redirect_uri=https%3A%2F%2Flookbook.nu%2Fbrushtip&sdk=joey&wants_cookie_data=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=0d75586c73a7cc4736f9cb8d8e4943a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: L0IeYUZOOLPREgh+2pZAQxO00xx5B4YGimOlbw28lQTFJ1bStAmiLYIMkwG5DLlM9XeHgDMj42WQOpzd5WLQoA==
fb-s: unknown
date: Mon, 26 Sep 2022 12:11:43 GMT
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lookbook.nu
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 750be75b7c5590d6 Show response
lookbook.nu/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 5DB1 2 B
652 B 56ms
55ms XHR
text/plain 2606:4700:3031::ac43:9926
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lookbook.nu/cdn-cgi/challenge-platform/h/g/cv/result/750be75b7c5590d6
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1664193600
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:9926 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXaGBzVvzdLZKVVxAdYaypinhzdDF6Ns1HkZdwenuOQAfYCvpZ0DNUykT8gFKxtKXAvSDksmvpdIlxQE8cb3iQT93gc5C3Py9bticHwpDUI1TXD9rNs6%2BcbJJt%2FO48SWEBKn2Mqut7yAvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 750be7608bfb90a3-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 109ms
31ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=lookbook.nu

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 12:11:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 78ms
29ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=lookbook.nu

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 12:11:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 225 KB
53 KB 1025ms
954ms XHR
text/plain 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3140840599347288&correlator=4270080598853483&eid=31068458%2C31068928%2C31069634%2C31069828%2C31069927%2C31068366%2C31068825%2C44752585&output=ldjh&gdfp_req=1&vrg=2022092101&ptt=17&impl=fifs&iu_parts=1093101%2Cex_hp_300x250%2Cex_hp_btf_300x250&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x600%7C300x250%2C300x250&ifi=1&adks=1276300409%2C1030487218&sfv=1-0-38&fsapi=false&eri=1&cust_params=d6%3D3%26d20%3D17%26brand%3D%26leadersize%3D728x90%26sideadsize%3D300x250&sc=1&cookie_enabled=1&abxe=1&dt=1664194304126&lmt=1664194304&dlt=1664194303312&idt=786&adxs=990%2C990&adys=384%2C1264&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C1&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Flookbook.nu%2Fbrushtip&frm=20&vis=1&psz=300x250%7C300x250&msz=300x250%7C300x-1&fws=0%2C0&ohw=0%2C0&ga_vid=769653455.1664194304&ga_sid=1664194304&ga_hid=283702740&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2be1d59a0d2fabd3aeeb1243d4c7c824824aabffbfdadb2ff6073cda17d2a424

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIDU4PK2svoCFcnyuwgdl4QLiw&gqi=&layout=/sadbundle/%24csp%253Der3%24/5876740340791497504/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIHU4PK2svoCFcnyuwgdl4QLiw&gqi=&layout=/sadbundle/%24csp%253Der3%24/9429483408133717842/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIDU4PK2svoCFcnyuwgdl4QLiw&gqi=&layout=/sadbundle/%24csp%253Der3%24/5876740340791497504/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIHU4PK2svoCFcnyuwgdl4QLiw&gqi=&layout=/sadbundle/%24csp%253Der3%24/9429483408133717842/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1,-1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53881
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
date: Mon, 26 Sep 2022 12:11:45 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lookbook.nu
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 408ms
338ms XHR
text/plain 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3140840599347288&correlator=56951150304769&eid=31068458%2C31068928%2C31069634%2C31069828%2C31069927%2C31068366%2C31068825%2C44752585&output=ldjh&gdfp_req=1&vrg=2022092101&ptt=17&impl=fifs&iu_parts=1093101%2Cex_hp_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90&ifi=3&adks=3286650984&sfv=1-0-38&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=d6%3D3%26d20%3D17%26brand%3D%26leadersize%3D728x90%26sideadsize%3D300x250&sc=1&cookie_enabled=1&abxe=1&dt=1664194304131&lmt=1664194304&dlt=1664194303312&idt=786&adxs=310&adys=384&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Flookbook.nu%2Fbrushtip&frm=20&vis=1&psz=980x0&msz=980x0&fws=0&ohw=0&ga_vid=769653455.1664194304&ga_sid=1664194304&ga_hid=283702740&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cee46b0f853573ec4e0c99be2a57b7d99398d81f79d00f304ddd5280d9851e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10043
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lookbook.nu
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 67D7 6 KB
4 KB 107ms
27ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 12:11:44 GMT
expires: Tue, 26 Sep 2023 12:11:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 184ms
68ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022092101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd95fe975ff03ab36c38eb2898e30e722c15b9a0244dce7990e154a8f691fad1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 12:11:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11359
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 195ms
104ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 12:11:44 GMT

GET
H3 200 container.html Show response
6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E622 6 KB
3 KB 66ms
22ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 12:11:44 GMT
expires: Tue, 26 Sep 2023 12:11:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E622 0
0 75ms
74ms Fetch
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CnQEhAJcxY-z6D5fO7_UP9o-tyA3JntKxXNWdkfdwwI23ARABIABglYKAgLAHggEXY2EtcHViLTA3OTA4OTQxNDg0NTE3ODWgAdW20uoDyAEJqQIEhvLbJCewPuACAKgDAaoE3gFP0N7zfIcIn6KFzi-D9zLOcXlLQ9hfUpN1rue-K7Z72ReCBdGMJHYHD1E8CJsKM1h_w6lvvR9PtfoDII5k5R9K4ghCZhSZsTWHQLJ2Qe5EOfpjsNMmAZIjNxJnE24ViLsdf9o1Wvh8kTVbvhHEEhLPBfXcLuH6sCgHk6sx-CoCdo18j4x-Y2AMVQgqrOdFi3_RAdWhykiyztAc4aiQYchNvnY_2zL0BXcsQjotigRaKJo45imV7QdEu3sJe3kIyMpGL-r5ubfqoHtY2U0AGGeG3FBgNtPReaicwVnmh6PgBAGABsfNz5jfnu2p-QGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggQCIjhgBAQATIDqoIBOgKAQIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi0wNzkwODk0MTQ4NDUxNzg1GL2WCw&sigh=Aw2NhwKs--c&uach_m=[UACH]&cid=CAQSPwCsnQUxqHpBmgDSmTKsSzwoWd2nCWBNsejfOb4-fQO_i-z7w2zc1QH6MRvbow3KGH5iKw_s_Ic5VIOacagNaBgB
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame E622 0
0 120ms
39ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kJCTFOjMCcoHWp2DYgICAAAA4Qx5WPkkRbYQAJcxYzDYTf3-A0NPlZC7ABIAAA&wp=YzGXAAAD_WwIu-cXAAtH9tgWaozvz0LTc0RkpA

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
server: Kestrel
server-processing-duration-in-ticks: 172133
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 378A 164 KB
50 KB 270ms
168ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YzGXAAAD_WwIu-cXAAtH9tgWaozvz0LTc0RkpA&u=%7CKeEPnlMCqVGEXJTcTVI6LRCiHUBJYtHHlQb7h8ptH1Q%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srE7f174gicdGkk4lLKrDrp-XsO9ayBZtOKsXUQlD2NjW1W9UsVdHgZEtvealSVp-wBjcWPovlmMMgRBHtt5QYGvI4Bm06Lrp_B3YfdtmTEFi7SJxrOpEvhVSsx-BMUZ8YLQ0K42cUqXGuv8COXoj8GeCBeXNGjh_O7u1M-LUF51flPAXkIx_JPr3Mb4NxRaQJnun6GVhtGvIsl0gSF-j86FKuoLFYAL5rgp3QLCKw0cc--eBJaixnnfg68x4u4Lz8JUI2hmfLLFuoobq-Q8Qwr5AUM31769JUucAowXddQY3-mCHtkCKBlJMdPi-L2ienkyhnCH3z7MUqL5JRoWIZZhqgASvODd1tQ94AtAEh061lKHxS34oP89RJE-Z-z7XFY043CBXARKo1PsWUzieRBAstWmE0HYpZi6Q2bJnIcxGDp0mvAnIxzPPQU06-YpaGMQI_VAjrQ20_v4zpm2XyuUm-LlbvSgmYNogOWA-zlZoDoQHtpqonSAi1lg3ZsxqvIyZ6jeqX83vH-YmSXvq3d0X6tPgt1RZVxR-qjkBha_vRbBA2bU-bytV45SMI2l0g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjxF0AJcxY-z6D5fO7_UP9o-tyA3JntKxXNWdkfdwwI23ARABIABglYKAgLAHggEXY2EtcHViLTA3OTA4OTQxNDg0NTE3ODWgAdW20uoDyAEJqQIEhvLbJCewPuACAKgDAaoE4QFP0N7zfIcIn6KFzi-D9zLOcXlLQ9hfUpN1rue-K7Z72ReCBdGMJHYHD1E8CJsKM1h_w6lvvR9PtfoDII5k5R9K4ghCZhSZsTWHQLJ2Qe5EOfpjsNMmAZIjNxJnE24ViLsdf9o1Wvh8kTVbvhHEEhLPBfXcLuH6sCgHk6sx-CoCdo18j4x-Y2AMVQgqrOdFi3_RAdWhykiyztAc4aiQYchNvnY_2zL0BXcsQjotigRaKJo45imV7QdE-Xko6f6HVNn5s_5aaYpMWHJM0_sKNn8EaJhdkCFuZ4SERPNilBxbEzngBAGABsfNz5jfnu2p-QGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggQCIjhgBAQATIDqoIBOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0RIdV4TC8Iim49VxEWVfviVhh4lQ%26client%3Dca-pub-0790894148451785%26adurl%3D

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2459f238ea4c5733e264b4957e82a5f816503c6d82c3bcfde902caf45e39e4e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 12:11:44 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=orq3mUKzuKnIMCYr1B5WmtJCJ3I6m2whquublsa5mNL3BYarqif_Bu4GuNXoQnk7B9C6XB5wN2Pg82bTA9BPfPyEImFP6QO1FjlT8EG8NezwF7Q9DOrYX5TkFtr2Dq8rf9sxjxhp5KMiW5z7VQhOXZq08kEghmL7dS-SACJ6XYZzzTHa5cxbQ81l5B4YlTczTAXC4zsV9SsBj-RKgUEbPxdAt-nwKnLS7qKtMBr2HygRuiGU9f1f85PHRpUttduFYigCWA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 111493582
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame E622 3 KB
2 KB 36ms
34ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:22:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2942
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 11:22:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame E622 17 KB
7 KB 37ms
35ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7553
x-xss-protection: 0
server: cafe
etag: 15375136450269253166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 11:01:42 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E622 0
0 78ms
28ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQF0JreNJbXaWWJjBJDQ5U7LdKXgxVZJ3VjqwnEglc0cZCk8VU_vMWDz0GRGSFD22WL34IU-eYM7JOTDqL4AB5vaiHApw
Requested by: Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame E622 22 KB
7 KB 41ms
40ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 06:21:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 26 Sep 2023 06:21:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E622 140 KB
44 KB 76ms
34ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d862ec0d2b72e9f1575615db28f4196cbf0f586adb2208c605c691d6e06ee6ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44525
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1663760195623328"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 12:11:44 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9C01 13 KB
5 KB 103ms
33ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 90785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 10:58:39 GMT
expires: Mon, 25 Sep 2023 10:58:39 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2408 783 B
997 B 61ms
31ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3a1b9dfeeb6169b3a7eacecccadb4d8d9a832823b6cfa6336995dad2c15a69e7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Xd1bOsT_EobDqwv0mzqOfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 510
content-security-policy: script-src 'report-sample' 'nonce-Xd1bOsT_EobDqwv0mzqOfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 12:11:44 GMT
expires: Mon, 26 Sep 2022 12:11:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame E622 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76efb56456bb595d0abab8bc26a37a1407ade5e16ab522ba07c569f9a6d344cc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2408 0
0 95ms
54ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022092101&jk=3140840599347288&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 200 f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js Show response
pagead2.googlesyndication.com/bg/ Frame 9C01 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 10:10:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7273
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16009
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Sep 2023 10:10:31 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9C01 0
10 B 33ms
33ms Image
text/plain 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?MESXLA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 378A 2 KB
1 KB 145ms
30ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YzGXAAAD_WwIu-cXAAtH9tgWaozvz0LTc0RkpA&u=%7CKeEPnlMCqVGEXJTcTVI6LRCiHUBJYtHHlQb7h8ptH1Q%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srE7f174gicdGkk4lLKrDrp-XsO9ayBZtOKsXUQlD2NjW1W9UsVdHgZEtvealSVp-wBjcWPovlmMMgRBHtt5QYGvI4Bm06Lrp_B3YfdtmTEFi7SJxrOpEvhVSsx-BMUZ8YLQ0K42cUqXGuv8COXoj8GeCBeXNGjh_O7u1M-LUF51flPAXkIx_JPr3Mb4NxRaQJnun6GVhtGvIsl0gSF-j86FKuoLFYAL5rgp3QLCKw0cc--eBJaixnnfg68x4u4Lz8JUI2hmfLLFuoobq-Q8Qwr5AUM31769JUucAowXddQY3-mCHtkCKBlJMdPi-L2ienkyhnCH3z7MUqL5JRoWIZZhqgASvODd1tQ94AtAEh061lKHxS34oP89RJE-Z-z7XFY043CBXARKo1PsWUzieRBAstWmE0HYpZi6Q2bJnIcxGDp0mvAnIxzPPQU06-YpaGMQI_VAjrQ20_v4zpm2XyuUm-LlbvSgmYNogOWA-zlZoDoQHtpqonSAi1lg3ZsxqvIyZ6jeqX83vH-YmSXvq3d0X6tPgt1RZVxR-qjkBha_vRbBA2bU-bytV45SMI2l0g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjxF0AJcxY-z6D5fO7_UP9o-tyA3JntKxXNWdkfdwwI23ARABIABglYKAgLAHggEXY2EtcHViLTA3OTA4OTQxNDg0NTE3ODWgAdW20uoDyAEJqQIEhvLbJCewPuACAKgDAaoE4QFP0N7zfIcIn6KFzi-D9zLOcXlLQ9hfUpN1rue-K7Z72ReCBdGMJHYHD1E8CJsKM1h_w6lvvR9PtfoDII5k5R9K4ghCZhSZsTWHQLJ2Qe5EOfpjsNMmAZIjNxJnE24ViLsdf9o1Wvh8kTVbvhHEEhLPBfXcLuH6sCgHk6sx-CoCdo18j4x-Y2AMVQgqrOdFi3_RAdWhykiyztAc4aiQYchNvnY_2zL0BXcsQjotigRaKJo45imV7QdE-Xko6f6HVNn5s_5aaYpMWHJM0_sKNn8EaJhdkCFuZ4SERPNilBxbEzngBAGABsfNz5jfnu2p-QGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggQCIjhgBAQATIDqoIBOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0RIdV4TC8Iim49VxEWVfviVhh4lQ%26client%3Dca-pub-0790894148451785%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 21 Sep 2023 12:11:45 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 378A 2 KB
1 KB 146ms
31ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 21 Sep 2023 12:11:45 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 378A 308 B
636 B 172ms
58ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 21 Sep 2023 12:11:45 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 378A 293 B
621 B 144ms
31ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 21 Sep 2023 12:11:45 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 378A 43 B
348 B 145ms
32ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=QfPPbQnl1l06ZMRVp1bpsxsaz02s09l3dvbeeQW9GS50Iy2hp0zPASPwTnvj_6OW_SBADW6CPo11kMz3zEQf6qNAf6-iaOJ0e-NEm_teLz_rNzlGAzrUnGotTNAzmt3FyP5z6q05JETW1XLLiSroa-7eEWfV9Z0MmoJKTVrOFZygDkf9YcLnELvtpTyVU83DICZcSPxBtl_EhdhymOElk8sqkLgD_U1xUXJoWs25YRIJYHHLYgnaTVcoDKaty5kVo1evUXNa5Wg1K9hsrD0IhiwGw9Ub_UWid7iDZWT2ePl2AkHoUN9Un4kuuBgYVJjCJRI2iK6KswkeMJlVMsD69mWbE0tWLT7V_deO6XcwA1BJrr7vQAWYsA1fs1CVzCxsRyi1uxtmwMKthpMApeixq5J4t6wYxRbw-tmshDZfxNHXwGl2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 12:11:44 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2529186
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 378A 44 B
752 B 240ms
126ms Image
image/gif 2600:9000:223c:da00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1664194304
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YzGXAAAD_WwIu-cXAAtH9tgWaozvz0LTc0RkpA&u=%7CKeEPnlMCqVGEXJTcTVI6LRCiHUBJYtHHlQb7h8ptH1Q%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srE7f174gicdGkk4lLKrDrp-XsO9ayBZtOKsXUQlD2NjW1W9UsVdHgZEtvealSVp-wBjcWPovlmMMgRBHtt5QYGvI4Bm06Lrp_B3YfdtmTEFi7SJxrOpEvhVSsx-BMUZ8YLQ0K42cUqXGuv8COXoj8GeCBeXNGjh_O7u1M-LUF51flPAXkIx_JPr3Mb4NxRaQJnun6GVhtGvIsl0gSF-j86FKuoLFYAL5rgp3QLCKw0cc--eBJaixnnfg68x4u4Lz8JUI2hmfLLFuoobq-Q8Qwr5AUM31769JUucAowXddQY3-mCHtkCKBlJMdPi-L2ienkyhnCH3z7MUqL5JRoWIZZhqgASvODd1tQ94AtAEh061lKHxS34oP89RJE-Z-z7XFY043CBXARKo1PsWUzieRBAstWmE0HYpZi6Q2bJnIcxGDp0mvAnIxzPPQU06-YpaGMQI_VAjrQ20_v4zpm2XyuUm-LlbvSgmYNogOWA-zlZoDoQHtpqonSAi1lg3ZsxqvIyZ6jeqX83vH-YmSXvq3d0X6tPgt1RZVxR-qjkBha_vRbBA2bU-bytV45SMI2l0g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjxF0AJcxY-z6D5fO7_UP9o-tyA3JntKxXNWdkfdwwI23ARABIABglYKAgLAHggEXY2EtcHViLTA3OTA4OTQxNDg0NTE3ODWgAdW20uoDyAEJqQIEhvLbJCewPuACAKgDAaoE4QFP0N7zfIcIn6KFzi-D9zLOcXlLQ9hfUpN1rue-K7Z72ReCBdGMJHYHD1E8CJsKM1h_w6lvvR9PtfoDII5k5R9K4ghCZhSZsTWHQLJ2Qe5EOfpjsNMmAZIjNxJnE24ViLsdf9o1Wvh8kTVbvhHEEhLPBfXcLuH6sCgHk6sx-CoCdo18j4x-Y2AMVQgqrOdFi3_RAdWhykiyztAc4aiQYchNvnY_2zL0BXcsQjotigRaKJo45imV7QdE-Xko6f6HVNn5s_5aaYpMWHJM0_sKNn8EaJhdkCFuZ4SERPNilBxbEzngBAGABsfNz5jfnu2p-QGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggQCIjhgBAQATIDqoIBOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0RIdV4TC8Iim49VxEWVfviVhh4lQ%26client%3Dca-pub-0790894148451785%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:da00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
via: 1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 44
pragma: no-cache
server: nginx
access-control-allow-methods: POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id: s1p3lEf0dHMJBAb8xjwUEVAAZGa3TAlozD71A3Cprht94h0vZsblIA==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 378A 12 KB
6 KB 88ms
33ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 21 Sep 2023 12:11:45 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 378A 9 KB
10 KB 102ms
26ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=176&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F79f2c646e3f74b54931cff1f39d769d0_blue.png&v=3&w=256&s=9ACZDkBN5yZSSGrFyguWDdCY

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

6bf42366f17e06a53eaa138473ce50047117fb01e4f5fcd3b7d2c736164c91a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29015656
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 9540
expires: Mon, 28 Aug 2023 08:06:01 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 378A 5 KB
5 KB 125ms
49ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F7%2FlogoRasenBallsport-Leipzig-GmbH-112203DE-2011231618.gif%3Feb%3D1&v=3&w=800&s=uL1eBielVmNzs4UCUlbGoce6&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

049197d27fc218a1fc7185322d281d1f12d8cb637cce49e815600869e12e463a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5240
expires: Thu, 21 Sep 2023 12:11:45 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 378A 2 KB
3 KB 126ms
51ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F5%2FlogoWarth-Klein-Grant-Thornton-AG-Wirtschaftsprufungsgesellschaft-39194DE-2202281447.gif%3Feb%3D1&v=3&w=800&s=rw1kUyML0MnDW87nuLiHsS_z&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

a80f386aeb3138240bd19205d68b6f0fd02e2bdfac78e96acaad5a8200fa233b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=186206
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2296
expires: Wed, 28 Sep 2022 15:55:11 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 378A 2 KB
3 KB 126ms
50ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FF%2FlogoGAF-AG-52202DE.gif%3Feb%3D1&v=3&w=800&s=ABy0a5CGuwxHmd1dZkdP9vMT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cdf6cd3f1258b9e04e1353ff72ec4d9a4a868f1ab445b655288e3632137b4e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:44 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1998545
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2490
expires: Wed, 19 Oct 2022 15:20:50 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 378A 0
128 B 85ms
28ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=orq3mUKzuKnIMCYr1B5WmtJCJ3I6m2whquublsa5mNL3BYarqif_Bu4GuNXoQnk7B9C6XB5wN2Pg82bTA9BPfPyEImFP6QO1FjlT8EG8NezwF7Q9DOrYX5TkFtr2Dq8rf9sxjxhp5KMiW5z7VQhOXZq08kEghmL7dS-SACJ6XYZzzTHa5cxbQ81l5B4YlTczTAXC4zsV9SsBj-RKgUEbPxdAt-nwKnLS7qKtMBr2HygRuiGU9f1f85PHRpUttduFYigCWA&sds=2&rev=82884&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 26 Sep 2022 12:11:44 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 378A 2 KB
1 KB 84ms
58ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 21 Sep 2023 12:11:45 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 378A 2 KB
1 KB 30ms
30ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 21 Sep 2023 12:11:45 GMT

GET
H3 200 container.html Show response
6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BAD3 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 12:11:44 GMT
expires: Tue, 26 Sep 2023 12:11:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 25A2 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092101.js?cb=31069828

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 12:11:44 GMT
expires: Tue, 26 Sep 2023 12:11:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/ Frame 4EF1 5 KB
2 KB 34ms
34ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2b43d4f8ab58be75175a420482d47ca3089fa7acda4494490eb395e3c758d75

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 144705
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1659
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Sep 2022 20:00:00 GMT
expires: Sun, 24 Sep 2023 20:00:00 GMT
last-modified: Fri, 02 Sep 2022 13:10:03 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3

200

B28549163.346007284;dc_pre=CLnpn_O2svoCFY7ddwodz60NXw;dc_trk_aid=537600811;dc_trk_cid=177787622;ord=3303278328;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/ Frame BAD3
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_trk_aid=537600811;dc_trk_cid=177787622;ord=3303278328;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_pre=CLnpn_O2svoCFY7ddwodz60NXw;dc_trk_aid=537600811;dc_trk_cid=177787622;ord=3303278328;dc_lat=;dc_rdid=;ta...

42 B
63 B

95ms
48ms

Fetch
image/gif

142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_pre=CLnpn_O2svoCFY7ddwodz60NXw;dc_trk_aid=537600811;dc_trk_cid=177787622;ord=3303278328;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 12:11:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Sep 2022 12:11:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_pre=CLnpn_O2svoCFY7ddwodz60NXw;dc_trk_aid=537600811;dc_trk_cid=177787622;ord=3303278328;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BAD3 0
0 74ms
74ms Fetch
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBxiDAJcxY4DUEcnl7_UPl4mu2AjgwdaxbIij7ojnENvZHhABIKGu1RlglYKAgLAHoAHF6pm5AsgBCakCt6adc4w7sD7gAgCoAwHIA0iqBPEBT9AThTLRcXRWudkN6aDfg8QsgVzmvtWGKw5x_bKynHsHtFZmuSPn0CYgICtFI9w9uLoggjvxT3ULXX2aDcIwJdFBdTKJqX-LEjJgHFygDCsqEEFxILAAUObj9aLBfBOrYSygL1W8ShSBy42UrlE4Gzxd0oAl7xr4pnjmQ_M1Ob0t8J-QeaIL3yDH8GRfdaIDLr-CdKIXFAN9Pc7GYUwfU8isRjmahPfz270i3-mwxhydTQGmVMYym2wQAPnYAFZTp-PDtJmzfHHjL4UjFkr2YjXQZyxIx69Bi9nckkim83gXNVeVgcC4vbqgafnikA5CgcAEmbaqzZEE4AQBoAYugAejlebGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEJ28INIIEgiI4YAQEAEYHTIDqoIBOgKAQIAKA8gLAdgTA9AVAZgWAYAXAbIXHgocCAASFHB1Yi0wNzkwODk0MTQ4NDUxNzg1GL2WCw&sigh=xMiaauCoxdM&uach_m=[UACH]&template_id=419
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/ Frame BAD3 23 KB
9 KB 33ms
33ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/abg_lite_fy2021.js

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d485f54c3ae5920cd21c8d180458c50f092554777b97f9c52ac6f76359838a05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:43:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1705
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9559
x-xss-protection: 0
server: cafe
etag: 12142024561622733046
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 11:43:20 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/ Frame 8A33 5 KB
2 KB 34ms
33ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/brushtip

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2b43d4f8ab58be75175a420482d47ca3089fa7acda4494490eb395e3c758d75

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 138856
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1659
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Sep 2022 21:37:29 GMT
expires: Sun, 24 Sep 2023 21:37:29 GMT
last-modified: Fri, 02 Sep 2022 13:29:11 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3

200

B28549163.346007284;dc_pre=CJ3rn_O2svoCFTfKuwgdvQIHSg;dc_trk_aid=537600811;dc_trk_cid=178141746;ord=2976086892;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/ Frame 25A2
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_trk_aid=537600811;dc_trk_cid=178141746;ord=2976086892;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_pre=CJ3rn_O2svoCFTfKuwgdvQIHSg;dc_trk_aid=537600811;dc_trk_cid=178141746;ord=2976086892;dc_lat=;dc_rdid=;ta...

42 B
63 B

96ms
50ms

Fetch
image/gif

142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_pre=CJ3rn_O2svoCFTfKuwgdvQIHSg;dc_trk_aid=537600811;dc_trk_cid=178141746;ord=2976086892;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 12:11:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Sep 2022 12:11:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N1335164.4228069GOOGLEADS_/B28549163.346007284;dc_pre=CJ3rn_O2svoCFTfKuwgdvQIHSg;dc_trk_aid=537600811;dc_trk_cid=178141746;ord=2976086892;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 25A2 0
0 75ms
75ms Fetch
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C1kAcAJcxY4HUEcnl7_UPl4mu2AjgwdaxbNij7ojnENvZHhABIKGu1RlglYKAgLAHoAHF6pm5AsgBCakCt6adc4w7sD7gAgCoAwHIA0iqBPQBT9ArbIJorr6R8nryCTE5VB6DNFiHqfIX6dLwTPCogKnyDYMpa64NwsYiApgEPy3YEyCTS6bQbz6WePUqgbsn_-9RqGaS-ejUMDmqeJsICNMCwpkkupAomA3g0j-c5TszTivRHgqA0u2a7QUToKXUw_bTByrJvJTEfEbtmhcS57DUp3xj6HnhrK1EaxJX29eVLSybAs6hjEPCfeXTjcOILl2g124-QS2Dn-O8RLlf9Ww5IwsWPFJ7N2T3ke0ZC04so_TCSQPmx29lfF0jn-gogC_6KLCCinvW_l8Lpai9w4eo4T5hcLZprdr6DBmXWomTYiCSAMAEmbaqzZEE4AQBoAYugAejlebGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEPmiCNIIEgiI4YAQEAEYHTIDqoIBOgKAQIAKA8gLAdgTA9AVAZgWAYAXAbIXHgocCAASFHB1Yi0wNzkwODk0MTQ4NDUxNzg1GL2WCw&sigh=ztZlrdhHUnQ&uach_m=[UACH]&template_id=419
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/brushtip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/ Frame 25A2 23 KB
9 KB 33ms
33ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/abg_lite_fy2021.js

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d485f54c3ae5920cd21c8d180458c50f092554777b97f9c52ac6f76359838a05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:43:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1705
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9559
x-xss-protection: 0
server: cafe
etag: 12142024561622733046
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 11:43:20 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 4EF1 6 KB
3 KB 33ms
33ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 21:29:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2655
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 26 Sep 2022 21:29:21 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 4EF1 33 KB
13 KB 35ms
35ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aafb3ee79dc18d6ddc6b5c5503dc051c6e89d25a801b243cd4310ce7e0eac5ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 21:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53423
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13218
x-xss-protection: 0
server: cafe
etag: 5545325275904357113
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 26 Sep 2022 21:21:22 GMT

GET
H2 200 tweenmax_2.1.2_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4EF1 113 KB
40 KB 179ms
66ms Script
text/javascript 2a00:1450:400d:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.1.2_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39910
x-xss-protection: 0
last-modified: Mon, 11 Mar 2019 14:29:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 26 Sep 2022 12:11:45 GMT

GET
H3 200 main.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/ Frame 4EF1 6 KB
3 KB 45ms
45ms Script
application/x-javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/main.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a270b2e4815fced8bc86ebbe91247585be8af28c6c4220b1d52ffb8239da878

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 131375
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2567
x-xss-protection: 0
last-modified: Fri, 02 Sep 2022 13:10:03 GMT
server: sffe
date: Sat, 24 Sep 2022 23:42:10 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 24 Sep 2023 23:42:10 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F052 143 B
426 B 124ms
34ms Document
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2082
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 11:37:03 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame BAD3 3 KB
1 KB 69ms
69ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:10:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3661
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 11:10:44 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame BAD3 17 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:59:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 709
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7553
x-xss-protection: 0
server: cafe
etag: 15375136450269253166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 11:59:56 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 8A33 6 KB
3 KB 37ms
37ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 21:29:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2655
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 26 Sep 2022 21:29:21 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 8A33 33 KB
13 KB 37ms
37ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aafb3ee79dc18d6ddc6b5c5503dc051c6e89d25a801b243cd4310ce7e0eac5ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 21:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53423
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13218
x-xss-protection: 0
server: cafe
etag: 5545325275904357113
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 26 Sep 2022 21:21:22 GMT

GET
H2 200 tweenmax_2.1.2_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 8A33 113 KB
39 KB 204ms
108ms Script
text/javascript 2a00:1450:400d:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.1.2_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39910
x-xss-protection: 0
last-modified: Mon, 11 Mar 2019 14:29:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 26 Sep 2022 12:11:45 GMT

GET
H3 200 main.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/ Frame 8A33 6 KB
3 KB 48ms
48ms Script
application/x-javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/main.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d5d7b7c7c5fd27725afd25ee05c30c89b309b993d178f1b3bf268bd2cdfc007

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 131762
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2571
x-xss-protection: 0
last-modified: Fri, 02 Sep 2022 13:29:11 GMT
server: sffe
date: Sat, 24 Sep 2022 23:35:43 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 24 Sep 2023 23:35:43 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E907 143 B
198 B 108ms
34ms Document
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2082
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 11:37:03 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame 25A2 3 KB
1 KB 53ms
53ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:10:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3661
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 11:10:44 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame 25A2 17 KB
7 KB 47ms
46ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:59:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 709
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7553
x-xss-protection: 0
server: cafe
etag: 15375136450269253166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 11:59:56 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BAD3 0
0 71ms
29ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQS-pG84zQUEWcyHYYDnCRwkzGBcio06K4Nk70f1gJiQ9k88kYxDhi60EYXA3oZibluV3fW4lsav0jfocZkVLBJooozvg
Requested by: Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BAD3 140 KB
44 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d862ec0d2b72e9f1575615db28f4196cbf0f586adb2208c605c691d6e06ee6ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44525
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1663760195623328"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 12:11:45 GMT

GET
DATA 200
OK truncated
/ Frame BAD3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cfb9ad09c8dde182bb6b32cc1ae1aaad4af7a8c5eecefa69009d507a5fa8503c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 l
www.google.com/ads/measurement/ Frame 25A2 0
0 51ms
28ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQk1NjlHrZQpuDSHawkxAN4sUkskzWKY_53krwi4irot6pzPiSp10O3WcdpT65SkzaJ4phIG0BJiV_bBNxQ5oyCp2zrww
Requested by: Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 25A2 140 KB
44 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d862ec0d2b72e9f1575615db28f4196cbf0f586adb2208c605c691d6e06ee6ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 12:11:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44525
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1663760195623328"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 12:11:45 GMT

GET
DATA 200
OK truncated
/ Frame 25A2 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 817f5439055724b35b0ee4698a979d7d4a164ed3086d73d4742e7ab2645e1da7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
57ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022092101&jk=3140840599347288&bg=!OTqlOn7NAAYIxsuQKMY7ACkAdvg8Wrwi85FZM6r5GHqVBWH5ufFJkf5K0_jK-fraXvFU8lLUGt0juQIAAABEUgAAAAFoAQcKAEaWmV6Fq7wltogu3-yAAmhmr8DJa4dqcrmRcgs5U7qzoGAkg7Y-hKco-6IF8PKclCSlcyyhpknrLB_irnuT0MsUwAEq8iOQmQK1m7A1AL9TqzowiM9C3ETpxlG7hwLeT_VbAYSnfa87ThGVh8ro88XztZU6U5yTvPugryoSXlB5hgdjAXUlbSCQWJl0XMj2rzm03nP_MNG7G4-Dz_SetopSejXLsWmgtrJLnuyEUgyAJTjV7IAyQAbDAOj6omzhZP1PKSihK-L4Rl1eM7l15p4el_2u8VkQgkmXLc7XBUK16l7tingBK2sp_JZfgqYzz3D3URB0PRuNYBlp1pBmjvYbMXLy3gZ8oPrc6MVkP2q8j3w1Zo-w-mTm_qsbNw5Y10tSaR52-DlU_xEDsq4rVaf0wmras-EagVno8-9Q_7XUnRFBDhm7_u8CN071BEYeBSUHnEEEiy18ciyR_ADg1fPmglUikJafQYwRG5XB3ipSBN62xb24Ap5UTDtbcZq9p_7s4yq9aZzwaSbSHSFnY3BkDX2_y50005rYML7SGzbZJSlYJ16wyQgeKetnIkMgC_zGVnJMCBsr9Gj0UhMCihMb3Vnkt3r2XNvvnREYD1NrfTdG64YIQQ4L8iFIZpWkAjFV66iTNsnZF-UEwbediT_hpQYcsDupoBBw7wBaF9IcbV2ZIpH9pXYzQGgWQc8iW-wtJJjmpfJUwSSLC5zwp-yu7U-C_p3o_x2pUnqOx013DrOTO3ZU234Q0vO9v07kBSnu2zxJWbvnrsTxH65d9JW2GTe_VNK5_5vTnNabxeHDLjE_y9BHEXY65VizC4IHfon4WG9-X5quD-Kj1_Kt2nqD8_dwSNdRquDpY5rgrK9oH9Pji7xjmSeNxLJj212IMg8c3Khj9cbStgNc02cITr_XG78zi9WJzvfucTU2iaRCfSDcMKwLKkFO4Fhb1--cgY_XARrmp_tW9NnH588mzpHZWr-cDauwMe50-PmPmTtt_6wNuaL1dcwvh1CvTMRc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F052
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
18 B

185ms
117ms

Document
text/html

2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 12:11:45 GMT
expires: Mon, 26 Sep 2022 12:11:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 12:11:45 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E907
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

127ms
68ms

Document
text/html

2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 12:11:45 GMT
expires: Mon, 26 Sep 2022 12:11:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 12:11:45 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 commerzbank_affluent_impulse_300x250_v2_js.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/ Frame 4EF1 55 KB
55 KB 107ms
36ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5876740340791497504/commerzbank_affluent_impulse_300x250_v2_js.png

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ad7d958ff2ac0e4737bb78ad21be82e991a2860fbb06dab0030a99582e91de9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 124409
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56495
x-xss-protection: 0
last-modified: Fri, 02 Sep 2022 13:10:03 GMT
server: sffe
date: Sun, 25 Sep 2022 01:38:16 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 25 Sep 2023 01:38:16 GMT

GET
H3 200 f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js Show response
pagead2.googlesyndication.com/bg/ Frame 4EF1 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 10:10:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16009
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Sep 2023 10:10:31 GMT

GET
H3 200 commerzbank_affluent_perspektive_300x250_v2_js.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/ Frame 8A33 79 KB
79 KB 104ms
53ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9429483408133717842/commerzbank_affluent_perspektive_300x250_v2_js.png

Requested by

Host: 6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c70ef31c67e59460f3df328cd7905f46afdee9c80dd33d334047800474785c2b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 596157
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80725
x-xss-protection: 0
last-modified: Fri, 02 Sep 2022 13:29:11 GMT
server: sffe
date: Mon, 19 Sep 2022 14:35:48 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 19 Sep 2023 14:35:48 GMT

GET
H3 200 f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js Show response
pagead2.googlesyndication.com/bg/ Frame 8A33 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f36U5LLOSFCl_RQcRb4gz5dtt8ZR3FgOTI7LNXASQxk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 10:10:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16009
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Sep 2023 10:10:31 GMT

GET
DATA 200
OK truncated
/ Frame 4EF1 32 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 58c9d8efcaf464fd49c0c395751a3fe937a64406286d6d1b42921ac7d9ed371e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 4EF1 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e593ea87dbc90c347757acc830e4bba58af1644e92bdd643f857475db17bb73

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c93dc84049ced06257c79f0b114862380a1964936f843f7c962076b4e107d58c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a18fae90eccdd3ace533930548eea688eb824588b20226f5556fd87611a1a3d3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 992 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 650da9e6f05c29b40c5cf21e4ce0a863c81e6ea5234b23f4d9b93b51dc6cfc56

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 732 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f635c3186f74bb15bc499e6e9c7fcf97423f070dcf917dd7b4bb630000ac1f02

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44b34578989a08119535b5c54623cab8c70a3ed38106e766784108ea3bd06949

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77ca9114bd3b8411995690d04690ad7ada53f896ede3d1e9e39b49b7b2b5f157

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4af4fa37185c17b507f81b03a464cb8734cd08d7db74bf3bc2dadbe09769ecdb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c35829b27cab8baa43d3fcab2264640c80df89151eee9391708049c39ddd368c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93cb5925a330630f84012b5d56afe97a04dfed609ccf3c73203ef570624ce821

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83f6d496544d0615d7e7d56fec1bae13576257ed3843fa2d97b4596f395b304a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0a62dbb37e6249844c6a334f75f6a8a35557d12416968e9c79761b0ada46686

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87a26ed5fd2ef06513a60d162c6d4f0ddf062686222533f7321794343f0b5da0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4EF1 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91fa11d3bf3699b04f75a5001c5958778d41e818379299a507f927b078583669

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c93dc84049ced06257c79f0b114862380a1964936f843f7c962076b4e107d58c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 992 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 650da9e6f05c29b40c5cf21e4ce0a863c81e6ea5234b23f4d9b93b51dc6cfc56

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 732 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f635c3186f74bb15bc499e6e9c7fcf97423f070dcf917dd7b4bb630000ac1f02

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44b34578989a08119535b5c54623cab8c70a3ed38106e766784108ea3bd06949

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 56 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e32b7c077a545e3ea7f97d38d5246474178e97c2bf99919960c7a92609aa506e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 8A33 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb62c6d71dc6f167d5af0be1f0797652b5f318f0d2d15c7aa0291b6553e3a048

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dd050c99336bc560137e02ce87de80b8d105cc0ee0543f99272af36c30f27d5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c35829b27cab8baa43d3fcab2264640c80df89151eee9391708049c39ddd368c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93cb5925a330630f84012b5d56afe97a04dfed609ccf3c73203ef570624ce821

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87a26ed5fd2ef06513a60d162c6d4f0ddf062686222533f7321794343f0b5da0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91fa11d3bf3699b04f75a5001c5958778d41e818379299a507f927b078583669

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64717556df2e07ac4f05802eb53909e17db19b8e174dd6dce31347477e1ca854

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2efa73a622b8782e93c6c2d2e8104860cfa688382f2fb00520c0ad32794cc199

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed5b49fd22e45cda66721a93e279a4e5833c72f7097352a444a785d922f13190

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8A33 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16c9afb6ed90fb117a2f1f162e5d2db74efddb6e71d75bdf2009c176ead53cdd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E622 42 B
64 B 97ms
56ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstaQv4NbAIwhWeceomrqRBmR0JtSrZBxUFPq9i-VALo_LDtixH0bWMafLQITsE6Uk23_w55d2aK8KkbCaTxV8wVUkw&sig=Cg0ArKJSzD2Sx1ro64kHEAE&id=lidar2&mcvt=1065&p=384,315,474,1285&mtos=1065,1065,1065,1065,1065&tos=1065,0,0,0,0&v=20220921&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3286650984&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1664194304552&rpt=205&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 12:11:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 378A 0
127 B 28ms
28ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 26 Sep 2022 12:11:45 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BAD3 42 B
64 B 64ms
63ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstSD4GQqc5rekYeMhhqSjMka2OpG9X-COpz9JchTgXdyM-NDJQ07aOnAXKN5xd_dRljQ_7dZ8CIsl3YsmOhNHQnnIKHFHU0jrcTfHZBgXstnqCHf7R5qhQLJwXnJGTbuzHsEZFWLhNBnalQcSrWiwoCV_S92V-yDTQ1NvUMN2XOy_BN_okE7WFNGRKNn6t98kS0mEduRnKYL8FVhqzOwcG_ZQAgIcp34WJ089izBBNy5tLYDSctmpqfgoSr6n59dxAwmp0ao9g2dhPOpBPfFU0l2IFYmINrgeTLDamo8d2tnX5jHa0sVHxiC5TOUTt8d7mREzQm37gQrxsNl-nX2RjZzNq4IEeiUmPBYRNvR9OGrgSKv70_XvHvY6cIiVqmGbYpnEZk0UBkOon637X4xQfAGRtLoFY-phy1eLAXeKHoI-OgjJGd7AgMKV57xxglWhXc5FhtSFaHfdYEcsl7boTyMRCY_vsgADc1K3c84JUXrWHqJ2zxT8tP2TqfS-q3G20BDRQsrm2Klo5_FGxzVuNfEQSL-F4xYYhoZtGHhY8flvz44a-am9OEvxaTd8mpK4oVJDiU0kYO2dbCLe8I9XTKLpYj_tz6ECPp1SBGfWqparmV0TDPweBHZ9LHAbqWq7Z3rZIti_lEHsQuBQav0LXODJaAcAg5k6X6_G3XBXsN0FOzYsgtFTmW1eyZEYpoTovdYkNZn3kCS_jaJ4IUvKeBzCVwVj0kK00RpQmhwmKZCty6HfrCfxGrflS0tOICwh898VI_ZaeGDuLWh9yz4gFx8SVfj44-8nzyPPssmnYgRSFA8ki7npU7NZHwB5e0bk9lSqPWcq6dNPIwYZ9r436rQbECOxCZA6IuJs5q2pjGpKwWbqfXBQi9dEUm2eljSt8H1MnUf3hkL-UJO8nNymv1-iHSCXoioPKumLz-YwsXN7FdciuhbKHTOmBgBmhhdEj1WV4hpJtNgKXgqsUTfK-Fm_kpudc9z13ReuU8K4CYBylIzdGc_A5x1Z2qDwEXzU8G8qkMyXjwOUcpj7U7aznh-M7Q6FaelRmRunA&sai=AMfl-YRCMOnqHj5SzX5K69vbFF5vpdMXx9zUq892EX6MirKg4VX_lT4ZW9Y3Vt6yubVRq28Kb-O7-cWsODZMHNcB4bVd3F-HldvPo2j4i2S3RcCCq-bKWTcqx-HPzXVhYzj0mGD-qEIiFMMkgTwg&sig=Cg0ArKJSzGmAyWPpX6XVEAE&id=lidar2&mcvt=1000&p=488,990,738,1290&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220921&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=1276300409&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1664194305198&rpt=211&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 12:11:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

193 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
lookbook.nu/	1969-12-31 23:59:59	Name: bookmark Value: null
lookbook.nu/	1970-01-20 06:18:00	Name: 1-day Value: 1-1664280703590
lookbook.nu/	1970-01-20 06:26:39	Name: 7-day Value: 1-1664799103590
lookbook.nu/	1970-01-20 06:59:46	Name: 30-day Value: 1-1666786303590
lookbook.nu/	1969-12-31 23:59:59	Name: last_session_at Value: 1664194303590
.lookbook.nu/	1970-01-20 15:52:34	Name: _ga Value: GA1.2.769653455.1664194304
.lookbook.nu/	1970-01-20 06:18:00	Name: _gid Value: GA1.2.1466398807.1664194304
.lookbook.nu/	1970-01-20 06:16:34	Name: _gat Value: 1
lookbook.nu/	1970-01-20 15:41:03	Name: qcSxc Value: 1664194303659
.quantserve.com/	1970-01-20 15:46:48	Name: mc Value: 633196ff-a3e86-21dff-c021f
.lookbook.nu/	1970-01-20 15:41:03	Name: __qca Value: P0-769458854-1664194303657
.lookbook.nu/	1970-01-20 06:16:36	Name: __cf_bm Value: XMYL92WLgPe8SyCbj9iL4zFoJK15uX8G4K6d9ClBLEY-1664194304-0-AZVpV4mb5Wvx6A+po5LUIVO7Me4FPK8gPFVNMaECTgr8tuaNG4+F2i5RMTofhscgb6rZl1lLZ3aaKPRTtG9jVY2m7fu99v5Og08ewOywfnNilWAg8yFiKZCIvhFNGmybgw==
.doubleclick.net/	1970-01-20 15:38:10	Name: IDE Value: AHWqTUmS4cfT4SVhvXjxUAwFSRxcJ3m8F_cyhYqdSJJLNJDNE6ianBV6-1PrNp2TuuY
.lookbook.nu/	1970-01-20 15:38:10	Name: __gads Value: ID=203f02898b794167-22c3abda2fce006b:T=1664194304:S=ALNI_MZwCDZt0c696pS14Ki185B0KvcARw
.doubleclick.net/	1970-01-20 06:16:37	Name: DSID Value: NO_DATA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 11) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6d4ccee890b9ea86b2ad1342d790ae34.safeframe.googlesyndication.com
aax-dtb-cf.amazon-adsystem.com
ad.doubleclick.net
ads.eu.criteo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
app.lookbook.nu
c.amazon-adsystem.com
cat.nl.eu.criteo.com
connect.facebook.net
csm.eu.criteo.net
edge.quantserve.com
googleads.g.doubleclick.net
lbstatic.nu
lookbook.nu
pagead2.googlesyndication.com
pix.eu.criteo.net
pixel.quantserve.com
pxl.qccerttest.com
rtb.nl.eu.criteo.com
rules.quantcount.com
s0.2mdn.net
sb.scorecardresearch.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
static.criteo.net
stats.g.doubleclick.net
tpc.googlesyndication.com
wasabi-files.lbstatic.nu
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
108.138.4.10
108.138.4.150
13.32.121.17
142.250.185.134
178.250.2.135
178.250.2.148
178.250.2.150
2600:9000:223c:3800:6:44e3:f8c0:93a1
2600:9000:223c:da00:1e:a43d:b640:93a1
2600:9000:223d:2000:11:615:7240:93a1
2606:4700:20::681a:112
2606:4700:3031::ac43:9926
2606:4700:3034::6815:48a4
2620:116:800d:21:b314:a0ef:ab7c:d546
2a00:1450:4001:80e::200a
2a00:1450:4001:811::2002
2a00:1450:4001:813::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2001
2a00:1450:4001:831::2004
2a00:1450:400c:c0d::9d
2a00:1450:400d:807::2002
2a00:1450:400d:80a::2001
2a00:1450:400d:80c::2002
2a00:1450:400d:80c::2006
2a02:2638:1::2
2a02:2638:1::4
2a02:2638::3
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
049197d27fc218a1fc7185322d281d1f12d8cb637cce49e815600869e12e463a
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
09af6caefeb671f4527e8bf54659bb482eea031fe6899bafc12f149bb14155d0
0a270b2e4815fced8bc86ebbe91247585be8af28c6c4220b1d52ffb8239da878
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0e6d52cda07540ae13ea2ba6fdf52ab1bd57530880afd1815e8845f041966067
0fec775e0d2f31c6bea40fbfb57583f6c9b753757aaca891717fdc89ce0dcaf8
16c9afb6ed90fb117a2f1f162e5d2db74efddb6e71d75bdf2009c176ead53cdd
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1852ec5957212ab1ddc679453216178799dd25a2c75985a885e7d467328795e1
1b0df5acd41c11fc146d64795aa729d99370a98109ce1e441db4ac0b7f69d025
202f5a44ef1b1fac13c36c93eee29c52cd61f6e4f3f3ccbc35ce23683cc605bd
2459f238ea4c5733e264b4957e82a5f816503c6d82c3bcfde902caf45e39e4e1
2579fb4bf15b68eba12f5bfc6cb49425a7a4d1c4995bebe6530b75d4d0924483
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
299920669c7ec8c0add3c58f21eea89871a531545df0b8d70c46db2f44ff4cc4
2be1d59a0d2fabd3aeeb1243d4c7c824824aabffbfdadb2ff6073cda17d2a424
2dd050c99336bc560137e02ce87de80b8d105cc0ee0543f99272af36c30f27d5
2efa73a622b8782e93c6c2d2e8104860cfa688382f2fb00520c0ad32794cc199
34686cba28b7d374710a0b8204ae2cbce77ced594bcac71bef4f5260a8d99745
3a1b9dfeeb6169b3a7eacecccadb4d8d9a832823b6cfa6336995dad2c15a69e7
3ecd897fcbf30e018adca739ce3029844651a6e80b4a62e4d63098ad2f571159
44b34578989a08119535b5c54623cab8c70a3ed38106e766784108ea3bd06949
4af4fa37185c17b507f81b03a464cb8734cd08d7db74bf3bc2dadbe09769ecdb
4d5d7b7c7c5fd27725afd25ee05c30c89b309b993d178f1b3bf268bd2cdfc007
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
553678e59fceeacafd5154462c78076454ba407aa61ad43bb7d3537f7145998a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58c9d8efcaf464fd49c0c395751a3fe937a64406286d6d1b42921ac7d9ed371e
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64717556df2e07ac4f05802eb53909e17db19b8e174dd6dce31347477e1ca854
650da9e6f05c29b40c5cf21e4ce0a863c81e6ea5234b23f4d9b93b51dc6cfc56
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b8fddb840a11acd7d184ef5612e0c13eedfcd5895a6fd772cef42806676bd88
6bf42366f17e06a53eaa138473ce50047117fb01e4f5fcd3b7d2c736164c91a3
6c5d18d8779f46855f68988de4e2b10846cac19228c4a28e500a942ede974fdf
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7489af9ca18d36a15c90d20b0712d0dec91bdf36e000a605f9f7b1683c0b0ae3
76efb56456bb595d0abab8bc26a37a1407ade5e16ab522ba07c569f9a6d344cc
77ca9114bd3b8411995690d04690ad7ada53f896ede3d1e9e39b49b7b2b5f157
7ad7d958ff2ac0e4737bb78ad21be82e991a2860fbb06dab0030a99582e91de9
7cfab6a75576c6827a6d5dd7f823e993678ee3161fed858ca4bb51ae8ce96677
7e593ea87dbc90c347757acc830e4bba58af1644e92bdd643f857475db17bb73
7f7e94e4b2ce4850a5fd141c45be20cf976db7c651dc580e4c8ecb3570124319
817f5439055724b35b0ee4698a979d7d4a164ed3086d73d4742e7ab2645e1da7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f6d496544d0615d7e7d56fec1bae13576257ed3843fa2d97b4596f395b304a
87a26ed5fd2ef06513a60d162c6d4f0ddf062686222533f7321794343f0b5da0
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d7600604cb30e42b1511c91d29c886de204d3f46d8c265b9c35b0960ccf8195
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
91fa11d3bf3699b04f75a5001c5958778d41e818379299a507f927b078583669
93cb5925a330630f84012b5d56afe97a04dfed609ccf3c73203ef570624ce821
99f73ec26d9716363ea8ea73560d10f91d63cf18e32103bcead35559ba1ac361
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a18fae90eccdd3ace533930548eea688eb824588b20226f5556fd87611a1a3d3
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a80f386aeb3138240bd19205d68b6f0fd02e2bdfac78e96acaad5a8200fa233b
a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4
a9aab9a81ed9cdb217eefe585e153cc2f64ea8792d5adf9060538a9b0b44ce4f
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
aafb3ee79dc18d6ddc6b5c5503dc051c6e89d25a801b243cd4310ce7e0eac5ba
b0a62dbb37e6249844c6a334f75f6a8a35557d12416968e9c79761b0ada46686
becca89a4a3acdd091038603f9c9f921183b0cf6e7a8952c4ddbf80b4df31b79
c1cf81bef2ea82eaa43265a5ff786b7cd74e7d5f4f2de104b586f092ca0fb886
c35829b27cab8baa43d3fcab2264640c80df89151eee9391708049c39ddd368c
c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b
c53cb61e2947d208c306c8680d407115d7663d1920ef125ecdb1ffa417f22fcc
c57420d89de92fca086ef932b37c93b7d88fa19ec2a56870baa6e0e4336a58e3
c70ef31c67e59460f3df328cd7905f46afdee9c80dd33d334047800474785c2b
c93dc84049ced06257c79f0b114862380a1964936f843f7c962076b4e107d58c
cdf6cd3f1258b9e04e1353ff72ec4d9a4a868f1ab445b655288e3632137b4e0d
cee46b0f853573ec4e0c99be2a57b7d99398d81f79d00f304ddd5280d9851e60
cfb9ad09c8dde182bb6b32cc1ae1aaad4af7a8c5eecefa69009d507a5fa8503c
d2b43d4f8ab58be75175a420482d47ca3089fa7acda4494490eb395e3c758d75
d420ee64cb607d68e208a3105b39934807ed2e4d43ced2542f7b6b0cd153ca43
d485f54c3ae5920cd21c8d180458c50f092554777b97f9c52ac6f76359838a05
d862ec0d2b72e9f1575615db28f4196cbf0f586adb2208c605c691d6e06ee6ed
dd4bc601b2d6cdd261ca5f70037aaefd1766fee638771a12fb8aeb1854e3d76b
e32b7c077a545e3ea7f97d38d5246474178e97c2bf99919960c7a92609aa506e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb62c6d71dc6f167d5af0be1f0797652b5f318f0d2d15c7aa0291b6553e3a048
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
ed5b49fd22e45cda66721a93e279a4e5833c72f7097352a444a785d922f13190
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f18603569ccd052775409baed22faf7d0577c3577e812822e1d31f580545fefa
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f635c3186f74bb15bc499e6e9c7fcf97423f070dcf917dd7b4bb630000ac1f02
f9fe387c0add86d0dbbc32cd4f158af07c45147eca6a237d69d7dd6ae5cdf1a5
fa154aae30700d792a088ec67e9e94878f0947772590d3dd49bb69dcdb1fc3d3
fca1fb4990a3abf9e6bba05433ed88ac85bfc8471a273c9c306a7685ace89d26
fd66670e33f248ddc8f8accfb0173af1e10af2389bd59f04ff148ed3e7ff3025
fd95fe975ff03ab36c38eb2898e30e722c15b9a0244dce7990e154a8f691fad1

lookbook.nu Open in urlscan Pro 2606:4700:3034::6815:48a4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

117 Requests

98 %HTTPS

78 %IPv6

20 Domains

34 Subdomains

33 IPs

5 Countries

2079 kBTransfer

4985 kBSize

15 Cookies

1 Outgoing links

Page URL History

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 33 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

lookbook.nu Open in urlscan Pro
2606:4700:3034::6815:48a4 Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

98 %
HTTPS

78 %
IPv6

20
Domains

34
Subdomains

33
IPs

5
Countries

2079 kB
Transfer

4985 kB
Size

15
Cookies

117 HTTP transactions
33 data transactions