www.hawtcelebs.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.hawtcelebs.com/
Effective URL:
https://www.hawtcelebs.com/
Submission: On March 14 via manual (March 14th 2022, 5:17:02 pm UTC) from US — Scanned from DE

Summary HTTP 407 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 67 IPs in 13 countries across 53 domains to perform 407 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.hawtcelebs.com. The Cisco Umbrella rank of the primary domain is 141778.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 4th 2021. Valid for: a year.

This is the only time www.hawtcelebs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
30	2606:4700::68... 2606:4700::6810:8616	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	68.71.249.118 68.71.249.118	20093 (ZEROLAG) (ZEROLAG)
5	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:407	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	72.247.225.215 72.247.225.215	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2600:9000:225... 2600:9000:2251:ce00:5:c4ab:c3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700:10:... 2606:4700:10::ac43:15e3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
39	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
16	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
7	2606:4700::68... 2606:4700::6810:8516	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
5	2620:116:800d... 2620:116:800d:21:ee05:6a01:4b41:8c89	16509 (AMAZON-02) (AMAZON-02)
3 3	37.252.172.249 37.252.172.249	29990 (ASN-APPNEX) (ASN-APPNEX)
5 5	198.47.127.18 198.47.127.18	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
14 42	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2 2	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	198.47.127.20 198.47.127.20	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	132.226.41.106 132.226.41.106	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
3	2600:9000:249... 2600:9000:2490:fc00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:224... 2600:9000:2240:dc00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
21	104.107.161.205 104.107.161.205	16625 (AKAMAI-AS) (AKAMAI-AS)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	158.69.139.238 158.69.139.238	16276 (OVH) (OVH)
1	67.202.114.214 67.202.114.214	32748 (STEADFAST) (STEADFAST)
26	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	52.222.236.42 52.222.236.42	16509 (AMAZON-02) (AMAZON-02)
30	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	198.27.80.143 198.27.80.143	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::11 2a02:2638:1::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2600:1f18:e8a... 2600:1f18:e8a:cd04:9b88:a313:d24d:af44	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
3 5	72.247.225.98 72.247.225.98	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	37.252.172.38 37.252.172.38	29990 (ASN-APPNEX) (ASN-APPNEX)
5 6	169.50.137.184 169.50.137.184	36351 (SOFTLAYER) (SOFTLAYER)
8	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
4	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
4	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:225... 2600:9000:225e:3000:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:10:... 2606:4700:10::6816:3bc7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	85.14.248.72 85.14.248.72	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	52.54.192.111 52.54.192.111	14618 (AMAZON-AES) (AMAZON-AES)
3 3	3.124.66.16 3.124.66.16	16509 (AMAZON-02) (AMAZON-02)
2 2	34.243.37.252 34.243.37.252	16509 (AMAZON-02) (AMAZON-02)
1 1	81.222.128.215 81.222.128.215	20597 (ELTEL-AS) (ELTEL-AS)
4 4	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	2600:9000:223... 2600:9000:223f:5600:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
4	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
11	64.202.112.127 64.202.112.127	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	104.18.29.199 104.18.29.199	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
4 4	178.62.202.251 178.62.202.251	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4 4	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
3	54.150.24.141 54.150.24.141	16509 (AMAZON-02) (AMAZON-02)
4 8	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
2 2	37.157.4.29 37.157.4.29	198622 (ADFORM) (ADFORM)
13	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	67.202.105.33 67.202.105.33	32748 (STEADFAST) (STEADFAST)
1	3.69.18.111 3.69.18.111	16509 (AMAZON-02) (AMAZON-02)
4	151.101.114.132 151.101.114.132	54113 (FASTLY) (FASTLY)
2	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
1	67.202.105.32 67.202.105.32	32748 (STEADFAST) (STEADFAST)
407	67

17 2a06:98c1:3121::7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.hawtcelebs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2606:4700::6810:8616 (United States)

ASN13335 (CLOUDFLARENET, US)

live.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 68.71.249.118 (Canada)

ASN20093 (ZEROLAG, US)

udmserve.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:407 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 72.247.225.215 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-215.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-pixels.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2251:ce00:5:c4ab:c3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

bid.underdog.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::ac43:15e3 (United States)

ASN13335 (CLOUDFLARENET, US)

services.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tag.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:8516 (United States)

ASN13335 (CLOUDFLARENET, US)

api.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:116:800d:21:ee05:6a01:4b41:8c89 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.249 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 198.47.127.18 (United States) 5 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 142.250.181.226 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.80 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.20 (United States) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 132.226.41.106 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2490:fc00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2240:dc00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 104.107.161.205 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-107-161-205.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.69.139.238 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ip238.ip-158-69-139.net

t.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.114.214 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-42.fra56.r.cloudfront.net

ob.cheqzone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.27.80.143 (Canada)

ASN16276 (OVH, FR)
PTR: ns558056.ip-198-27-80.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.cheqzone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 72.247.225.98 (Berlin, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-98.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.38 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 169.50.137.184 (United States) 5 redirects

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.94.180.126 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:3000:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:10::6816:3bc7 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.72 (Meerbusch, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.54.192.111 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-192-111.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.124.66.16 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-66-16.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.243.37.252 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-37-252.eu-west-1.compute.amazonaws.com

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.222.128.215 (Russian Federation) 1 redirects

ASN20597 (ELTEL-AS, RU)
PTR: ad15.adriver.ru

ssp.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.165 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:5600:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 64.202.112.127 (Leesburg, United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mcdp-nydc1.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.29.199 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.62.202.251 (Amsterdam, Netherlands) 4 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.251.249.14 (Amsterdam, Netherlands) 4 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.150.24.141 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-150-24-141.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 51.75.86.98 (France) 4 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.29 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 67.202.105.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.69.18.111 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-18-111.eu-central-1.compute.amazonaws.com

audit-tcfv2.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.114.132 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mv.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 82.113.101.132 (Heusenstamm, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
74	doubleclick.net 14 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 stats.g.doubleclick.net — Cisco Umbrella Rank: 68 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	356 KB
72	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 122	1 MB
37	demand.supply live.demand.supply — Cisco Umbrella Rank: 27971 api.demand.supply — Cisco Umbrella Rank: 52735	41 KB
30	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	1 MB
26	outbrainimg.com tcheck.outbrainimg.com — Cisco Umbrella Rank: 3759 log.outbrainimg.com — Cisco Umbrella Rank: 1961 images.outbrainimg.com — Cisco Umbrella Rank: 1845	666 KB
21	criteo.net static.criteo.net — Cisco Umbrella Rank: 600 pix.eu.criteo.net — Cisco Umbrella Rank: 7328 csm.eu.criteo.net — Cisco Umbrella Rank: 7422	246 KB
19	outbrain.com widgets.outbrain.com — Cisco Umbrella Rank: 1147 widget-pixels.outbrain.com — Cisco Umbrella Rank: 1428 odb.outbrain.com — Cisco Umbrella Rank: 1329 mcdp-nydc1.outbrain.com — Cisco Umbrella Rank: 4647 mv.outbrain.com — Cisco Umbrella Rank: 3061	229 KB
17	hawtcelebs.com 1 redirects www.hawtcelebs.com — Cisco Umbrella Rank: 141778	632 KB
11	vlitag.com services.vlitag.com — Cisco Umbrella Rank: 17444 tag.vlitag.com — Cisco Umbrella Rank: 21150 assets.vlitag.com — Cisco Umbrella Rank: 19807	1011 KB
10	google.com adservice.google.com — Cisco Umbrella Rank: 57 www.google.com — Cisco Umbrella Rank: 2	1 KB
9	tynt.com cdn.tynt.com — Cisco Umbrella Rank: 6623 ic.tynt.com — Cisco Umbrella Rank: 3789 de.tynt.com — Cisco Umbrella Rank: 1136	8 KB
8	onetag-sys.com 4 redirects onetag-sys.com — Cisco Umbrella Rank: 797	2 KB
8	pubmatic.com 8 redirects image8.pubmatic.com — Cisco Umbrella Rank: 570 image2.pubmatic.com — Cisco Umbrella Rank: 774 image4.pubmatic.com — Cisco Umbrella Rank: 765	3 KB
8	udmserve.net udmserve.net — Cisco Umbrella Rank: 3161	12 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	241 KB
7	consensu.org quantcast.mgr.consensu.org — Cisco Umbrella Rank: 2005 test.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 5719 audit-tcfv2.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 9692	179 KB
6	simpli.fi 5 redirects um.simpli.fi — Cisco Umbrella Rank: 707	3 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	4 KB
5	adnxs.com 4 redirects secure.adnxs.com — Cisco Umbrella Rank: 359 ib.adnxs.com — Cisco Umbrella Rank: 205	5 KB
5	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 839 pixel.quantserve.com — Cisco Umbrella Rank: 381	21 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 8832 www.google.de — Cisco Umbrella Rank: 6433	2 KB
5	gstatic.com fonts.gstatic.com	95 KB
4	lijit.com 4 redirects ap.lijit.com — Cisco Umbrella Rank: 594	3 KB
4	bidtheatre.com 4 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2130	2 KB
4	e-volution.ai rtb2-useast.e-volution.ai — Cisco Umbrella Rank: 5026	932 B
4	rubiconproject.com 4 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 289	2 KB
4	teads.tv sync.teads.tv — Cisco Umbrella Rank: 870	688 B
4	openx.net us-u.openx.net — Cisco Umbrella Rank: 323	547 B
4	underdog.media bid.underdog.media — Cisco Umbrella Rank: 13943	182 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 imasdk.googleapis.com — Cisco Umbrella Rank: 399	124 KB
3	adingo.jp cc.adingo.jp — Cisco Umbrella Rank: 2887	130 B
3	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2666	310 B
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 257	2 KB
3	spotxchange.com 2 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 480	2 KB
3	criteo.com rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11348 ads.eu.criteo.com — Cisco Umbrella Rank: 7435 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9430	50 KB
3	cheqzone.com ob.cheqzone.com — Cisco Umbrella Rank: 7646 obs.cheqzone.com — Cisco Umbrella Rank: 4536	20 KB
3	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 792	1 KB
2	o2online.de portal.o2online.de — Cisco Umbrella Rank: 48066	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 524	1 KB
2	avct.cloud 2 redirects ads.avct.cloud — Cisco Umbrella Rank: 2494	890 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
2	histats.com s10.histats.com — Cisco Umbrella Rank: 17418 s4.histats.com — Cisco Umbrella Rank: 14980	5 KB
2	technoratimedia.com sync.technoratimedia.com — Cisco Umbrella Rank: 1024	593 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 698	441 B
1	adriver.ru 1 redirects ssp.adriver.ru — Cisco Umbrella Rank: 12564	340 B
1	fksnk.com 1 redirects fksnk.com — Cisco Umbrella Rank: 4094	612 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 12956	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 403	1 KB
1	yahoo.com ads.yahoo.com — Cisco Umbrella Rank: 816	194 B
1	amung.us whos.amung.us — Cisco Umbrella Rank: 14954	146 B
1	dtscout.com t.dtscout.com — Cisco Umbrella Rank: 13991	303 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	37 KB
1	waust.at waust.at — Cisco Umbrella Rank: 46835	6 KB
407	53

	Domain	Requested by
42	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
39	pagead2.googlesyndication.com	live.demand.supply securepubads.g.doubleclick.net www.hawtcelebs.com 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com tag.vlitag.com googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com s0.2mdn.net
30	s0.2mdn.net	www.hawtcelebs.com s0.2mdn.net 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
30	live.demand.supply	www.hawtcelebs.com live.demand.supply
26	tpc.googlesyndication.com	securepubads.g.doubleclick.net 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com www.hawtcelebs.com tpc.googlesyndication.com s0.2mdn.net
20	images.outbrainimg.com
17	www.hawtcelebs.com	1 redirects www.hawtcelebs.com
16	securepubads.g.doubleclick.net	live.demand.supply securepubads.g.doubleclick.net www.hawtcelebs.com 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com www.googletagservices.com
13	pix.eu.criteo.net	ads.eu.criteo.com
8	onetag-sys.com	4 redirects 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
8	googleads4.g.doubleclick.net	www.hawtcelebs.com
8	assets.vlitag.com	tag.vlitag.com
8	widgets.outbrain.com	www.hawtcelebs.com widgets.outbrain.com
8	udmserve.net	www.hawtcelebs.com bid.underdog.media
7	ic.tynt.com
7	static.criteo.net	ads.eu.criteo.com
7	www.googletagservices.com	12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com tag.vlitag.com www.hawtcelebs.com
7	12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	api.demand.supply	live.demand.supply
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com www.hawtcelebs.com
6	mcdp-nydc1.outbrain.com	widgets.outbrain.com
6	um.simpli.fi	5 redirects
6	www.google.com	www.hawtcelebs.com 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com tpc.googlesyndication.com
5	log.outbrainimg.com	widgets.outbrain.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	quantcast.mgr.consensu.org	www.hawtcelebs.com quantcast.mgr.consensu.org
5	image8.pubmatic.com	5 redirects
5	fonts.gstatic.com	fonts.googleapis.com
4	ap.lijit.com	4 redirects
4	match.adsby.bidtheatre.com	4 redirects
4	rtb2-useast.e-volution.ai	12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
4	pixel.rubiconproject.com	4 redirects
4	sync.teads.tv	googleads.g.doubleclick.net
4	us-u.openx.net	googleads.g.doubleclick.net
4	adservice.google.com	securepubads.g.doubleclick.net
4	adservice.google.de	securepubads.g.doubleclick.net
4	bid.underdog.media	www.hawtcelebs.com udmserve.net bid.underdog.media
3	cc.adingo.jp	12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
3	dclk-match.dotomi.com	12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
3	x.bidswitch.net	3 redirects
3	sync.search.spotxchange.com	2 redirects googleads.g.doubleclick.net
3	pixel.quantserve.com	www.hawtcelebs.com
3	rules.quantcount.com	secure.quantserve.com
3	secure.adnxs.com	3 redirects
3	fonts.googleapis.com	www.hawtcelebs.com 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com s0.2mdn.net
2	mv.outbrain.com	widgets.outbrain.com
2	portal.o2online.de
2	odb.outbrain.com	widgets.outbrain.com
2	c1.adform.net	2 redirects
2	ads.avct.cloud	2 redirects
2	ib.adnxs.com	1 redirects googleads.g.doubleclick.net
2	obs.cheqzone.com	ob.cheqzone.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	sync.technoratimedia.com	www.hawtcelebs.com
2	image2.pubmatic.com	2 redirects
2	secure.quantserve.com	udmserve.net quantcast.mgr.consensu.org
2	services.vlitag.com	www.hawtcelebs.com services.vlitag.com
1	de.tynt.com	cdn.tynt.com
1	audit-tcfv2.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	csm.eu.criteo.net	ads.eu.criteo.com
1	cdn.tynt.com	waust.at
1	s.ad.smaato.net	1 redirects
1	ssp.adriver.ru	1 redirects
1	fksnk.com	1 redirects
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	m.exactag.com	ads.eu.criteo.com
1	cdn.jsdelivr.net	assets.vlitag.com
1	test.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	www.google.de
1	ads.yahoo.com	googleads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	ads.eu.criteo.com	12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
1	rtb.nl.eu.criteo.com	www.hawtcelebs.com
1	imasdk.googleapis.com	tag.vlitag.com
1	s4.histats.com	s10.histats.com
1	ob.cheqzone.com	widgets.outbrain.com
1	whos.amung.us	waust.at
1	t.dtscout.com	waust.at
1	s10.histats.com	www.hawtcelebs.com
1	widget-pixels.outbrain.com
1	tcheck.outbrainimg.com	widgets.outbrain.com
1	tag.vlitag.com	services.vlitag.com
1	image4.pubmatic.com	1 redirects
1	www.googletagmanager.com	www.hawtcelebs.com
1	waust.at	www.hawtcelebs.com
407	85

This site contains links to these domains. Also see Links.

Domain
undefined
www.outbrain.com
travelcatchers.de
rfvtgb.housinglover.com
www.gamezop.com
www.npr.org
www.gentside.de
www.ohmymag.de
rfvtgb.housecoast.com
www.freenet.de
rfvtgb.crowdyfan.com
rfvtgb.learnitwise.com
dyingforbeginners.com
bestpricepharmacyfinder.com
www.uptown-aces-casino.com
theversusmarket.com
slottica-casino.com
bestnyescorts.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
demand.supply Cloudflare Inc ECC CA-3	`2021-04-21` - `2022-04-20`	a year	crt.sh
udmserve.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-08-21`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-01`	a year	crt.sh
underdog.media DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-08-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
quantcast.mgr.consensu.org Amazon	`2021-04-24` - `2022-05-23`	a year	crt.sh
*.outbrainimg.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
histats.com R3	`2022-01-21` - `2022-04-21`	3 months	crt.sh
*.dtscout.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-28` - `2022-11-27`	a year	crt.sh
whos.amung.us Sectigo RSA Domain Validation Secure Server CA	`2020-05-21` - `2022-05-21`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.cheqzone.com Amazon	`2022-01-22` - `2023-02-20`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-06`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-10`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-02-07` - `2022-03-30`	2 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2021-08-16` - `2022-09-14`	a year	crt.sh
*.e-volution.ai Sectigo RSA Domain Validation Secure Server CA	`2021-09-13` - `2022-10-14`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-03` - `2022-05-02`	3 months	crt.sh
*.o2online.de DigiCert TLS RSA SHA256 2020 CA1	`2022-02-11` - `2023-03-08`	a year	crt.sh

This page contains 32 frames:

Primary Page: https://www.hawtcelebs.com/
Frame ID: 914D25EBA82704A9634B326BECD6AB1F
Requests: 195 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20190131/zrt_lookup.html
Frame ID: 5B32B4DB9116C93858770BE4B21F2D45
Requests: 1 HTTP requests in this frame

Frame: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D4FB280952D617ABCF058AEA74AB6EC8
Requests: 1 HTTP requests in this frame

Frame: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 28A6CB90A72E6657FF755E67C6A15DDC
Requests: 10 HTTP requests in this frame

Frame: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FDED27196679D30F860CDF06926601B6
Requests: 15 HTTP requests in this frame

Frame: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5370564FDDC66698EE39802AC36DABCB
Requests: 1 HTTP requests in this frame

Frame: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9F5C555F7D4A6D58FBA8FD3DE17392B7
Requests: 9 HTTP requests in this frame

Frame: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9D07DE45DDA565D3167B16AD74C6A4BD
Requests: 13 HTTP requests in this frame

Frame: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 980A44C25749F9AC880BB3E5BE0094A3
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGIbDncEBMAE&v=APEucNUSmTvxPKF1atckIvRgwpPT4YU9rN7ibTHWTGWpEZlYVp_v6wI3cl80ARYxulZGZ9dXN52jseOQBHq7KuuDQIQgDMsXsnhEyWXfTPnHavYKNWxrNFdI6GrL-ZznrwO5dnNK43trlPW-YelCIiKPA6QdiA-hP_9nv3_9QT8Hc4wulzeprDNFKAsf5pxKLoHZXKQuShhr-uK0PMBub1qR54QGS0Jatw
Frame ID: 0D4B2D7D1BEBDAC5CC84468EB6E791C6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARigvNe9ATAB&v=APEucNV0UtgQiwW8V3VRRuJJkgaQLnHvHVmVQKCRSy3pmuVp0WkySkk6bHOhlbroxdQV_DqqEr2zz4BtCdPs2WW5H2NGYPVTrQGJEt_7docQ6zV3P6B0VTf9seoiw8IEXSUledlRNzjFFOIrFVBLshhYZJxPRMDw0fcKbsPcjIKnv1CEEpLsk8xb58OLnRioK4iPU_Ht-P8DlJ3Fg6uU8mYSvmz87ULCXQ
Frame ID: 8D11E8F953A030C84F95B78BCA489E0B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BThWmXNzVOFG79BU7MUk7OKs9tPTwq8OrNLlRIemKLb_2jOfP5Atg1Hg6KeZBv_zrk_-XWTTYofCZl_C9n0C8D1isA7yQ62EETUqp14W5oyCNrG4EXaA3dy8vJ-g5emvSAVs1jh7INEIybyxQ2RvCgnf3Qhg&dbm_d=AKAmf-CgUHb9B2lQiOnlj29kmwXhlNsrnjng68_6Mcl2QZPz2YZFHAJcC8e9nuXqnNaLI3sgQQHE8JJ4rBgAncCe_dn1_CsyEA_LuFIZREDhXnBq8izzzLX6jAuXtE295ZTJlR8v-t9dzeA-1yp3VqicZNFJDXRwe3kr7n3fPjrpU41jlrUU3sGnIl5X9X6_hUqo4DSKQ1jsoO1_68LEx56Vgz7NvrXsPKTqgWLpttJ-p_nwuz4jv2_cNx0sGP3-Cfeu-WNASTh9ZhwXbLhPSJ5VaSwuYXN2NfftGGVDmaHHfKxQzJ6Z6UAWvSSIDZqwq6WxDkSkgbUQpoCWEPwrfhdEsEa200aKOLPk4Ck8fIkBgwVjX4qnLnPDIonPGRl4pK7yYfrT4uEPRpY6ODEHSvlhqsn1-q3uEQOLc3pzvBSd9P9C7RhZjbCTr0Ur-upkCUhygB7zVvmXJK2Imq4t_RtJrYKHzJ7zH2jXvfHD62pkFNG23Im6bkaCM_exIAijv8S72oIEKrOfP7jBW3-QqbPT5B5Z_CZBM-nGn4EgfR6CXFqmiFygIa5LTxBW3IUeqYLGH62qNfjoJsQiXXzVzKPTuRPDfxUo8IjWiRxc3RusN7U6QreJyDelWCBAv6qODqvm-byz-ZYIvOfHSGF4QF4zC_IiDcOMGy-sCNB89KoCjf5uSxRwMNkV3l-tBLzlYi63c2Vs9wsU0G876LWAMxsh_q16iwGzbxWZ1xqiVWvuz15kbtrxp4Ju55o0vDmQNu0Lesy9sXFKgkCtoM04Xn59lAfoiOb9QL6HuMHB0MjbnHCzRrVppvBpJlf_xO25EF9XqlLY-At6RUFv6GVrFtLu-kTZ9LvZh0HBGj_dTNsbtfug8vQJbhX5SolDSSLHs4bMXfkWyLfOB0ympclpX1cyREPq51APJzvEa0TfY8NvFfY6roFaP2EdCcM_OaCnTBNZoDFNoycnkvEanKYEwumXoRush6NBqqWcP6yYLy5_vy47vCpk3k2XCziTa7YnE2hNRhxvu24AWCIYHwhQeTxvvRsyADdn274K5n5qGfDky7yjErQ_SBvx7wXzL0NXCP699xUwfUnTK1rAdSTd-ZYX46kQtjo3JnLUkWh19pHVMukKWn3lDLCOQugNEgojjBLgy9JBYLMiwr5KRS1ao8L2ffDGfF_Yx4_q6BHiCukgDFg8iOgCT1OFjdVKtU35N4B_YEV_u5Qi2IuPTUPPGzWMfRx1Emz9PP5CAQSHAOi9TbpvHPbFTUjUsIpnEmF2y3VCjiZnmrasIQmS4_0ZApqVIE4DPtearyBCQ2BZCMKw9uNp1uBaQhqH3VL8MmCpGqO6xQsbySAQs1G76H-DSv8IfHSc_Ij9hiWOBui6Xyt-0u_cLbvhnFbg5anj94r7dAHQj1EA5kMjA1dPDz4kPp01sosb1Va-ATNPAiOikHOCw4B0XsyHjjpKQhKUeSNqZfEHnXHhRqhSL6MYQ4jR8tBsSyCfw2qO9lMP_dkawbwXfCbcHCA6S3EaRLJuqj1h1XmqfJiSf8vtwIN_Nynzy_ZIyGiX7iAr3Zw3ImKrGvfG3v7uZhv-BWkyP0Lgqs-zc8OR3KHTmlLn65BWjzGO_16a5ycrVjLxEdGCxDQ2epUMg-taLRWPp-D2Ocd_YSCv2HnOU8wUHR8H2Exh5nJ4G4YHQ8IKdVxcuHBtm3iF2dJzCnuZCjaPsKuW2JbtI8gwTnqdX8GH6jqP6RLQGB9qi_CWorjgSAVedch2BUFO0NZOHGNrT8tLzD0_cc67MMlwR5tSapHc3XVvNhGlU9WKvJN8E4uNCvfqTkw3U_5o0n8Bn_mrTTCwHGKZ6zYpfDXXIijMrSkB-89PMN00mXYbEWQv9KPvFLtnttpg4MArg8WerZ1JAQS7MhdgXOPbw8NPwJcgwGh8QiGZbSgscdXyjLfPSJZJiToTtqKsVEUYlBnMf4Z54-Ddrx-6LMANK61KHeHdE3LvFk5-pHVnq_YYwpnFpzCrxZNAR-BeUcolkRR7uevKy_VKSaa6s7hQyEFh6XsQaC9jvqubf3c4fbGQa6oSLzOG5gQZ9vfPq-eYghz1aCBYeFGA3TAG-tdGMZ_a0LPkBp17G4ett4gFkB8fzgbUdLsNxi8sBaGF9CqBNV-v9daolChOc4VPO5up9Tn6QyzRG2nwlo-ahpZUmQWQ9TMsV1RKfEp9VzaVLLgV2gzomdcquJ_854osMi1VF65SxMn6W9UslwmQaAxiKyoq7Q1LQ-gUU3iRSM9AVYc9ZGfjjjYg-1nLkFpyDVjzlGSGM2IUjkd9s2VoxCKuwQ0N_HCNIQ-MN047bF5Boc_n6u5RHEeTSBFjidQDh9GnzqDHKoFmtgK554vzAMW-p57k327BPzO3Ny-ErcBT4zxPvXLnmwa0y-6MPllB6DYERgcqovi1l4-710XljZYldIWHZgtbeWHJdziGdzqNYfwClARvt198uEfbyyn9k_rpmVIBfziafm0EovFqjsQ7byoNMs8dm2ksImz9axfEHSJ8tfS__D_zkVpgl0RGKrYm3oVHRkTlPgoEK3J_FLX93DMXnlBIXesW1tpllTSqOMLXo3V2V7iUCyM1-1JxMJi56e4iXWbrn_HU4gE6y_AS9LcIaa6iMgLUF4Qc-mJJ2-N_1TPbzd6XFlQIaiWmbhMeUzc2JQKnCiT6BaW6rwcLVjzxU5KGNui9kC8Hsk8znuTHinthKyQy4IjXX09cZOfAUI9rkL0CYTEaPc0j7ElN5iqye2_w-IKfeRzTu1wdQujiij4CBRm4sTegztqB7T3URI8JWOJXpMizvXlZW_y0asnUN1AF0iSVLHBiUKIqpMCR875JBdtOyR4uzNpXk603xTJnC8yYIkfq3XUcd82jrBiOhLi8_bUv0eqiEM1VWVBL004birCoh240jppnNJ2aiHlBGvz4K8odg-sdFKqoEqOWe29stWo2FDkmjZUNWCrTQvscVkrRzSJwjpUfFVNXeHLIwSG_5WYL5D_HvBUdo8PE5MeztmmnvpMadHx9-_mXMsGIvyiodb8JyM2wSwgddrdENg-K1c1tTNDYUm-P3vohSRUCkMlcTU8YoF8QNeBivRsZywhPjZhIdxZ8013Jvm8nEE-QcShbqg9XY7vK6KgZiUlbGrea8Yo3sA&cid=CAASJeRoRuk8Tp7yqfkdtdDITLRmbUvjkkqh75GRfPMKsqfVjXQbyNc&rfl=2%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240
Frame ID: D8223601FB07BC76DBB40C812AFF7E32
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic5u7AATAB&v=APEucNXYzAyEf0JozL0t_usoOiv9DGQ6yIgOL6iLuhh7unMk5_MJrwt7PBQ9uUoYC0SsQxN8OqX7Svkm_2jXJ5imLqfjxaFl9QZhfEV0sK7hugKflgvU--jEq1DMs1HpsnrUm2IP83WAN64ci5T0UXFtejVzPwC_ZkaZ8DBrgQDCVYupcEftE3cSQUQfNflypBeekUPN8SL65BSI0BYG7lD_7N4uvB6rVg
Frame ID: 264F5EF6A046CFFA88C3530BA9F7E9A2
Requests: 5 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yi94hQAOwosIu8kSAAQ6bAKAlQ9uXFq-9yyB0g&u=%7C2x2cCGSh%2FEFkFtyRVB97s3T6haTWJUkFvXVydniMn%2Fg%3D%7C&c1=zhOks3zwNR2QJkrtGpxDD0z6RaFAlAQ6ciC3rnAoG72_3BFDfZ8qj0n6FwJ08CvvAGNOXbGt8dS1K7BAsQCJQ5J-Qmor5QE8TopbP1DQmyz4KLQo38C14ufimpftpKE7i0zxjQ5yhByd7Bq71d9id8DH2aSdEdrObxFrG98d2Lg4KlwHhOS3q8Dr5MW94cbNA3Md2oRDqhOfTzDtHTgglDHSXlkoiNyXj9Uw1SDuAcwJ7HTAwVvi9A40N1efphPky_oa2BGQakczV4-RmwN_iMoGRqhFw0Py9oTu-LR1M97xEMABQ3ocyiaJU-Bt3P4nN-0zJTxK6F0mGL7wejH5wacYkGGV2vFS4BvP4RUoO9bQna4UpovKkfeiNdJCWg5oKw0fooj3cKOy-0m5U8u8bW_LGR8lEor_Djm30DEdmGQ6Lwa5ajq0O1n2RNRgphefhuzGyeP0KrPE73jCXO0mOw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvcjkhXgvYouFO5KS7_UP7PSQ6AbJntKxXPXqoYaIAcCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0oAHVttLqA8gBCakCESfkN4Zhsj7gAgCoAwGqBKMCT9AQfxXb8nqC-tqR3TZ-vrDysC4qYx2yV2_n9tsVxDf3UeKQinWZGqxFVqN0qYeQrOFEgKhug72dn7A7LwiZcwjT9dCbtIJupELzpr5CmLRO1Z1ZjBOh5E7oelclo4Z6Rx2vKBxzuYxop930H0D_QomcGvrXc6gr3Ytt3E1aWmn4FEd21haIijojrASZc_ehPveoHomEeXkl3_A8mQ3DPSJQb22WGH5yntUwGk5X_a55UzkEXUg1kMBIqY42bFoi86KP7CprM9fCAXDIlg20grNdi_Q_hJb3ZVfLgB8N7FXno69-lWfAZpuvocxgBRQej9GGj3Xy0o5-utx09eoQ3bMog8e__8SY6_vaZ2DJe_nf7Exyxy8QyVtdci8lDDEI9Pzp4AQBgAai4MeB8uC3y5ABoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTk5Mzg1NjU4MjIwMzQ2ODD6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3KnDt9z-rlfnySyG1qSN3SkEEfig%26client%3Dca-pub-3831894559014614%26adurl%3D
Frame ID: BB6D051D27BDAF261F3F1EAE938AAE5C
Requests: 24 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 27E0B2CDCCCCDF87167A0CD87FFAE63E
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGPyJtMQBMAE&v=APEucNVA4onkFAx2C4Bygx52IteknlnQzGL9TNNHbBOrBRGXWtbi1EiJRta2V4ukr9FNhng3kSK2kZtKWiuX9OSj6kx0EFnlHoc5i8nZ4Ij4J7W_-zWRdxJJkRUs21yGb4U6ZOJG8mu0sIKJGlgNbHGT2XvzES65BtwwOAFGAczKKBBB1y_Wzr2WT6PXOFRLCQ-elYu8hqsALSrbmBcNEb4wZp0UKW-j_A
Frame ID: 8FEC1C4CF9D478BC30A8A7D4A53BC2A5
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 23B986C2A79D574B635D97211AF505B0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6013F6C173A3C8A8A1E5267CE80AC4CA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 434278EF8123FE30BD2F9A583926E3BF
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2908843633792309460/index.html
Frame ID: 427259E1F68DF85F1DF8B4DD30F135AA
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 38FDFE638A5D0BF9E19C99DE1B7D8B4C
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8472981474830724725/index.html
Frame ID: 05C9E0D1A4E1C8E0FB7A963280F78F6A
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 571D26E89CF4B164091A250DB8F5C805
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2
Frame ID: A15D4BC02D91DB468998B7EBCCF464CA
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9999815340063719424/160x600.html?e=69&leftOffset=0&topOffset=0&c=RJrxymZT8r&t=1&renderingType=2
Frame ID: 1D5C4F80AA65854ED6500DBFC0ECA9B4
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2393B878DDAE8BD151BF2760D87CE400
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8527B5EC2A363F0305B23431CA225ECE
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 74F985D46EB8B15D93AECF853B5E6832
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0115F7DF7454A2949A15CCAC2DB1FFB8
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2D77577FAC95CE4B858B59E19EE09821
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js
Frame ID: 7A673B31E0881442167331AA54183824
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js
Frame ID: 479CDB38CB148022B5D0B4D0D1D4CC3B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HawtCelebs – Latest Celebrities Pictures

Page URL History Show full URLs

http://www.hawtcelebs.com/ HTTP 301
https://www.hawtcelebs.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Outbrain (Widgets) Expand

Overall confidence: 100%
Detected patterns

widgets\.outbrain\.com/outbrain\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Choice (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

quantcast\.mgr\.consensu\.org

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

407
Requests

90 %
HTTPS

44 %
IPv6

53
Domains

85
Subdomains

67
IPs

13
Countries

6854 kB
Transfer

12945 kB
Size

53
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: https://undefined/?ref=www.hawtcelebs.com
Title: Valueimpression

Search URL Search Domain Scan URL

URL: https://www.outbrain.com/what-is/default/en

Search URL Search Domain Scan URL

URL: https://travelcatchers.de/index.php/2021/03/09/diese-fotos-machen-garantiert-noch-mehr-lust-auf-urlaub-2/?utm_source=ob-00d57d916de722cd9b16d1b0801f6499a0&utm_term=outbrain&obOrigUrl=true
Title: [Bilder] 40 am Strand aufgenommene Bilder, die zum Sterben schön sind Trendscatchers

Search URL Search Domain Scan URL

URL: https://rfvtgb.housinglover.com/worldwide/auto-hacks-kennen-ge?utm_source=outbrainjk&utm_campaign=hv-cartricks1-win-gr-yk-08032&utm_term=$section_name$&utm_medium=$section_id$&utm_bid=$cpc$&obOrigUrl=true
Title: [Bilder] Lege immer eine Plastiktüte über deinen Rückspiegel wenn du alleine unterwegs bist, hier ist warum https://housinglover.com/

Search URL Search Domain Scan URL

URL: https://www.gamezop.com/g/rkWfy2pXq0r?id=3025&obOrigUrl=true
Title: Fruit Ninja (2021) Gamezop

Search URL Search Domain Scan URL

URL: https://travelcatchers.de/index.php/2021/03/09/beim-graben-im-garten-findet-er-eine-luke-und-offnet-sie-um-das-hier-zu-finden/?utm_source=ob-00be99e0ab2210d73cbb0bc2a3f8f70b7f&utm_term=outbrain&obOrigUrl=true
Title: [Bilder] Beim Graben im Garten findet er eine Luke und öffnet sie, um das hier zu finden Trendscatchers

Search URL Search Domain Scan URL

URL: https://www.gamezop.com/g/SkQwnwnbK?id=3025&obOrigUrl=true
Title: Snake Game (2021) Gamezop

Search URL Search Domain Scan URL

URL: https://travelcatchers.de/index.php/2020/10/30/mutter-lasst-ihre-tochter-keinen-zucker-essen-so-sieht-sie-jahre-spater-aus/?utm_source=ob-0041d097c41a816daae1852948d36373e1&obOrigUrl=true
Title: [Bilder] Mutter weigert sich, Tochter Zucker essen zu lassen. Schauen Sie sich nun das Ergebnis 2 Jahre später an Trendscatchers

Search URL Search Domain Scan URL

URL: https://travelcatchers.de/index.php/2021/03/22/das-tiefste-loch-der-erde-wurde-versiegelt-nachdem-experten-geheimnisvolle-fossilien-entdeckt-hatten/?utm_source=ob-0023e689127b63ed10ab6d5418f1be3ef2&utm_term=outbrain&obOrigUrl=true
Title: [Bilder] Tiefstes Loch der Erde nach Fund eines 2 Milliarden Jahre alten Fossils dauerhaft verschlossen Trendscatchers

Search URL Search Domain Scan URL

URL: https://www.npr.org/2022/02/25/1082992947/ukraine-support-help?t=1645986103912&obOrigUrl=true
Title: Want to support the people in Ukraine? Here's how you can help NPR

Search URL Search Domain Scan URL

URL: https://www.gamezop.com/g/r1zG1h6m90H?id=3025&obOrigUrl=true
Title: Candy Crush (2021) Gamezop

Search URL Search Domain Scan URL

URL: https://www.gamezop.com/g/Bk9ynTQqCB?id=3025&obOrigUrl=true
Title: Shoot Arrows! Gamezop

Search URL Search Domain Scan URL

URL: https://www.gamezop.com/g/HJT46GkPcy7?id=3025&obOrigUrl=true
Title: Helix Tower (2021) Gamezop

Search URL Search Domain Scan URL

URL: https://www.gentside.de/stories/13-jaehriger-wird-mit-162kmh-auf-der-autobahn-geblitzt_art23313.html?utm_source=outbrain&utm_medium=cpc&utm_campaign=pmo_ged_article_desktop_desktop_13jahriger&obOrigUrl=true
Title: 13-Jähriger wird mit 162km/h auf der Autobahn geblitzt Gentside Mehr erfahren

Search URL Search Domain Scan URL

URL: https://www.ohmymag.de/unterhaltung/georgina-rodriguez-zeigt-ihren-riesigen-babybauch-foto_art18083.html?utm_source=outbrain&utm_medium=cpc&utm_campaign=pmo_omd_article_desktop_desktop_georgina&obOrigUrl=true
Title: Ronaldo: Georgina Rodriguez zeigt ihren riesigen Babybauch (Foto) Ohmymag! Mehr erfahren

Search URL Search Domain Scan URL

URL: https://travelcatchers.de/index.php/2021/03/09/mann-findet-einen-stein-und-am-ende-wird-sein-haus-von-arzten-unter-quarantane-gestellt-2/?utm_source=ob-004cc754992e3892b3c4b50b1739df9472&utm_term=outbrain&obOrigUrl=true
Title: [Bilder] Mann findet merkwürdigen Stein am Strand. Und plötzlich wird sein Haus von Ärzten unter Quarantäne gestellt Trendscatchers

Search URL Search Domain Scan URL

URL: https://rfvtgb.housecoast.com/worldwide/auto-hacks-autobesitzer-ob-ge?utm_source=outbrainjk&utm_campaign=hc-cartrx3-yk-des-gr-yy-25022&utm_term=$section_name$&utm_medium=$section_id$&utm_bid=$cpc$&obOrigUrl=true
Title: [Bilder] Warum Sie eine Plastikflasche an Ihren Reifen klemmen sollten, wenn Sie alleine unterwegs sind Housecoast

Search URL Search Domain Scan URL

URL: https://www.freenet.de/unterhaltung/promis/tennisstar-camila-giorgi-sorgt-mit-freizuegigen-bildern-fuer-wirbel-fntdt_8112736_4729180.html?utm_source=$publisher_name$&utm_medium=referral&utm_campaign=outbrain&utm_term=007e469a12d971ab8ca9dd6ccf75820996&utm_content=Tennis-Star+sorgt+mit+freiz%C3%BCgigen+Bildern+f%C3%BCr+Wirbel&obOrigUrl=true
Title: Tennis-Star sorgt mit freizügigen Bildern für Wirbel freenet.de

Search URL Search Domain Scan URL

URL: https://rfvtgb.crowdyfan.com/worldwide/tattoos-die-absurden-charlie-ta-ge?utm_source=outbrainjk&utm_campaign=cf-ink-win-gr-yy-24022d&utm_term=$section_name$&utm_medium=$section_id$&utm_bid=$cpc$&obOrigUrl=true
Title: [Bilder] Versuchen Sie, durch diese Tätowierungen zu kommen, ohne zu lachen Crowdyfan

Search URL Search Domain Scan URL

URL: https://rfvtgb.learnitwise.com/worldwide/amishf-ob-ge?utm_source=outbrainjk&utm_campaign=lw-amishf-nc3-win-1-gr-an-14032d&utm_term=$section_name$&utm_medium=$section_id$&utm_bid=$cpc$&obOrigUrl=true
Title: [Bilder] 20 Dinge, die Sie vielleicht nicht über die Amish wissen Learnitwise

Search URL Search Domain Scan URL

URL: http://dyingforbeginners.com/
Title: dyingforbeginners.com

Search URL Search Domain Scan URL

URL: https://bestpricepharmacyfinder.com/category/erectile-dysfunction/
Title: https://bestpricepharmacyfinder.com/category/erectile-dysfunction/

Search URL Search Domain Scan URL

URL: https://www.ohmymag.de/unterhaltung/diversity-bei-gntm-erstes-foto-mit-heidis-neuen-meeedchen_art18058.html?utm_source=outbrain&utm_medium=cpc&utm_campaign=pmo_omd_article_desktop_desktop_gntmdiversity&obOrigUrl=true
Title: Diversity bei GNTM: 1. Foto mit Heidis neuen "Meeedchen"! Ohmymag! Mehr erfahren

Search URL Search Domain Scan URL

URL: https://www.gentside.de/unterhaltung/donald-trump-das-sind-seine-ex-frauen_art21863.html?utm_source=outbrain&utm_medium=cpc&utm_campaign=pmo_ged_article_desktop_desktop_trumpfrauen&obOrigUrl=true
Title: Donald Trump: Wer sind seine Ex-Frauen? Gentside Mehr erfahren

Search URL Search Domain Scan URL

URL: https://www.uptown-aces-casino.com/
Title: www.uptown-aces-casino.com

Search URL Search Domain Scan URL

URL: http://theversusmarket.com/
Title: versus market url

Search URL Search Domain Scan URL

URL: https://slottica-casino.com/
Title: slottica-casino.com

Search URL Search Domain Scan URL

URL: https://bestnyescorts.com/
Title: NYC Escorts

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.hawtcelebs.com/ HTTP 301
https://www.hawtcelebs.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.17695121 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fdt%253D1%253Bapnid%253D%2524UID%253Bcb%253D0.17695121 HTTP 302
https://udmserve.net/udm/fetch.pix?dt=1;apnid=3472600796129444925;cb=0.17695121

Request Chain 55

https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fpmid%253D%2523PMUID%3Bcb%3D0.17695121 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fpmid%253D%2523PMUID%3Bcb%3D0.17695121&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REFBRTlENDQtQzExOS00MjlFLTlBNDYtMTZDMDQ1NzYxRkI3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=156505&pmc=1&pr=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fpmid%3DDAAE9D44-C119-429E-9A46-16C045761FB7;cb=0.17695121 HTTP 302
https://udmserve.net/udm/fetch.pix?pmid=DAAE9D44-C119-429E-9A46-16C045761FB7;cb=0.17695121

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1&C=1

Request Chain 172

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi94htiYWvIqpHdq4z.wIAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1&google_hm=2

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFSiZEOLmHUvGaef-RrhORc&google_cver=1

Request Chain 174

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MjYwMDc5NjEyOTQ0NDkyNQ%3D%3D

Request Chain 177

https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.069548115 HTTP 302
https://udmserve.net/udm/fetch.pix?dt=1;apnid=3472600796129444925;cb=0.069548115

Request Chain 178

https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fpmid%253D%2523PMUID%3Bcb%3D0.069548115 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEAsqrBJCAsYTMZZXoyWb6Ds&google_cver=1 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Request Chain 184

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI7XUrEue2igbrt_5VQ-8TM&google_cver=1

Request Chain 186

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEHNDtGOCTRtP1HZcmzWqDo4&google_cver=1

Request Chain 189

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI7XUrEue2igbrt_5VQ-8TM&google_cver=1

Request Chain 191

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEHNDtGOCTRtP1HZcmzWqDo4&google_cver=1

Request Chain 199

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESED4tgGRitHaUqvH-V_Tk_KI&google_cver=1

Request Chain 200

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=8be60818-a3ba-11ec-946d-1dbc55590206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=OGJlNjA3ZGUtYTNiYS0xMWVjLTk0NmQtMWRiYzU1NTkwMjA2

Request Chain 229

https://um.simpli.fi/gp_match?google_gid=CAESECkaNq0rlpcxrds93n7RGIM&google_cver=1&google_push=AYg5qPLb-uw2f6yAEjYt6vYrIw-ACW0E7YMFPEbwVYgK3-G6aq2sfeYlsfdkH3L5N-_8pIDAlmszc_UhGuGrHGWQdyOnLm7_L4Ha HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPLb-uw2f6yAEjYt6vYrIw-ACW0E7YMFPEbwVYgK3-G6aq2sfeYlsfdkH3L5N-_8pIDAlmszc_UhGuGrHGWQdyOnLm7_L4Ha

Request Chain 230

https://fksnk.com/cs/google?google_gid=CAESENb_jUt4y0gYa_C9jc0dq-w&google_cver=1&google_push=AYg5qPLE3_QWf6gUtUvlEdIwlwuzqg1aNEorks8jjSqS-nnNjgHaDAN2xWmXd8Xw6P870B8oFTQAFxuhenvryK3d0Kw4lm9vU2s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=OEM2QTM2N0FFQUJCOThCMg==

Request Chain 231

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIeN02TlTyemqBp3hzpy0X0&google_cver=1&google_push=AYg5qPJyKHfTZzJu8AUeFq4pEwXzclMp8kUQAUpRe_SOP2bO2WEb8Ry4uhuLFMoqr5iIrFXh3CnzTNewKocOp22C3IF-vDh2JP8L HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIeN02TlTyemqBp3hzpy0X0&google_cver=1&google_push=AYg5qPJyKHfTZzJu8AUeFq4pEwXzclMp8kUQAUpRe_SOP2bO2WEb8Ry4uhuLFMoqr5iIrFXh3CnzTNewKocOp22C3IF-vDh2JP8L HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle HTTP 307
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=48f563e6-53e8-4d25-b160-251ae0556a86&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJyKHfTZzJu8AUeFq4pEwXzclMp8kUQAUpRe_SOP2bO2WEb8Ry4uhuLFMoqr5iIrFXh3CnzTNewKocOp22C3IF-vDh2JP8L&google_hm=GACEq8lNT6iME0zJcSeLlA==

Request Chain 232

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEEFtITmD46tPf26UnV1_GgY&google_cver=1&google_push=AYg5qPI8lvsCTWfhVt5UBI8_m04M6toi9o9VOOtMSH1sv8vDq7jovnnH0SgXrOhOLwALQmmtWTaBC8VFDush40Zb0S3YWCJ3qiK- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPI8lvsCTWfhVt5UBI8_m04M6toi9o9VOOtMSH1sv8vDq7jovnnH0SgXrOhOLwALQmmtWTaBC8VFDush40Zb0S3YWCJ3qiK-&google_hm=QVhpLUp2Y0dxOFJiUkhGdVVVY3A0Nnc=

Request Chain 233

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAFP1ZfDMKrysXeF4LzlvnI&google_cver=1&google_push=AYg5qPK8j7b-86skjur0LK_GXfCdT-2Ae37ZCIqKl90vHvPXG54c4lMmNNTbr4JNZ7plqCNCw4-n64Dwsyd_aR_2NlxY4KFYp-m1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxSDUtMUMtTzc=&google_push=AYg5qPK8j7b-86skjur0LK_GXfCdT-2Ae37ZCIqKl90vHvPXG54c4lMmNNTbr4JNZ7plqCNCw4-n64Dwsyd_aR_2NlxY4KFYp-m1

Request Chain 234

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESECzpbLfJs9DOyO_lB0BZ98E&google_cver=1&google_push=AYg5qPJk_fUZ-5XxuswnBHGziNyle2i82rLpsTREET49OBpLp-o-1SA9BEP82zlXdeJ6U-y5DqUVqemnPJYf4huj15quLRlzpObM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJk_fUZ-5XxuswnBHGziNyle2i82rLpsTREET49OBpLp-o-1SA9BEP82zlXdeJ6U-y5DqUVqemnPJYf4huj15quLRlzpObM

Request Chain 255

https://um.simpli.fi/gp_match?google_gid=CAESECAoCg0dUyc36kY3NymxszI&google_cver=1&google_push=AYg5qPLEna30bzt0K6miKnuZiIaD88mMaDM_z5IWoNMMr746Sico-AJwjqzfQzBlI9SkcNVUh46RjEDU0AqBi_TiQHm-nygqMd3YUA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPLEna30bzt0K6miKnuZiIaD88mMaDM_z5IWoNMMr746Sico-AJwjqzfQzBlI9SkcNVUh46RjEDU0AqBi_TiQHm-nygqMd3YUA

Request Chain 256

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMmtA7LI9UOlY4isLX-s130&google_cver=1&google_push=AYg5qPKuzcTbAKUf-E75udxJMRLas9BBiuStJmREqsAnMkk8tMgVY7_cfJNRAdKyFg2aGivvNkgXQH5YSFjqOQj4IZPfTKCFNWVK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPKuzcTbAKUf-E75udxJMRLas9BBiuStJmREqsAnMkk8tMgVY7_cfJNRAdKyFg2aGivvNkgXQH5YSFjqOQj4IZPfTKCFNWVK

Request Chain 257

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHBp6hQQLCGfrg2eURC0FFQ&google_cver=1&google_push=AYg5qPL_oxbDUb3SLPjoGBpFfRk4Jikkr6osasifMTFXBqYhJk3W9PjM8TJOyR6kkHaJexh-4lv07L_yiZ8GjwvdvQZ4GoINpxBfUw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxSzctMjEtRjA2SA==&google_push=AYg5qPL_oxbDUb3SLPjoGBpFfRk4Jikkr6osasifMTFXBqYhJk3W9PjM8TJOyR6kkHaJexh-4lv07L_yiZ8GjwvdvQZ4GoINpxBfUw

Request Chain 258

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItJnDVFAj25zjyR6MXkesA&google_cver=1&google_push=AYg5qPIzwf5eDaWwHdqyAsWqt6Ld9gflfg3fVWhCgW4Um6oIWWOfuA56LKFAXNZXU8gp-K19Fykad836AkHICtuz-3gVPKP7XL8W HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItJnDVFAj25zjyR6MXkesA&google_cver=1&google_push=AYg5qPIzwf5eDaWwHdqyAsWqt6Ld9gflfg3fVWhCgW4Um6oIWWOfuA56LKFAXNZXU8gp-K19Fykad836AkHICtuz-3gVPKP7XL8W&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIzwf5eDaWwHdqyAsWqt6Ld9gflfg3fVWhCgW4Um6oIWWOfuA56LKFAXNZXU8gp-K19Fykad836AkHICtuz-3gVPKP7XL8W&google_hm=767f2a675cb08c014a686a9d

Request Chain 260

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEO7XXcNXnLiKy2e-v_g1YlE&google_cver=1&google_push=AYg5qPK-lFOeDa4-s9FCZ5aRnMsC_3UFmKNGA504vu48oeuTSd7z8aoBuJKRXoxH5uPLIzaRbDShTVRLDyoKk7p7ZRH8j38KeIZ3w6s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPK-lFOeDa4-s9FCZ5aRnMsC_3UFmKNGA504vu48oeuTSd7z8aoBuJKRXoxH5uPLIzaRbDShTVRLDyoKk7p7ZRH8j38KeIZ3w6s HTTP 302
https://onetag-sys.com/sync/i,19/?google_error=5

Request Chain 272

https://um.simpli.fi/gp_match?google_gid=CAESECAoCg0dUyc36kY3NymxszI&google_cver=1&google_push=AYg5qPIiJAupcGJIP9PaG6lX6YnkYWbRknFsU_IQgx-RTSKYnlfzmU6f1OG8ooaLOSAHY0FNYq8AksoA2-v0IGQrdC29a2SZihGf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPIiJAupcGJIP9PaG6lX6YnkYWbRknFsU_IQgx-RTSKYnlfzmU6f1OG8ooaLOSAHY0FNYq8AksoA2-v0IGQrdC29a2SZihGf

Request Chain 273

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMmtA7LI9UOlY4isLX-s130&google_cver=1&google_push=AYg5qPLdevwJIjVgCbIY9G64Avv1oJ_VUENfeMal2TqXvvqmsLSXfh8gEcWItZTmnxR8WuWEnhbegSd3IHyg8KdMJLCuUgybvDj6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPLdevwJIjVgCbIY9G64Avv1oJ_VUENfeMal2TqXvvqmsLSXfh8gEcWItZTmnxR8WuWEnhbegSd3IHyg8KdMJLCuUgybvDj6

Request Chain 274

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGVbYYGwu8XSJ4Kgfs6xpTo&google_cver=1&google_push=AYg5qPLzKlSlsXSG4S-HIn9SKAoEA29ukLwH2u_8yJMoa43FWKC7aG99G9GPcN1cfWiVdqB6zx6t1ZBWB-EP6MrJOVmXlKPOEOOd HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEGVbYYGwu8XSJ4Kgfs6xpTo&google_cver=1&google_push=AYg5qPLzKlSlsXSG4S-HIn9SKAoEA29ukLwH2u_8yJMoa43FWKC7aG99G9GPcN1cfWiVdqB6zx6t1ZBWB-EP6MrJOVmXlKPOEOOd HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTAwNzI0NTQyNzk0MTc2MTIxNQ&google_push=AYg5qPLzKlSlsXSG4S-HIn9SKAoEA29ukLwH2u_8yJMoa43FWKC7aG99G9GPcN1cfWiVdqB6zx6t1ZBWB-EP6MrJOVmXlKPOEOOd

Request Chain 277

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEO7XXcNXnLiKy2e-v_g1YlE&google_cver=1&google_push=AYg5qPK7e4y2kiYVwJOezFk1PXSW8RHTi-14WfzfRDBCLalizVkR6cz5-rpd0b039h_fIUJrYjksNnzsphD5KVtY6zWZz6sdYk_juA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPK7e4y2kiYVwJOezFk1PXSW8RHTi-14WfzfRDBCLalizVkR6cz5-rpd0b039h_fIUJrYjksNnzsphD5KVtY6zWZz6sdYk_juA HTTP 302
https://onetag-sys.com/sync/i,19/?google_error=5

Request Chain 311

https://um.simpli.fi/gp_match?google_gid=CAESECAoCg0dUyc36kY3NymxszI&google_cver=1&google_push=AYg5qPIFWQfXRNMTHDnjF6sNMEv8QcTUxTYfcSPLjCGwy7SPedE_Az2DsAdjNRAVNfd1YV_1rjRoF4OLAW8Xh7WUBdtVq1aKURp1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPIFWQfXRNMTHDnjF6sNMEv8QcTUxTYfcSPLjCGwy7SPedE_Az2DsAdjNRAVNfd1YV_1rjRoF4OLAW8Xh7WUBdtVq1aKURp1

Request Chain 312

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMmtA7LI9UOlY4isLX-s130&google_cver=1&google_push=AYg5qPL0kwqMVai2ihFttADnaSdFBRKqMTSnqU18s9j672dm-vgsYpvFxTxwGB02JFhYWjh2xOMo70amaVUnPyTD9qCrxf0F3UIM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPL0kwqMVai2ihFttADnaSdFBRKqMTSnqU18s9j672dm-vgsYpvFxTxwGB02JFhYWjh2xOMo70amaVUnPyTD9qCrxf0F3UIM

Request Chain 313

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHBp6hQQLCGfrg2eURC0FFQ&google_cver=1&google_push=AYg5qPLRKbGlP3vZsDHu7flEfcHVPXAHsLk9qrXyD5JuoWw_wYOaGQhlDnS0VEV9Ak0VdwqeXKw_h1hg6xm7caei-f9U74Ao3x4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxVlQtMTYtS0o1OQ==&google_push=AYg5qPLRKbGlP3vZsDHu7flEfcHVPXAHsLk9qrXyD5JuoWw_wYOaGQhlDnS0VEV9Ak0VdwqeXKw_h1hg6xm7caei-f9U74Ao3x4

Request Chain 314

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItJnDVFAj25zjyR6MXkesA&google_cver=1&google_push=AYg5qPL0lO_kNvSqNZoQ2Q1LN_4eFJeZTQGndGkNqrgBQv_3W6neJjzuIoD-9BlR3WbCERJ_VBwGna2kHhaFvQlJdjkAEFWWA1Z0 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL0lO_kNvSqNZoQ2Q1LN_4eFJeZTQGndGkNqrgBQv_3W6neJjzuIoD-9BlR3WbCERJ_VBwGna2kHhaFvQlJdjkAEFWWA1Z0&google_hm=767f2a675cb08c014a686a9d

Request Chain 316

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEO7XXcNXnLiKy2e-v_g1YlE&google_cver=1&google_push=AYg5qPIgTHCuy_ZRdtx4xxV3qFwpFhN4FBH_VrTPFNgyhkP1Q5T6aviQV6VbhHQDtf-eObrqITvFpsXQL0IfNfDIQzMi4A7G_SDdqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPIgTHCuy_ZRdtx4xxV3qFwpFhN4FBH_VrTPFNgyhkP1Q5T6aviQV6VbhHQDtf-eObrqITvFpsXQL0IfNfDIQzMi4A7G_SDdqQ HTTP 302
https://onetag-sys.com/sync/i,19/?google_error=5

Request Chain 323

https://um.simpli.fi/gp_match?google_gid=CAESECAoCg0dUyc36kY3NymxszI&google_cver=1&google_push=AYg5qPKH3nA9uj22cT8iDMa5qeXLghhp2lRhYZwBBoTMI3yIi1qM4HRLc5AD_V8CmCtYx8NDEu8gS0GQecw6OhG2xkyfrf6oDBUGbw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPKH3nA9uj22cT8iDMa5qeXLghhp2lRhYZwBBoTMI3yIi1qM4HRLc5AD_V8CmCtYx8NDEu8gS0GQecw6OhG2xkyfrf6oDBUGbw

Request Chain 324

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMmtA7LI9UOlY4isLX-s130&google_cver=1&google_push=AYg5qPJXavg5M5o-Q6f1FwTydZIKiAnPn6Jzc14I7S7d2LEl6Hw6QhCume0FJMeCvztUWSW_WKmi4Z1rsP5gZHHeNwV-qXwb2-P0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPJXavg5M5o-Q6f1FwTydZIKiAnPn6Jzc14I7S7d2LEl6Hw6QhCume0FJMeCvztUWSW_WKmi4Z1rsP5gZHHeNwV-qXwb2-P0

Request Chain 325

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHBp6hQQLCGfrg2eURC0FFQ&google_cver=1&google_push=AYg5qPKzHLhO1CO-AeBeMIQRV5oY26Gw-O-9ynDzHAoegMD7ibw8-tt3KjpJvrwVu2CwW41cl4tRG60rEFjM5n_KrpnVT8Xzzeiv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxWEMtUC0zRjRX&google_push=AYg5qPKzHLhO1CO-AeBeMIQRV5oY26Gw-O-9ynDzHAoegMD7ibw8-tt3KjpJvrwVu2CwW41cl4tRG60rEFjM5n_KrpnVT8Xzzeiv

Request Chain 326

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItJnDVFAj25zjyR6MXkesA&google_cver=1&google_push=AYg5qPLNkTQ3rjL_2tIKn2LRQVVSWVgd6p78U0LzCqTqYc5p-17x6EG8VLcinE_SNT91crfb552Fic3LaJEHgwnfznqo8C5MSryObQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLNkTQ3rjL_2tIKn2LRQVVSWVgd6p78U0LzCqTqYc5p-17x6EG8VLcinE_SNT91crfb552Fic3LaJEHgwnfznqo8C5MSryObQ&google_hm=767f2a675cb08c014a686a9d

Request Chain 329

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEO7XXcNXnLiKy2e-v_g1YlE&google_cver=1&google_push=AYg5qPJy6sVIKQnFIl2ZsmJFlKqANKVHHThflLqv2FKXLzwUtWip8IO7PAnqBsbsqByRYIzifKOWL28xxhHxQBhFEpfIVpJi7t8csg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPJy6sVIKQnFIl2ZsmJFlKqANKVHHThflLqv2FKXLzwUtWip8IO7PAnqBsbsqByRYIzifKOWL28xxhHxQBhFEpfIVpJi7t8csg HTTP 302
https://onetag-sys.com/sync/i,19/?google_error=5

407 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.hawtcelebs.com/
Redirect Chain

http://www.hawtcelebs.com/
https://www.hawtcelebs.com/

32 KB
8 KB

1557ms
1513ms

Document
text/html

2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 384a5ff160bd30d6d7d80739751e55d0f88a72717a4aafba99df22e615689801

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 14 Mar 2022 17:16:52 GMT
content-type: text/html; charset=UTF-8
link: <https://www.hawtcelebs.com/wp-json/>; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZRGVvNmu6qsKSDP7sHvQXKVVsWR8cU5NkFKp656Kx6gtTxfOn1LmyylSxUG4URYuRJM3ZWVJq3GlHFUEQrftEh0GFoKiiGdUzWHSPM1thS%2FLTWUZuv39PGqDkI3KZP%2BLpmtVhmKAv5nLXtM6qDNGPY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6ebea8d5aff33763-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date: Mon, 14 Mar 2022 17:16:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 14 Mar 2022 18:16:51 GMT
Location: https://www.hawtcelebs.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GV2MyQlll%2BL6cHOa0F3AuLKoLzbDthnQ7vWoD0soEJ1a83VQL1OsYTBSWnndXw%2BmSxD6pfV7UrvZilU5gm6BplkNF96GCTxNpkEiY%2FoF%2FSY5JYkaUmQRIu1rg9A4G5ydlk8l718152FH7oePvY6U8Vw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6ebea8d53deb6964-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.css
www.hawtcelebs.com/wp-content/themes/hawtceleb/ 15 KB
4 KB 53ms
52ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hawtcelebs.com/wp-content/themes/hawtceleb/style.css?ver=5.9.2
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af0d6570462dee3c3937e8694b2ee98ea78313219976105080e94680c29769ad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 204359
cf-polished: status=cannot_optimize
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 26 Aug 2019 09:10:58 GMT
server: cloudflare
etag: W/"5d63a222-3db1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAI5mqn%2B7jo57iYfJXEtCJEwtQ5PcL1oyZ5Ut%2BxCYauk%2F2e0qmRAjqpaTlwkoaCLd80x6qV5nMngaLaqmR7b%2Fh1lHnxLi2GjSvbyrgq97e3XVdx65%2F0nBF%2B8nEuy7BSjsewchMkhNsVmAYcBR%2Fzrxh8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6ebea8df3d773763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 49ms
26ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A400%2C400i%2C700%2C700i&ver=5.9.2

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

31bf822302ba5c241966cbdf23c8e904c3fc8c4cf20758032774b8ffe8e1d69a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 17:09:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 14 Mar 2022 17:16:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Mar 2022 17:16:53 GMT

GET
H2 200 dd-multi-col-cats.css
www.hawtcelebs.com/wp-content/themes/hawtceleb/ 238 B
595 B 32ms
31ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hawtcelebs.com/wp-content/themes/hawtceleb/dd-multi-col-cats.css
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a40dcd59c23d9ed6f0fbaeefeb57c78543b487ad93c49f5f74b89dd85b0ea278

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1363840
cf-polished: origSize=313
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 10 Jun 2019 10:27:20 GMT
server: cloudflare
etag: W/"5cfe3088-139"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2BgQeGkPpcK8JduQ%2BE8yf3lG49fHOpV%2FcClVOcmFkeWnJTiY7qJA5OVld%2FOYsjbzWQoW%2BU2ta79M0Lclihw9XBvQxd5dqhMVlGvxv1HjN2Svn7tulBu6AmjJrle2PVlRZ6LKf%2B8reBQV2iKf6RUuYyU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6ebea8df3d7a3763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 up.js Show response
live.demand.supply/ 4 KB
3 KB 179ms
123ms Script
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/up.js
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b652b4cef4b3130412794af75ccb6a995ff4a5b2bdabfd9efe6a93935c73c73d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FXTQQ0HJHPJ3VMN8KCCT2QDW
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 612
cf-polished: origSize=3935
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
cf-bgj: minify
server: cloudflare
etag: W/"c72512f825d90d968c20d7f1ad8b86c2-ssl-df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray: 6ebea8df9eee01e3-ZRH
link: <https://live.demand.supply/impl.v14.1.1.js>; rel=preload; as=script,<https://live.demand.supply/p4/v14-0-0/d3d3Lmhhd3RjZWxlYnMuY29tLw==>; rel=preload; as=script

GET
H/1.1 200
OK img.fetch Show response
udmserve.net/udm/ 35 KB
5 KB 646ms
172ms Script
application/x-javascript 68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to

Full URL: https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 68.71.249.118 , Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: 80afa7e71baab4b9dca2c54f30f742c205e90c12a24aa844d1e5ccb0b3db1bbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:53 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3p: NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Type: application/x-javascript
Expires: 0

GET
H2 200 mary-steenburgen-and-ted-danson-out-shopping-in-los-angeles-03-10-2022-6_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 64 KB
64 KB 587ms
586ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/mary-steenburgen-and-ted-danson-out-shopping-in-los-angeles-03-10-2022-6_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7022340dcbdd29b10402d45b550b8ba8f68fe674c2bf8b5102ae9ef1831d54e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65173
last-modified: Mon, 14 Mar 2022 16:59:04 GMT
server: cloudflare
etag: "622f7458-fe95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S2VgkGDlZWRWAA%2F0RuV7EtI%2BzyxCACaOZEUgT25nTlCEDBSG%2BVHCiuKZZ%2Fbv8vKQy1TZBCEweA8qFAsTBvyvVpgx6n8GRE223g9qywM0qgjc32BmAyXEmN%2BRWRfRvfBwO%2FBLkT0hMULMYleHpDkGcXo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df4d7f3763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hana-cross-leaves-chiltern-firehouse-in-london-03-12-2022-6_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 41 KB
42 KB 530ms
529ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/hana-cross-leaves-chiltern-firehouse-in-london-03-12-2022-6_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 704b1e01c786a922c34a248e8b7f706defd603b2aa670c29f35db35bcdfa07e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42133
last-modified: Mon, 14 Mar 2022 16:57:31 GMT
server: cloudflare
etag: "622f73fb-a495"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0sA%2F8Y%2FymDVsz00GZZks4Y1c3LcVPqfJCu0nNaT8Ae01EPKXR6AlMLiWSMzvJhPytFWENIvSrXocE0gd9IjTQ4nwe6VqAFN%2BCVzrlAY%2Bu2RqGS6HuVICdVdAcwhP8nil5m%2BFsf2VSdTDG%2FHdmLcKbM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df4d813763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 claudia-romani-and-ilona-nesterova-support-ukraine-out-in-miami-03-13-2022-6_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 52 KB
52 KB 534ms
533ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/claudia-romani-and-ilona-nesterova-support-ukraine-out-in-miami-03-13-2022-6_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96339e3a735d41f96df61dce38edd4a92a1ef9346d5165906dacb1d7530cc5d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 52873
last-modified: Mon, 14 Mar 2022 16:57:30 GMT
server: cloudflare
etag: "622f73fa-ce89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNlPmai8MBhpiiw3Nv8zdQhl5rC%2BvNIM4ibljZh4%2FZq%2BVDJ3dI%2Bge2bRUvZc8YJviFeDUCbckbkyvDp7vE9dFOIUNH4yM%2BZ5%2B%2BXRvamrEYecP8%2FfRnBsEFYPxlUqaBp3WKGeYjUqZH3E9GdxmRWnnv4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df4d863763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 myleene-klass-arrives-at-smooth-radio-in-london-03-13-2022-6_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 67 KB
67 KB 49ms
48ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/myleene-klass-arrives-at-smooth-radio-in-london-03-13-2022-6_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eff5e6e431b11a17340ba67dfada687a3d5bab7d4ee7d1544c785afd20d19c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 68365
last-modified: Mon, 14 Mar 2022 16:55:51 GMT
server: cloudflare
etag: "622f7397-10b0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t5YVDUyXBv%2BcutP658QLpU0Mh9EYyanrkavsl3JE7w0Nux5rak2SUgUOT9OJIsR%2BOt8Pm%2B193ax4xki3I7wTscH%2Fdw6KZ%2FE0T%2Baqm0N6PhL49M3NyEOBCTi90kF1o4SJ0twow9r28mI4rmESobJIpMk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df4d873763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 katie-holmes-out-shopping-in-new-york-03-13-2022-6_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 43 KB
43 KB 30ms
29ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/katie-holmes-out-shopping-in-new-york-03-13-2022-6_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78f36bda3a4395e14ab32d8efa5c6987e2c4f425d5e96cd3896c70813e95dfc2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43716
last-modified: Mon, 14 Mar 2022 16:55:13 GMT
server: cloudflare
etag: "622f7371-aac4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rll1Bl10OEMjqEaSSCrVGC%2Fw%2BUrY68qMTI65IVWdKjXXWYPluAlan%2BPHB9XHQOV1uXzNEFI8pYYK0yhBoJg9tEJCtvPVtyp%2FQL6wqV%2FPoY0wqtXILuP8TsNaL0rkZEZYHqZw6ErIo%2Bwi0xzxcPU53FI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df4d8b3763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 juliette-lewis-arrives-at-critics-choice-awards-in-los-angeles-03-13-2022-6_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 39 KB
40 KB 31ms
30ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/juliette-lewis-arrives-at-critics-choice-awards-in-los-angeles-03-13-2022-6_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73ea31af396c26a18892b288114707f25519e0eeba32c76fdb8d036e93c3505e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 40297
last-modified: Mon, 14 Mar 2022 16:54:30 GMT
server: cloudflare
etag: "622f7346-9d69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mb5O58MqE6UUFU9iQONlzLGzE4IkTgOI%2FOUYm2fC8YXATOjgtap87d365r3AiIoxSH4CCgaArLfafzCQybbeRolzzt85Z4iJS0baRks%2BZp9LqsNZFlMq4LK9c2FRxu7xYwLM6hsEB%2B%2F1fc3wDzwnzCc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df4d8d3763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 kate-beckinsale-arrives-at-lax-airport-in-los-angeles-03-13-2022-6_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 52 KB
53 KB 49ms
48ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/kate-beckinsale-arrives-at-lax-airport-in-los-angeles-03-13-2022-6_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1261b7cce0eafa940b0681c494a52abb9a9a246262a3ca7b5acf2ab56bde6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 53414
last-modified: Mon, 14 Mar 2022 16:54:01 GMT
server: cloudflare
etag: "622f7329-d0a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSGiSnrI86Wv1%2FMC0vrhbP3VqXZazVPJzzhLLOdnAGwB0mJvqYG2ew8ImjfegKGTqL4Uz69tsoEWpNAalkJTwQ4%2B%2FWbNaD02TO%2FNjN1rsOWtwZCunlAjwVp4j9B8hNktF1neiCfJ6FJ2KfCpA309E%2FI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df4d8f3763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lori-harvey-arrives-at-four-seasons-hotel-in-beverly-hills-03-13-2022-6_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 41 KB
42 KB 49ms
48ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/lori-harvey-arrives-at-four-seasons-hotel-in-beverly-hills-03-13-2022-6_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34138fbb6be3ff1527d04773cae34642f446371838e51dff7bcfdc78cc54ca6d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42294
last-modified: Mon, 14 Mar 2022 16:53:22 GMT
server: cloudflare
etag: "622f7302-a536"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0cM88a7k9%2BBtdc692Y1U3jk0EcgSoRPoobBm1WP3%2FZr7JybktfJaU5%2Fx2XBrx2FB3ieJQ9l5TiGF47fys8AXSV5GHO%2FC2Ul3sSrPnwlI0J8hL0aC3%2FhYTMy8iSilq6mHOS32OuH6Eyh7T7LGMDj%2Fz8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df4d923763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 sammi-hanratty-arrives-at-critics-choice-awards-in-los-angeles-03-13-2022-6_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 65 KB
65 KB 50ms
49ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/sammi-hanratty-arrives-at-critics-choice-awards-in-los-angeles-03-13-2022-6_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41876d517897272182ffa12931385d089e2d1d494b6b19724d60e72c6422d36d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1405
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 66580
last-modified: Mon, 14 Mar 2022 16:52:42 GMT
server: cloudflare
etag: "622f72da-10414"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0juNYo3Z4wyu4SuMHq76rdlFJPAnzc805yw1Lvr3erclbjxv6iHUX4fAsUPzb%2BMLoRUoenVzZDpgRWRI4FTZdXNY1SvL64J9F8TjPwamgeK22mC7XAwoIbjLexx8bUJuM7L%2FRvMxLv6xMnmbIMksNMw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df5db73763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 katharine-mcphee-out-for-brunch-with-a-friend-at-hotel-bel-air-03-13-2022-9_thumbnail.jpg
www.hawtcelebs.com/wp-content/uploads/2022/03/ 97 KB
98 KB 50ms
49ms Image
image/jpeg 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hawtcelebs.com/wp-content/uploads/2022/03/katharine-mcphee-out-for-brunch-with-a-friend-at-hotel-bel-air-03-13-2022-9_thumbnail.jpg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4582972325e917d60aa7888fdecbe35e223344ab4c01de5f330750cdf6eed9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1405
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 99459
last-modified: Mon, 14 Mar 2022 16:51:59 GMT
server: cloudflare
etag: "622f72af-18483"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q3NMcwOz1YEi7fMn7Z3k3Ndya6mBIGgga9HDDFwBZqTeqXMAWWyNngymOmU2LUymgRYJypA%2BXIsAaVMRTM2E5fBGnzeCrdV1fDNoc5bJ1oLH1WvLKZX18RDwDwjAGxPoewwuMTWlsUuf56urFmVN4tw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6ebea8df5db93763-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rocket-loader.min.js Show response
www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 49ms
49ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 11 Mar 2022 12:22:44 GMT
server: cloudflare
etag: W/"622b3f14-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fE8KaA3Yu3t77e3ECUvOwgrq%2Fxc9aE3%2BXsVL3I%2Bs3dR0ndH06GunybLSeD%2BQrcCN1TFJMKuTE6XD4g02jas0svObsyjFb1lQihUGdvPc8FBK3j5hM79CVps78Ht%2Fp306ZVd6Xbs8Js39P3v5IH4pmkM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ebea8df5dba3763-MXP
vary: Accept-Encoding
expires: Wed, 16 Mar 2022 17:16:53 GMT

GET
H3 200 icon.ttf
www.hawtcelebs.com/wp-content/themes/hawtceleb/fonts/ 14 KB
14 KB 56ms
56ms Font
application/octet-stream 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hawtcelebs.com/wp-content/themes/hawtceleb/fonts/icon.ttf?zf3xc5
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/wp-content/themes/hawtceleb/style.css?ver=5.9.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bee4c3ddceefb6558b86e3d6bbe40326f6d67e1b0b535eb6949d570e7630d82d

Request headers

Referer: https://www.hawtcelebs.com/wp-content/themes/hawtceleb/style.css?ver=5.9.2
Origin: https://www.hawtcelebs.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4199
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14224
last-modified: Mon, 10 Jun 2019 08:38:45 GMT
server: cloudflare
etag: "5cfe1715-3790"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BgWczFZAngDSwGl78k%2BJ6DfynDDkYoyhGBOkq4yilMkuNCKPw4tTAF%2FhkVgw3kQcitjD44fOGHgoWX0XeF3hMHyJ%2B4RRuMFPohpusheWQTpNlxJBeAoovM2au5FTMDrSLr1VfQqXr3aUSUWp472PK%2B8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6ebea8dff997926b-FRA

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/ 30 KB
31 KB 34ms
12ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C400i%2C700%2C700i&ver=5.9.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hawtcelebs.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 08:55:44 GMT
x-content-type-options: nosniff
age: 462069
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30876
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:11:59 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Mar 2023 08:55:44 GMT

GET
H2 200 c.js Show response
waust.at/ 12 KB
6 KB 78ms
30ms Script
application/x-javascript 2606:4700:20::681a:407
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://waust.at/c.js
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:407 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b7469d8fba6e9d71beec83d90b3a7658aa4b61a2d4e6cdb36fa0b89f8de11af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2210
last-modified: Thu, 10 Mar 2022 23:26:21 GMT
server: cloudflare
etag: W/"622a891d-2f93"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CjGaKz75Cb8wkZHDNUXm6UWD0W7C6WPd9P%2FW%2FTJpLrUNlmOR1U46iEL5T9o%2Fbqz0l5pxgaTAZrmnAWS9c5fhOCCvm5trhtAzSw7njzE66bY%2FJ86YDulDOiKW72dQLyfyoryMynaB"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 6ebea8e04ae73754-MXP
expires: Tue, 15 Mar 2022 16:40:03 GMT

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ 197 KB
68 KB 102ms
25ms Script
application/x-javascript 72.247.225.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: bb8005b1fa58acf575732c502d741d96bcc2b14d8ce308ef1f210c5042ea9d50

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
last-modified: Mon, 14 Mar 2022 11:45:29 GMT
etag: "16-TUc89UgKWgzfke9oh6nnrdAsGVE"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
x-traceid: 1f03a0cec0926e74a7472a6504a597df
timing-allow-origin: *, *
content-length: 69510

GET
H2 200 inpageLoader.js Show response
bid.underdog.media/ 1 KB
2 KB 72ms
10ms Script
application/javascript 2600:9000:2251:ce00:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.underdog.media/inpageLoader.js
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:ce00:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0372c58d2c88c2c3829721f2efa381e47d42bd26588518d8b3b511e3054ea07

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 18:07:43 GMT
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
last-modified: Fri, 21 Jan 2022 18:16:12 GMT
server: AmazonS3
age: 83351
etag: "b049a7622877bb27cb55c1121cb9e23c"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 1337
x-amz-cf-id: nOtBlzncbHiuAKg_jewnkbPY-taBJCo9CeH4IzzxUwllsICW2cdtvw==

GET
H2 200 / Show response
services.vlitag.com/adv1/ 985 B
970 B 217ms
174ms Script
application/javascript 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2e26de46c161fa44ac4e7cd7627a67a7a33fc58172478cc6d741171ab387cf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 14 Mar 2022 17:16:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
cf-ray: 6ebea8e03a5f233d-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: noindex, nofollow, noarchive, nosnippet
expires: on, 01 Jan 1970 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 55ms
26ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-10995097-8

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2ceb5ca7a999a6a7dd2e7a27780ca38cc81a17de6bdc4f860e8900b70074bbbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36942
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 16:59:36 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 14 Mar 2022 17:16:53 GMT

GET
H3 200 jquery.js Show response
www.hawtcelebs.com/wp-content/themes/hawtceleb/js/ 95 KB
35 KB 56ms
55ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hawtcelebs.com/wp-content/themes/hawtceleb/js/jquery.js?ver=1.0.0
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1101727
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 10 Jun 2019 11:28:48 GMT
server: cloudflare
etag: W/"5cfe3ef0-17a62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ih038vJSyD5pA4%2FMbhYkGhLqYIQSTd5AS%2BfxdNfjPBdd1v02CprbIjv%2BeWkuFXSoJTFN3o9A4I78SIDfapCarGv1ao2V7umpld4oSym9aKOH4I7m8n2YdheTNFRwwX%2BFopw2BxwwTEF8Bei2L6%2BLU9Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 6ebea8e009bc926b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 impl.v14.1.1.js Show response
live.demand.supply/ 78 KB
25 KB 60ms
31ms Script
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/impl.v14.1.1.js
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afeb627e84652f882d1e4b597dc74fbb2a3eaec53947319774903915ebfd8250

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FXTQQ0JGA5DN0TMCB1F5JG9G
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 334710
cf-polished: origSize=79681
cf-ray: 6ebea8e08dd101f4-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"eb16b5038a3054ecad7709db42ff9948-ssl-df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *

GET
H3 200 d3d3Lmhhd3RjZWxlYnMuY29tLw== Show response
live.demand.supply/p4/v14-0-0/ 3 KB
1 KB 157ms
129ms Script
text/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/p4/v14-0-0/d3d3Lmhhd3RjZWxlYnMuY29tLw==
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f277c079321a2a5a99e98128dc40b36b269f9fadef95ab8a7614a8388881c491

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 6ebea8e08dd701f4-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
400 B 50ms
24ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?e=ll&d=180&cs=c&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e08aea23af-ZRH

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 152 KB
53 KB 94ms
68ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e805da0c487baac66bb05ed077ca1f52b159691be64b5ebf8f2cf2db0197dd24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53834
x-xss-protection: 0
server: cafe
etag: 16243749444863988442
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 14 Mar 2022 17:16:53 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
28 KB 52ms
25ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

c726d0d53be662a7b59d01180ac241cb688580b841731f169b3b3f9146de4a0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27707
x-xss-protection: 0
server: sffe
etag: "1158 / 498 of 1000 / last-modified: 1647276888"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 14 Mar 2022 17:16:53 GMT

GET
H3 200 ds.2.html Show response
live.demand.supply/ 413 B
471 B 54ms
28ms XHR
text/html 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/ds.2.html
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FMYJJHB15R2JWEZTPD1Q87S3
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
timing-allow-origin: *
age: 2199012
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-ray: 6ebea8e08aee23af-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pubads_impl_2022030901.js Show response
securepubads.g.doubleclick.net/gpt/ 358 KB
121 KB 23ms
8ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

eba88ef6b1f09543b0b3f34bc3c1d401da36d590354cd7728e2aae4d3c1abc91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 16:30:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2795
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123713
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 09:34:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 16:30:18 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 426 B
212 B 32ms
17ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.hawtcelebs.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

c883acee4fa837d684ea9eb2e6f16a885ad56dd659464c9369ffa2f3a0c56210

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 187
x-xss-protection: 0
expires: Mon, 14 Mar 2022 17:16:53 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220308/r20190131/ Frame 5B32 10 KB
5 KB 40ms
12ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220308/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Mon, 14 Mar 2022 00:08:55 GMT
expires: Mon, 28 Mar 2022 00:08:55 GMT
cache-control: public, max-age=1209600
age: 61678
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 hawtcelebs.com_responsive_h_archive-3 Show response
api.demand.supply/v14-0-0/a/ 314 B
572 B 69ms
21ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v14-0-0/a/hawtcelebs.com_responsive_h_archive-3?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0cd5c3994b640a71d99b45cbf7c0c671169c48f9a54875e02c7053999309887

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 196
etag: W/"13a-CDM/dRbO2nUVWjjuIXp8Gi2CX7g"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 6ebea8e198070215-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 hawtcelebs.com_native_multi_native_home_7 Show response
api.demand.supply/v14-0-0/a/ 318 B
311 B 71ms
26ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v14-0-0/a/hawtcelebs.com_native_multi_native_home_7?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c95abcc3b3b083dba8c06e98b890c137477b47fc38da3f2146f712877f4af29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 196
etag: W/"13e-feadtAWlK9OrD1wE9gw6RZGtpR8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 6ebea8e198090215-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 hawtcelebs.com_native_multi_native_under_related Show response
api.demand.supply/v14-0-0/a/ 318 B
309 B 74ms
29ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v14-0-0/a/hawtcelebs.com_native_multi_native_under_related?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76cd560ded78b8012e2b4069ac054ce7431680a557737e41ee34b386f23a2b90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 196
etag: W/"13e-aSTZNCC08umzo7QLJf8eD7Zwidk"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 6ebea8e1980a0215-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 hawtcelebs.com_300x250_desno300x250 Show response
api.demand.supply/v14-0-0/a/ 310 B
300 B 87ms
43ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v14-0-0/a/hawtcelebs.com_300x250_desno300x250?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf4cc93e59a3972ebddf92594d0d5298a0c1cefbbe1b8938e6d5a323bce5835a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 5728
etag: W/"136-WDhVjrMl7qBG+cXsLGtsueYMzbM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 6ebea8e1980b0215-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 hawtcelebs.com_300x600_hawt600 Show response
api.demand.supply/v14-0-0/a/ 318 B
309 B 68ms
24ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v14-0-0/a/hawtcelebs.com_300x600_hawt600?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6c9c2aebd745bd405d845f066bf294d297148da915b3d9055f46a9e8a2e33e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 5728
etag: W/"13e-LuDqNyVBKoS6P2bhm9JjBrb4XMI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 6ebea8e1980c0215-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 hawtcelebs.com_160x600_hawt160 Show response
api.demand.supply/v14-0-0/a/ 310 B
304 B 68ms
23ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v14-0-0/a/hawtcelebs.com_160x600_hawt160?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed093634499f63e6d0bafb2f80befd9f9ba6a350c8b379220c12033becd8ab10

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 5284
etag: W/"136-OXuJXPakQ2UboWjwtNmhNYsdfQM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 6ebea8e1980e0215-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 hawtcelebs.com_responsive_h_hawtfuterreshor Show response
api.demand.supply/v14-0-0/a/ 305 B
296 B 69ms
24ms XHR
application/json 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v14-0-0/a/hawtcelebs.com_responsive_h_hawtfuterreshor?&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a82a928280d1469d86bc38bd56d4cecc9d5548b5b27e8e4629b6fa0dc7c18bf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 5728
etag: W/"131-gMEG7VBm4+sDUajo9NC0WqQzz2M"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 6ebea8e1980d0215-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 42ms
18ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.hawtcelebs.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 44ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.hawtcelebs.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1023 B
610 B 297ms
296ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1938207847620433&correlator=1504861379741678&eid=31064151%2C31065631%2C31063246%2C31062930&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&sc=1&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C05d68e4b-c539-4fe7-b7a0-36adfe74d624&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&adks=3396334874&sfv=1-0-38&ecs=20220314&ists=1&fas=8&fsapi=false&prev_scp=ti%3D089ae12c-dd6d-4d0b-9be0-b8a928dcf704%26interstitials-bid%3D10%26bid-p%3Dgoogle%26bsc%3D97&eri=1&cookie_enabled=1&abxe=1&dt=1647278213357&lmt=1647278213&dlt=1647278212972&idt=348&biw=1600&bih=1200&oid=2&ucis=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=2123515482.1647278213&ga_sid=1647278213&ga_hid=1401490128&ga_fc=false&btvi=-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

8f682f4500ba4e738bf891340b24777adb08e7e825f6db0aa17fc16bd611a929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 580
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D4FB 6 KB
4 KB 61ms
14ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Mar 2022 17:16:53 GMT
expires: Tue, 14 Mar 2023 17:16:53 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_page_level_ads_2022030901.js Show response
securepubads.g.doubleclick.net/gpt/ 36 KB
13 KB 10ms
9ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022030901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

47a15f59d0ec2f3cfa862815fe589541eaf2e3d23c417e33f28f3cc6fdfa18df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 14:11:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 443142
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13462
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 09:34:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 09 Mar 2023 14:11:11 GMT

GET
H3 200 hawtcelebs.com_responsive_h_archive-3 Show response
live.demand.supply/cp/ 28 B
256 B 485ms
485ms XHR
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/hawtcelebs.com_responsive_h_archive-3?mlos=wi&mlbr=ch&mlla=en&mlbs=97&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d068daf46712687480a046598f397fe91181edda9334a2b5d7e7246868f643d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 6ebea8e1ccbd23af-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28

GET
H3 200 hawtcelebs.com_160x600_hawt160 Show response
live.demand.supply/cp/ 27 B
255 B 485ms
484ms XHR
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/hawtcelebs.com_160x600_hawt160?mlos=wi&mlbr=ch&mlla=en&mlbs=97&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d2a70ac6774543b2f5c45f314cb6c481ce6eb6b61e7b356162ee615761f2b83

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 6ebea8e1ccc423af-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27

GET
H3 200 hawtcelebs.com_300x600_hawt600 Show response
live.demand.supply/cp/ 28 B
256 B 503ms
502ms XHR
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/hawtcelebs.com_300x600_hawt600?mlos=wi&mlbr=ch&mlla=en&mlbs=97&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d068daf46712687480a046598f397fe91181edda9334a2b5d7e7246868f643d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 6ebea8e1ccc523af-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28

GET
H3 200 hawtcelebs.com_responsive_h_hawtfuterreshor Show response
live.demand.supply/cp/ 27 B
255 B 484ms
483ms XHR
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/hawtcelebs.com_responsive_h_hawtfuterreshor?mlos=wi&mlbr=ch&mlla=en&mlbs=97&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d2a70ac6774543b2f5c45f314cb6c481ce6eb6b61e7b356162ee615761f2b83

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 6ebea8e1ccce23af-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27

GET
H3 200 hawtcelebs.com_native_multi_native_home_7 Show response
live.demand.supply/cp/ 27 B
255 B 413ms
412ms XHR
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/hawtcelebs.com_native_multi_native_home_7?mlos=wi&mlbr=ch&mlla=en&mlbs=97&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d2a70ac6774543b2f5c45f314cb6c481ce6eb6b61e7b356162ee615761f2b83

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 6ebea8e1ccd423af-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27

GET
H3 200 hawtcelebs.com_native_multi_native_under_related Show response
live.demand.supply/cp/ 27 B
255 B 479ms
478ms XHR
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/hawtcelebs.com_native_multi_native_under_related?mlos=wi&mlbr=ch&mlla=en&mlbs=97&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d2a70ac6774543b2f5c45f314cb6c481ce6eb6b61e7b356162ee615761f2b83

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 6ebea8e1ccdc23af-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27

GET
H3 200 hawtcelebs.com_300x250_desno300x250 Show response
live.demand.supply/cp/ 28 B
256 B 485ms
485ms XHR
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/hawtcelebs.com_300x250_desno300x250?mlos=wi&mlbr=ch&mlla=en&mlbs=97&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d068daf46712687480a046598f397fe91181edda9334a2b5d7e7246868f643d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 6ebea8e1ed0323af-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28

GET
H2 200 udm-r3_Fri_3_11_10_11_16_2022.js Show response
bid.underdog.media/ 572 KB
172 KB 8ms
8ms Script
application/javascript 2600:9000:2251:ce00:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.underdog.media/udm-r3_Fri_3_11_10_11_16_2022.js
Requested by: Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:ce00:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 984f89207e64531c33ff70321fa69ff082242b8678ca44fe0c2fd30eec16af76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 18:20:06 GMT
content-encoding: gzip
last-modified: Fri, 11 Mar 2022 18:11:19 GMT
server: AmazonS3
age: 255408
etag: "e280a5fb03de4c1bc3fa5068ccfc9078"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 175757
x-amz-cf-id: uXYtHxcfUuYRbW2YwV2_8149BxxaRNHYxlV_8tCjZGXHJLM_CSl7rg==

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 26ms
8ms Script
application/javascript 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
etag: "yoD6mq4JTyPdtDBolW+GUg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 21 Mar 2022 17:16:53 GMT

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.17695121
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fdt%253D1%253Bapnid%253D%2524UID%253Bcb%253D0.17695121
https://udmserve.net/udm/fetch.pix?dt=1;apnid=3472600796129444925;cb=0.17695121

43 B
612 B

154ms
154ms

Image
image/gif

68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?dt=1;apnid=3472600796129444925;cb=0.17695121
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 , Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:53 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:53 GMT
X-Proxy-Origin: 193.27.14.42; 193.27.14.42; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 83eb5972-371d-4a88-b88a-470de1ef05d6
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://udmserve.net/udm/fetch.pix?dt=1;apnid=3472600796129444925;cb=0.17695121
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%...
https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REFBRTlENDQtQzExOS00MjlFLTlBNDYtMTZDMDQ1NzYxRkI3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=156505&pmc=1&pr=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fpmid%3DDAAE9D44-C119-429E-9A46-16C045761FB7;cb=0.17695121
https://udmserve.net/udm/fetch.pix?pmid=DAAE9D44-C119-429E-9A46-16C045761FB7;cb=0.17695121

43 B
628 B

155ms
155ms

Image
image/gif

68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?pmid=DAAE9D44-C119-429E-9A46-16C045761FB7;cb=0.17695121
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 , Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:54 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://udmserve.net/udm/fetch.pix?pmid=DAAE9D44-C119-429E-9A46-16C045761FB7;cb=0.17695121
date: Mon, 14 Mar 2022 17:16:52 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 204 services
sync.technoratimedia.com/ 0
297 B 291ms
90ms Image
text/plain 132.226.41.106
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=54&cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bsncr%3D[USER_ID]%3Bcb%3D0.17695121
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 132.226.41.106 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 920731610
access-control-allow-origin: https://www.hawtcelebs.com/
access-control-allow-credentials: true

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 31ms
30ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_auto_interstitial_desktop&e=nai&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e37f9d23af-ZRH

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
17ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.hawtcelebs.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 42ms
25ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.hawtcelebs.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1000 B
593 B 254ms
254ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1938207847620433&correlator=1721045682276747&eid=31064151%2C31065631%2C31063246%2C31062930&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&sc=1&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C542ffbc7-3cd8-4f42-9269-0fd2787d1ee3&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=2&adks=4148235607&sfv=1-0-38&ecs=20220314&ists=1&fas=8&fsapi=false&prev_scp=ti%3D089ae12c-dd6d-4d0b-9be0-b8a928dcf704%26interstitials-bid%3D1%26bid-p%3Dgoogle%26bsc%3D97&eri=1&cookie=ID%3Dd2d7a67de5f87c40-22591fbd5ccd00dc%3AT%3D1647278213%3AS%3DALNI_MZ_FWTwu4pj24RrU2mA5ezp9dMSEQ&abxe=1&dt=1647278213674&lmt=1647278213&dlt=1647278212972&idt=348&biw=1600&bih=1200&oid=2&ucis=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=2123515482.1647278213&ga_sid=1647278213&ga_hid=1401490128&ga_fc=false&btvi=-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

0bc9ace48eb717941b32664235b64d9131d8d6f72a606820b0285c2310c3c351

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 562
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bcv1.js Show response
bid.underdog.media/ 14 KB
6 KB 9ms
8ms Script
application/x-javascript 2600:9000:2251:ce00:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.underdog.media/bcv1.js
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_Fri_3_11_10_11_16_2022.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:ce00:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 29cfa712fcd0f7e472e19568665037c245593ac9cdbb36de7cdef4c7d7e29483

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:01:26 GMT
content-encoding: gzip
last-modified: Mon, 14 Mar 2022 17:00:04 GMT
server: AmazonS3
age: 928
etag: "401463395518ed34bc5281b114e52345"
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
cache-control: max-age=1800
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 5509
x-amz-cf-id: -ZlwGK5ati9mo7Nyw9CSResc3Ju61IjeZ-nzdq46zKzWDBSq3-9HGg==

GET
H2 200 rules-p-effSsmMYCbAck.js Show response
rules.quantcount.com/ 3 B
427 B 23ms
6ms Script
application/javascript 2600:9000:2490:fc00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-effSsmMYCbAck.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:fc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 23:32:51 GMT
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
age: 70850
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 21:04:20 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
x-amz-cf-id: f5c7etf-4QomAL2QCOMfNp4fk0ecaYma_SoWIofb0huDhfypYunDCg==

GET
H2 200 rules-p-Pz67dCqdsHfxh.js Show response
rules.quantcount.com/ 147 B
602 B 23ms
7ms Script
application/javascript 2600:9000:2490:fc00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-Pz67dCqdsHfxh.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:fc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 57b7f2b2bcdd983268775ebc6ee71d208510b285d79dd058f2717248079c59d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 16:38:03 GMT
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
age: 2331
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 147
last-modified: Tue, 27 Apr 2021 19:10:31 GMT
server: AmazonS3
etag: "f7c84b69d3abe411fbfc06992543fbe2"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
x-amz-cf-id: oFbTyBavu62guAPUay5EoS3OJxGRXt3h-6h6vkWFCB9M9hRczicsXA==

GET
H2 200 pixel;r=1774756313;rf=0;a=p-Pz67dCqdsHfxh;url=https%3A%2F%2Fwww.hawtcelebs.com%2F;uht=2;fpan=1;fpa=P0-2103239629-1647278213761;pbc=;ns=0;ce=1;qjs=1;qv=b4915a16-20220201183321;cm=;gdpr=0;ref=;d=hawt...
pixel.quantserve.com/ 35 B
371 B 13ms
12ms Image
image/gif 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1774756313;rf=0;a=p-Pz67dCqdsHfxh;url=https%3A%2F%2Fwww.hawtcelebs.com%2F;uht=2;fpan=1;fpa=P0-2103239629-1647278213761;pbc=;ns=0;ce=1;qjs=1;qv=b4915a16-20220201183321;cm=;gdpr=0;ref=;d=hawtcelebs.com;je=0;sr=1600x1200x24;dst=0;et=1647278213761;tzo=0;ogl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:53 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 pixel;r=95739426;labels=edge.1%2Csid.14863;rf=0;a=p-effSsmMYCbAck;url=https%3A%2F%2Fwww.hawtcelebs.com%2F;uht=2;fpan=0;fpa=P0-2103239629-1647278213761;pbc=;ns=0;ce=1;qjs=1;qv=b4915a16-2022020118332...
pixel.quantserve.com/ 35 B
371 B 12ms
12ms Image
image/gif 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=95739426;labels=edge.1%2Csid.14863;rf=0;a=p-effSsmMYCbAck;url=https%3A%2F%2Fwww.hawtcelebs.com%2F;uht=2;fpan=0;fpa=P0-2103239629-1647278213761;pbc=;ns=0;ce=1;qjs=1;qv=b4915a16-20220201183321;cm=;gdpr=0;ref=;d=hawtcelebs.com;je=0;sr=1600x1200x24;dst=0;et=1647278213763;tzo=0;ogl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:53 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 34ms
34ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_native_multi_native_home_7&pdc=-0.5140883326530457&ucv=005099&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e4696423af-ZRH

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 20ms
19ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.hawtcelebs.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.hawtcelebs.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
9 KB 381ms
380ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1938207847620433&correlator=3877193775485805&eid=31064151%2C31065631%2C31063246%2C31062930&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&sc=1&iu_parts=44890869%3A3968751%2Cnative-multi%2C2eecba1f-fa02-4c76-a614-35bbbacff028&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&ifi=3&adks=2548302328&sfv=1-0-38&ecs=20220314&fsapi=false&prev_scp=ti%3D089ae12c-dd6d-4d0b-9be0-b8a928dcf704%26bid%3D0.01%26bid-p%3Dgoogle%26bsc%3D97%26format%3Dmulti-native&eri=1&cookie=ID%3Dd2d7a67de5f87c40-22591fbd5ccd00dc%3AT%3D1647278213%3AS%3DALNI_MZ_FWTwu4pj24RrU2mA5ezp9dMSEQ&abxe=1&dt=1647278213821&lmt=1647278213&dlt=1647278212972&idt=348&biw=1600&bih=1200&oid=2&adxs=432&adys=7150&ucis=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=577x0&msz=577x0&fws=0&ohw=0&ga_vid=2123515482.1647278213&ga_sid=1647278213&ga_hid=1401490128&ga_fc=false&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

a9308f9bbca4c65ed4fae9d112470ddd0f81a8db9c5938f069a7ea2aa755ad97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9637
x-xss-protection: 0
google-lineitem-id: 5924406464
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138381471506
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 24ms
24ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_native_multi_native_under_related&pdc=-0.5140883326530457&ucv=005099&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e4ca1123af-ZRH

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 38ms
38ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_responsive_h_archive-3&pdc=-0.41127066612243657&ucv=005099&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e4da1523af-ZRH

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 20ms
19ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.hawtcelebs.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 20ms
19ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.hawtcelebs.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
11 KB 305ms
305ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1938207847620433&correlator=1251005683106043&eid=31064151%2C31065631%2C31063246%2C31062930&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&sc=1&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2Cdda8959f-b928-4a81-81d6-a0d270562003&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=530x100&ifi=4&adks=2895972172&sfv=1-0-38&ecs=20220314&fsapi=false&prev_scp=ti%3D089ae12c-dd6d-4d0b-9be0-b8a928dcf704%26bid%3D0.01%26bid-p%3Dgoogle%26bsc%3D97&eri=1&cookie=ID%3Dd2d7a67de5f87c40-22591fbd5ccd00dc%3AT%3D1647278213%3AS%3DALNI_MZ_FWTwu4pj24RrU2mA5ezp9dMSEQ&abxe=1&dt=1647278213892&lmt=1647278213&dlt=1647278212972&idt=348&biw=1600&bih=1200&oid=2&adxs=452&adys=5234&ucis=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=537x0&msz=537x0&fws=0&ohw=0&ga_vid=2123515482.1647278213&ga_sid=1647278213&ga_hid=1401490128&ga_fc=false&btvi=2&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

f0591fb3e6d150c5efb50a9dba2ec03cc894d45b71e89d86a119532efb139cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11732
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 25ms
25ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_160x600_hawt160&pdc=-0.5140883326530457&ucv=005099&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e51a8523af-ZRH

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
10 KB 274ms
274ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1938207847620433&correlator=837907534508100&eid=31064151%2C31065631%2C31063246%2C31062930&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&sc=1&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2Cf9c1d796-ef8b-48c5-a212-9c5e01c1d981&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&ifi=5&adks=308638017&sfv=1-0-38&ecs=20220314&fsapi=false&prev_scp=ti%3D089ae12c-dd6d-4d0b-9be0-b8a928dcf704%26bid%3D0.01%26bid-p%3Dgoogle%26bsc%3D97&eri=1&cookie=ID%3Dd2d7a67de5f87c40-22591fbd5ccd00dc%3AT%3D1647278213%3AS%3DALNI_MZ_FWTwu4pj24RrU2mA5ezp9dMSEQ&abxe=1&dt=1647278213931&lmt=1647278213&dlt=1647278212972&idt=348&biw=1600&bih=1200&oid=2&adxs=272&adys=400&ucis=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=160x-1&msz=160x-1&fws=512&ohw=0&ga_vid=2123515482.1647278213&ga_sid=1647278213&ga_hid=1401490128&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

02469fc816049ef247701cee7e19a89cb929bda93d3d43e6ef4a13260fd495c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9783
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 24ms
24ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_responsive_h_hawtfuterreshor&pdc=-0.5140883326530457&ucv=005099&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e52a9d23af-ZRH

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
10 KB 285ms
284ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1938207847620433&correlator=2844890835635919&eid=31064151%2C31065631%2C31063246%2C31062930&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&sc=1&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2Ccfb16f52-ed40-46d3-bac4-bae57a2a1668&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x100&ifi=6&adks=640894574&sfv=1-0-38&ecs=20220314&fsapi=false&prev_scp=ti%3D089ae12c-dd6d-4d0b-9be0-b8a928dcf704%26bid-p%3Dgoogle%26bsc%3D97&eri=1&cookie=ID%3Dd2d7a67de5f87c40-22591fbd5ccd00dc%3AT%3D1647278213%3AS%3DALNI_MZ_FWTwu4pj24RrU2mA5ezp9dMSEQ&abxe=1&dt=1647278213937&lmt=1647278213&dlt=1647278212972&idt=348&biw=1600&bih=1200&oid=2&adxs=252&adys=10278&ucis=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1097x0&msz=1097x0&fws=0&ohw=0&ga_vid=2123515482.1647278213&ga_sid=1647278213&ga_hid=1401490128&ga_fc=false&btvi=3&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

2caf57b9d0ff5a46b6eba19cde8b61ae0f173ba207ec476797542166f6768b4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10331
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 20ms
20ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_300x250_desno300x250&pdc=-0.41127066612243657&ucv=005099&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e52aa823af-ZRH

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 87 KB
37 KB 305ms
305ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1938207847620433&correlator=247139088081126&eid=31064151%2C31065631%2C31063246%2C31062930&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&sc=1&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C126ee8cb-be4a-44dd-bbca-61a2ab6e88e3&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=7&adks=3805234628&sfv=1-0-38&ecs=20220314&fsapi=false&prev_scp=ti%3D089ae12c-dd6d-4d0b-9be0-b8a928dcf704%26bid%3D0.01%26bid-p%3Dgoogle%26bsc%3D97&eri=1&cookie=ID%3Dd2d7a67de5f87c40-22591fbd5ccd00dc%3AT%3D1647278213%3AS%3DALNI_MZ_FWTwu4pj24RrU2mA5ezp9dMSEQ&abxe=1&dt=1647278213942&lmt=1647278213&dlt=1647278212972&idt=348&biw=1600&bih=1200&oid=2&adxs=1029&adys=380&ucis=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&fws=512&ohw=0&ga_vid=2123515482.1647278213&ga_sid=1647278213&ga_hid=1401490128&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

a394feee7ed832e18bae6defa43f71963b391d431af27c6a6c28f75d7d04b827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37411
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 22ms
22ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_300x600_hawt600&pdc=-0.41127066612243657&ucv=005099&e=tcp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e53ab823af-ZRH

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 87 KB
37 KB 312ms
311ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1938207847620433&correlator=3272283461300998&eid=31064151%2C31065631%2C31063246%2C31062930&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&sc=1&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C120e6fb9-b7ae-46f4-9a5a-75588a0f4977&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600&ifi=8&adks=2601422020&sfv=1-0-38&ecs=20220314&fsapi=false&prev_scp=ti%3D089ae12c-dd6d-4d0b-9be0-b8a928dcf704%26bid%3D0.01%26bid-p%3Dgoogle%26bsc%3D97&eri=1&cookie=ID%3Dd2d7a67de5f87c40-22591fbd5ccd00dc%3AT%3D1647278213%3AS%3DALNI_MZ_FWTwu4pj24RrU2mA5ezp9dMSEQ&abxe=1&dt=1647278213948&lmt=1647278213&dlt=1647278212972&idt=348&biw=1600&bih=1200&oid=2&adxs=1029&adys=760&ucis=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&fws=512&ohw=0&ga_vid=2123515482.1647278213&ga_sid=1647278213&ga_hid=1401490128&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

c4e7fa6666f37d359f2b3be8611dacc6148f93efcdc93631f3e78c4d4043e005

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37463
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 22ms
22ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_auto_interstitial_desktop&e=nai&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:53 GMT
cf-cache-status: HIT
age: 2199012
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e54ac923af-ZRH

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 897 B
498 B 268ms
268ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1938207847620433&correlator=296899622669965&eid=31064151%2C31065631%2C31063246%2C31062930&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&sc=1&iu_parts=44890869%3A3968751%2Cca-pub-3831894559014614-tag%2C42d64542-ad30-45c9-9859-6b93dc8b1e0c&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=9&adks=1978351858&sfv=1-0-38&ecs=20220314&ists=1&fas=8&fsapi=false&prev_scp=ti%3D089ae12c-dd6d-4d0b-9be0-b8a928dcf704%26interstitials-bid%3D0.2%26bid-p%3Dgoogle%26bsc%3D97&eri=1&cookie=ID%3Dd2d7a67de5f87c40%3AT%3D1647278213%3AS%3DALNI_MY2QFQpu_cVrH0UVauUgQd-IJ8Wew&abxe=1&dt=1647278213958&lmt=1647278213&dlt=1647278212972&idt=348&biw=1600&bih=1200&oid=2&ucis=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=2123515482.1647278213&ga_sid=1647278213&ga_hid=1401490128&ga_fc=false&btvi=-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

55f61bcf955513c5548d9a8b9706a3054865159e8ae0cc3a6371f8f384d3f325

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/274pYeudnKvDs/www.hawtcelebs.com/ 3 KB
2 KB 141ms
14ms Script
application/javascript 2600:9000:2240:dc00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/274pYeudnKvDs/www.hawtcelebs.com/choice.js
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:dc00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 747e8f5454d77ac3ee2339c3490cb7b805d59d7fedd4cc0682ae6ed9c33b7d25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
last-modified: Tue, 09 Feb 2021 19:08:19 GMT
server: AmazonS3
age: 39
etag: W/"9de17307c4f74768ad3438dca5916747"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b3fce8903671f8346e7a6a138d2d4610.cloudfront.net (CloudFront)
cache-control: max-age=900
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: a8e-Ha-Qs21l9NF0MNIvDfvbnI3LN7OxPdnQMGyJ3AQwLtOgYCNCnQ==

GET
H3 200 vld.json Show response
services.vlitag.com/uv/ 12 B
375 B 140ms
28ms XHR
application/json 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/uv/vld.json?page_url=https%3A%2F%2Fwww.hawtcelebs.com%2F&mtk=78&ctt=1647271858
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37bd89d0776acdb8565abd79559d140909e68570f7d74a6f0141d21aed4122f4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 15:31:02 GMT
server: cloudflare
age: 5727
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 6ebea8e75bf82325-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12
x-robots-tag: noindex, nofollow, noarchive, nosnippet

GET
H2 200 036e05035cbef88431e89138f2969605.js Show response
tag.vlitag.com/v1/1647271858/ 524 KB
131 KB 48ms
35ms Script
application/javascript 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.vlitag.com/v1/1647271858/036e05035cbef88431e89138f2969605.js
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=036e05035cbef88431e89138f2969605
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9779c524d3f8c4fc7c12f9a073da6a2db5b254cb2a87bfc7c3458f6b4ba5dfd6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 15:30:58 GMT
server: cloudflare
age: 5727
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
cf-ray: 6ebea8e6bd8a233d-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-bgj: minify

GET
H/1.1 200
OK d3d3Lmhhd3RjZWxlYnMuY29t Show response
tcheck.outbrainimg.com/tcheck/check/ 15 B
461 B 123ms
18ms XHR
application/json 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/d3d3Lmhhd3RjZWxlYnMuY29t
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:54 GMT
ETag: W/"f-ayLlCL3PuzXSThdu78iReSEjl6Y"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=2923
Access-Control-Allow-Credentials: false
Connection: keep-alive
X-TraceId: 32174a4e32e274ad79f80bcadee78008
Content-Length: 15
Expires: Mon, 14 Mar 2022 18:05:37 GMT

GET
H2 200 px.gif
widget-pixels.outbrain.com/widget/detect/ 43 B
341 B 39ms
22ms Image
image/gif 72.247.225.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1&rn=3.667577215342183
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 43
expires: Wed, 13 Apr 2022 17:16:54 GMT

GET
H/1.1 200
OK img.fetch Show response
udmserve.net/udm/ 15 KB
3 KB 193ms
193ms Script
application/x-javascript 68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to

Full URL: https://udmserve.net/udm/img.fetch?sid=17047;tid=1;ev=1;dt=8;
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/inpageLoader.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 68.71.249.118 , Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: 16821a5f257e2cb2fde65a0108ffb16a01a4dc4d9861ae2be981f60b9040cd54

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:54 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3p: NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Type: application/x-javascript
Expires: 0

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ 197 KB
68 KB 30ms
29ms Script
application/x-javascript 72.247.225.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 33fa9e7b90076d8f13fbbdd27c5900b6ee3a7da8d9bad7b75fce9a47b788b7b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
last-modified: Mon, 14 Mar 2022 11:45:29 GMT
etag: "16-TUc89UgKWgzfke9oh6nnrdAsGVE"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah-stg
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
x-traceid: aba9adca9251ce3f573b594b234f25ad
timing-allow-origin: *, *
content-length: 69511

GET
H2 200 js15_as.js Show response
s10.histats.com/ 11 KB
4 KB 117ms
10ms Script
text/javascript 46.105.201.240
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s10.histats.com/js15_as.js
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:13:09 GMT
content-encoding: br
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip: 137.74.120.0/27
etag: "-375139978"
x-cacheable: Matched cache
content-type: text/javascript
x-cdn-pop: sbg
accept-ranges: bytes
content-length: 4364
x-request-id: 96700468

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
366 B 30ms
30ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/x/e.js?ce=fs&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FMV73YZTFEBWPKQHZZRZK5C2
date: Mon, 14 Mar 2022 17:16:54 GMT
cf-cache-status: HIT
age: 2199013
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e6bd4d23af-ZRH

GET
H2 200 rrv7.js Show response
bid.underdog.media/ 5 KB
3 KB 9ms
9ms Script
application/x-javascript 2600:9000:2251:ce00:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.underdog.media/rrv7.js
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_Fri_3_11_10_11_16_2022.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:ce00:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f40bfcb86e662268fcef40a7b35d08441b17c7481fbea4fc75893c9b9cdf26a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 15:39:19 GMT
content-encoding: gzip
last-modified: Mon, 14 Mar 2022 15:30:04 GMT
server: AmazonS3
age: 5856
etag: "d128ec85ea7b096f3d95de537791028d"
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
cache-control: max-age=7200
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 2349
x-amz-cf-id: CxwFqsXqi-aNHtLmb64X1dLR43VBOKRzp3xpEerj7o_IMvzERQN2aQ==

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 40ms
22ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a26e594ef8b3ce2a31c958abca2d48efa43b3db24c241a05152e52c9b91bc73a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10615
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 96ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-10995097-8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4323
date: Mon, 14 Mar 2022 16:04:51 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 14 Mar 2022 18:04:51 GMT

GET
H/1.1 200
OK / Show response
t.dtscout.com/i/ 0
303 B 365ms
111ms Script
text/html 158.69.139.238
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.hawtcelebs.com%2F&j=
Requested by: Host: waust.at
URL: https://waust.at/c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 158.69.139.238 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip238.ip-158-69-139.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:54 GMT
Last-Modified: Thu, 16 Jan 2020 20:59:31 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e20ceb3-0"
Content-Type: text/html
Cache-Control: no-cache
Connection: close
Accept-Ranges: bytes
Content-Length: 0
Expires: Mon, 14 Mar 2022 17:16:53 GMT

GET
H3 200 container.html Show response
12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 28A6 6 KB
3 KB 37ms
20ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 17:16:53 GMT
expires: Tue, 14 Mar 2023 17:16:53 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 24ms
23ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.01&b=3&r=hawtcelebs.com_native_multi_native_home_7&sy=d0448239-c76c-419b-8150-7ec8a54ce5bc&ts=97&cd=2&pud=180&pus=c&pue=1809&pid=77&pis=c&pie=1887&ppd=161&pps=a&ppe=1971&pad=107&pas=c&pae=1919&pcl=1747&ttc=2039&tti=2878&ttif=0&lca=1971&lcak=ppe&lct=1971&lctk=ppe&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=570x600&mlbw=4g&mlcs=NaN&mltp=089ae12c-dd6d-4d0b-9be0-b8a928dcf704&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:54 GMT
cf-cache-status: HIT
age: 2199013
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e70dd223af-ZRH

GET
H3 200 container.html Show response
12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FDED 6 KB
3 KB 34ms
18ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 17:16:53 GMT
expires: Tue, 14 Mar 2023 17:16:53 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 20ms
20ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.01&b=3&r=hawtcelebs.com_160x600_hawt160&sy=d0448239-c76c-419b-8150-7ec8a54ce5bc&ts=97&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=160x600&mlbw=4g&mlcs=NaN&mltp=089ae12c-dd6d-4d0b-9be0-b8a928dcf704&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:54 GMT
cf-cache-status: HIT
age: 2199013
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e71de123af-ZRH

GET
H2 200 / Show response
whos.amung.us/pingjs/ 30 B
146 B 439ms
152ms Script
text/javascript 67.202.114.214
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://whos.amung.us/pingjs/?k=a9etg89wet&t=HawtCelebs%20%E2%80%93%20Latest%20Celebrities%20Pictures&c=c&x=https%3A%2F%2Fwww.hawtcelebs.com%2F&y=&a=0&d=1.747&v=29&r=675
Requested by: Host: waust.at
URL: https://waust.at/c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.202.114.214 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: amung.us
Software: /
Resource Hash: e9fc1444b589f6bce31440a89d61ad2d08bedebf9692bc1623ac7e570a035d7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
content-type: text/javascript;charset=UTF-8

GET
H3 200 container.html Show response
12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5370 6 KB
3 KB 29ms
14ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 17:16:53 GMT
expires: Tue, 14 Mar 2023 17:16:53 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 22ms
21ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0&b=2&r=hawtcelebs.com_responsive_h_hawtfuterreshor&sy=d0448239-c76c-419b-8150-7ec8a54ce5bc&ts=97&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=1024x100&mlbw=4g&mlcs=NaN&mltp=089ae12c-dd6d-4d0b-9be0-b8a928dcf704&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:54 GMT
cf-cache-status: HIT
age: 2199013
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e72e0223af-ZRH

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 26ms
25ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_auto_interstitial_desktop&e=nai&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:54 GMT
cf-cache-status: HIT
age: 2199013
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e72e0623af-ZRH

GET
H3 200 container.html Show response
12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9F5C 6 KB
3 KB 32ms
18ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 17:16:53 GMT
expires: Tue, 14 Mar 2023 17:16:53 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 27ms
27ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.01&b=3&r=hawtcelebs.com_responsive_h_archive-3&sy=d0448239-c76c-419b-8150-7ec8a54ce5bc&ts=97&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=530x100&mlbw=4g&mlcs=NaN&mltp=089ae12c-dd6d-4d0b-9be0-b8a928dcf704&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:54 GMT
cf-cache-status: HIT
age: 2199013
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e73e1b23af-ZRH

GET
H3 200 container.html Show response
12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9D07 6 KB
3 KB 18ms
9ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 17:16:53 GMT
expires: Tue, 14 Mar 2023 17:16:53 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 19ms
19ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.01&b=3&r=hawtcelebs.com_300x250_desno300x250&sy=d0448239-c76c-419b-8150-7ec8a54ce5bc&ts=97&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=300x250&mlbw=4g&mlcs=NaN&mltp=089ae12c-dd6d-4d0b-9be0-b8a928dcf704&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:54 GMT
cf-cache-status: HIT
age: 2199013
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e74e5423af-ZRH

GET
H3 200 container.html Show response
12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 980A 6 KB
3 KB 22ms
19ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 17:16:53 GMT
expires: Tue, 14 Mar 2023 17:16:53 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 31ms
30ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.01&b=3&r=hawtcelebs.com_300x600_hawt600&sy=d0448239-c76c-419b-8150-7ec8a54ce5bc&ts=97&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.hawtcelebs.com&mlre=undefined&mlin=0&mlsi=300x600&mlbw=4g&mlcs=NaN&mltp=089ae12c-dd6d-4d0b-9be0-b8a928dcf704&e=lm&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:16:54 GMT
cf-cache-status: HIT
age: 2199013
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea8e76e7e23af-ZRH

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 69ms
35ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H2 200 placement_invocation Show response
ob.cheqzone.com/ 48 KB
18 KB 30ms
8ms Script
text/javascript 52.222.236.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.cheqzone.com/placement_invocation?id=65349&idx=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-42.fra56.r.cloudfront.net
Software: Caddy /
Resource Hash: 55ed920d444210fbe713cf81e8d6a615cd96d1b950b0704752209568e5754b30

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 10:59:24 GMT
content-encoding: gzip
server: Caddy
age: 22650
etag: "bf83-flSXooGsmrmYNlxSK09toJAtNHc"
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 c9499008aa7e1acd11e9fbc171281d82.cloudfront.net (CloudFront)
cache-control: max-age=43200
x-amz-cf-pop: FRA56-P4
content-length: 18458
x-amz-cf-id: 833ph9U2JykImKs211iRo_He7Kt2RAh0T8r3HRuAqOfps7pJtNrcMA==
expires: Mon, 14 Mar 2022 22:59:24 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0D4B 624 B
297 B 62ms
29ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGIbDncEBMAE&v=APEucNUSmTvxPKF1atckIvRgwpPT4YU9rN7ibTHWTGWpEZlYVp_v6wI3cl80ARYxulZGZ9dXN52jseOQBHq7KuuDQIQgDMsXsnhEyWXfTPnHavYKNWxrNFdI6GrL-ZznrwO5dnNK43trlPW-YelCIiKPA6QdiA-hP_9nv3_9QT8Hc4wulzeprDNFKAsf5pxKLoHZXKQuShhr-uK0PMBub1qR54QGS0Jatw

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Mar 2022 17:16:54 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 9D07 106 KB
38 KB 50ms
7ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
Origin: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 12:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16152
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 12:47:42 GMT

GET
H3 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame 9D07 6 KB
3 KB 34ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2626
x-xss-protection: 0
server: cafe
etag: 8548655983161038638
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:13:39 GMT

GET
H3 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 9D07 19 KB
8 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite_fy2019.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:03:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7865
x-xss-protection: 0
server: cafe
etag: 17470246482903461409
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:03:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D07 42 B
63 B 55ms
31ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bqj2YLlaGxG3nx0iMZQ8e1GcR6g6_iRKen4g0MLT89VkfJKOYhwisLVy2X4JXoaA8_vA1H_MaRv-9QfyZ5DHcBg6wMPUEdfUZVlabcreoaywd9K8w

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 9D07 2 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:12:20 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9D07 117 KB
36 KB 64ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 9D07 15 KB
6 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:13:19 GMT

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ 51 B
185 B 308ms
105ms Script
text/html 198.27.80.143
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.histats.com/stats/0.php?1890596&@f16&@g1&@h1&@i1&@j1647278214373&@k0&@l1&@mHawtCelebs%20%E2%80%93%20Latest%20Celebrities%20Pictures&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:7131226&@b3:1647278214&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwww.hawtcelebs.com%2F&@w
Requested by: Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.27.80.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ns558056.ip-198-27-80.net
Software: /
Resource Hash: 9c8a71b9d4b571e9133a9e2cc61c54e37af1cee1682b6e3c861be9d43c88405b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:54 GMT
Connection: close
Content-Length: 51
Content-Type: text/html;charset=UTF-8

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 11ms
11ms Script
application/javascript 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/274pYeudnKvDs/www.hawtcelebs.com/choice.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
etag: "yoD6mq4JTyPdtDBolW+GUg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 21 Mar 2022 17:16:54 GMT

GET
H2 200 rules-p-274pYeudnKvDs.js Show response
rules.quantcount.com/ 3 B
429 B 9ms
8ms Script
application/javascript 2600:9000:2490:fc00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-274pYeudnKvDs.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:fc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:32:50 GMT
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
age: 54509
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:47:21 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
x-amz-cf-id: _E2L50duAEu-29MlmkWTGIjdv3qQgMYzNNZ0AxT9ukOVktDjG1o3sg==

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/ 178 KB
47 KB 9ms
9ms Script
text/javascript 2600:9000:2240:dc00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/274pYeudnKvDs/www.hawtcelebs.com/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:dc00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 32ed95b190974ab3c06dcbfe84decbe46ba5bf9ef759aaad201b053d06342d9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:25 GMT
content-encoding: gzip
age: 30
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Thu, 03 Feb 2022 15:12:49 GMT
server: AmazonS3
etag: W/"654a79dfaa26ade386414ddc75ea4b75"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 b3fce8903671f8346e7a6a138d2d4610.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-meta-qc-ineu: True
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: oB5tYsLPG9Rj4Hmz6TXqrU9qwzbFF_dkgxrekXFJFjGd2nLqBLSAzg==

GET
H2 200 pixel;r=1417532415;source=choice;rf=3;a=p-274pYeudnKvDs;url=https%3A%2F%2Fwww.hawtcelebs.com%2F;uht=2;fpan=0;fpa=P0-2103239629-1647278213761;pbc=;ns=0;ce=1;qjs=1;qv=b4915a16-20220201183321;cm=;gdpr...
pixel.quantserve.com/ 35 B
210 B 17ms
10ms Image
image/gif 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1417532415;source=choice;rf=3;a=p-274pYeudnKvDs;url=https%3A%2F%2Fwww.hawtcelebs.com%2F;uht=2;fpan=0;fpa=P0-2103239629-1647278213761;pbc=;ns=0;ce=1;qjs=1;qv=b4915a16-20220201183321;cm=;gdpr=0;ref=;d=hawtcelebs.com;je=0;sr=1600x1200x24;dst=0;et=1647278214378;tzo=0;ogl=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 39ms
15ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1401490128&t=pageview&_s=1&dl=https%3A%2F%2Fwww.hawtcelebs.com%2F&ul=en-us&de=UTF-8&dt=HawtCelebs%20%E2%80%93%20Latest%20Celebrities%20Pictures&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=165538619&gjid=717873351&cid=2123515482.1647278213&tid=UA-10995097-8&_gid=1313498691.1647278214&_r=1&gtm=2ou370&z=807776688

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.hawtcelebs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 155 KB
53 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9550021008970935

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1647271858/036e05035cbef88431e89138f2969605.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

384f455bbab388611081940c9b6bd93705cfa3e4bc0cf34065d4f002f9e2f430

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.hawtcelebs.com/
Origin: https://www.hawtcelebs.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54655
x-xss-protection: 0
server: cafe
etag: 6343612680352692247
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H2 200 prebid-6.14.1.js Show response
assets.vlitag.com/prebid/default/ 567 KB
158 KB 50ms
37ms Script
application/javascript 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/prebid/default/prebid-6.14.1.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1647271858/036e05035cbef88431e89138f2969605.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4faefb5ac2e4d761b02b536f9c38308ba852f5f2b7b077e2a35f0666c6b94a9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 538860
cf-polished: origSize=580392
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Tue, 08 Mar 2022 11:35:45 GMT
server: cloudflare
etag: W/"62273f91-8db28"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=16070400
cf-ray: 6ebea8e85837233d-ZRH
expires: Tue, 08 Mar 2022 12:05:50 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
27 KB 33ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1647271858/036e05035cbef88431e89138f2969605.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c726d0d53be662a7b59d01180ac241cb688580b841731f169b3b3f9146de4a0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27707
x-xss-protection: 0
server: sffe
etag: "1158 / 960 of 1000 / last-modified: 1647276888"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 367 KB
122 KB 73ms
30ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1647271858/036e05035cbef88431e89138f2969605.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7492476dfa60f0146889b13e37c67fd1a70e42e6ddb017c0c08e25148fd8985

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124424
x-xss-protection: 0
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H2 200 sf_host.min.js Show response
assets.vlitag.com/plugins/safeframe/src/js/ 38 KB
17 KB 48ms
36ms Script
application/javascript 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/safeframe/src/js/sf_host.min.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1647271858/036e05035cbef88431e89138f2969605.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 129710
cf-ray: 6ebea8e85834233d-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Nov 2019 05:04:50 GMT
server: cloudflare
etag: W/"5dbbbcf2-9806"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=16070400
x-robots-tag: noindex, nofollow
expires: Sat, 26 Feb 2022 15:38:44 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8D11 640 B
316 B 30ms
28ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARigvNe9ATAB&v=APEucNV0UtgQiwW8V3VRRuJJkgaQLnHvHVmVQKCRSy3pmuVp0WkySkk6bHOhlbroxdQV_DqqEr2zz4BtCdPs2WW5H2NGYPVTrQGJEt_7docQ6zV3P6B0VTf9seoiw8IEXSUledlRNzjFFOIrFVBLshhYZJxPRMDw0fcKbsPcjIKnv1CEEpLsk8xb58OLnRioK4iPU_Ht-P8DlJ3Fg6uU8mYSvmz87ULCXQ

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Mar 2022 17:16:54 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D822 79 KB
33 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BThWmXNzVOFG79BU7MUk7OKs9tPTwq8OrNLlRIemKLb_2jOfP5Atg1Hg6KeZBv_zrk_-XWTTYofCZl_C9n0C8D1isA7yQ62EETUqp14W5oyCNrG4EXaA3dy8vJ-g5emvSAVs1jh7INEIybyxQ2RvCgnf3Qhg&dbm_d=AKAmf-CgUHb9B2lQiOnlj29kmwXhlNsrnjng68_6Mcl2QZPz2YZFHAJcC8e9nuXqnNaLI3sgQQHE8JJ4rBgAncCe_dn1_CsyEA_LuFIZREDhXnBq8izzzLX6jAuXtE295ZTJlR8v-t9dzeA-1yp3VqicZNFJDXRwe3kr7n3fPjrpU41jlrUU3sGnIl5X9X6_hUqo4DSKQ1jsoO1_68LEx56Vgz7NvrXsPKTqgWLpttJ-p_nwuz4jv2_cNx0sGP3-Cfeu-WNASTh9ZhwXbLhPSJ5VaSwuYXN2NfftGGVDmaHHfKxQzJ6Z6UAWvSSIDZqwq6WxDkSkgbUQpoCWEPwrfhdEsEa200aKOLPk4Ck8fIkBgwVjX4qnLnPDIonPGRl4pK7yYfrT4uEPRpY6ODEHSvlhqsn1-q3uEQOLc3pzvBSd9P9C7RhZjbCTr0Ur-upkCUhygB7zVvmXJK2Imq4t_RtJrYKHzJ7zH2jXvfHD62pkFNG23Im6bkaCM_exIAijv8S72oIEKrOfP7jBW3-QqbPT5B5Z_CZBM-nGn4EgfR6CXFqmiFygIa5LTxBW3IUeqYLGH62qNfjoJsQiXXzVzKPTuRPDfxUo8IjWiRxc3RusN7U6QreJyDelWCBAv6qODqvm-byz-ZYIvOfHSGF4QF4zC_IiDcOMGy-sCNB89KoCjf5uSxRwMNkV3l-tBLzlYi63c2Vs9wsU0G876LWAMxsh_q16iwGzbxWZ1xqiVWvuz15kbtrxp4Ju55o0vDmQNu0Lesy9sXFKgkCtoM04Xn59lAfoiOb9QL6HuMHB0MjbnHCzRrVppvBpJlf_xO25EF9XqlLY-At6RUFv6GVrFtLu-kTZ9LvZh0HBGj_dTNsbtfug8vQJbhX5SolDSSLHs4bMXfkWyLfOB0ympclpX1cyREPq51APJzvEa0TfY8NvFfY6roFaP2EdCcM_OaCnTBNZoDFNoycnkvEanKYEwumXoRush6NBqqWcP6yYLy5_vy47vCpk3k2XCziTa7YnE2hNRhxvu24AWCIYHwhQeTxvvRsyADdn274K5n5qGfDky7yjErQ_SBvx7wXzL0NXCP699xUwfUnTK1rAdSTd-ZYX46kQtjo3JnLUkWh19pHVMukKWn3lDLCOQugNEgojjBLgy9JBYLMiwr5KRS1ao8L2ffDGfF_Yx4_q6BHiCukgDFg8iOgCT1OFjdVKtU35N4B_YEV_u5Qi2IuPTUPPGzWMfRx1Emz9PP5CAQSHAOi9TbpvHPbFTUjUsIpnEmF2y3VCjiZnmrasIQmS4_0ZApqVIE4DPtearyBCQ2BZCMKw9uNp1uBaQhqH3VL8MmCpGqO6xQsbySAQs1G76H-DSv8IfHSc_Ij9hiWOBui6Xyt-0u_cLbvhnFbg5anj94r7dAHQj1EA5kMjA1dPDz4kPp01sosb1Va-ATNPAiOikHOCw4B0XsyHjjpKQhKUeSNqZfEHnXHhRqhSL6MYQ4jR8tBsSyCfw2qO9lMP_dkawbwXfCbcHCA6S3EaRLJuqj1h1XmqfJiSf8vtwIN_Nynzy_ZIyGiX7iAr3Zw3ImKrGvfG3v7uZhv-BWkyP0Lgqs-zc8OR3KHTmlLn65BWjzGO_16a5ycrVjLxEdGCxDQ2epUMg-taLRWPp-D2Ocd_YSCv2HnOU8wUHR8H2Exh5nJ4G4YHQ8IKdVxcuHBtm3iF2dJzCnuZCjaPsKuW2JbtI8gwTnqdX8GH6jqP6RLQGB9qi_CWorjgSAVedch2BUFO0NZOHGNrT8tLzD0_cc67MMlwR5tSapHc3XVvNhGlU9WKvJN8E4uNCvfqTkw3U_5o0n8Bn_mrTTCwHGKZ6zYpfDXXIijMrSkB-89PMN00mXYbEWQv9KPvFLtnttpg4MArg8WerZ1JAQS7MhdgXOPbw8NPwJcgwGh8QiGZbSgscdXyjLfPSJZJiToTtqKsVEUYlBnMf4Z54-Ddrx-6LMANK61KHeHdE3LvFk5-pHVnq_YYwpnFpzCrxZNAR-BeUcolkRR7uevKy_VKSaa6s7hQyEFh6XsQaC9jvqubf3c4fbGQa6oSLzOG5gQZ9vfPq-eYghz1aCBYeFGA3TAG-tdGMZ_a0LPkBp17G4ett4gFkB8fzgbUdLsNxi8sBaGF9CqBNV-v9daolChOc4VPO5up9Tn6QyzRG2nwlo-ahpZUmQWQ9TMsV1RKfEp9VzaVLLgV2gzomdcquJ_854osMi1VF65SxMn6W9UslwmQaAxiKyoq7Q1LQ-gUU3iRSM9AVYc9ZGfjjjYg-1nLkFpyDVjzlGSGM2IUjkd9s2VoxCKuwQ0N_HCNIQ-MN047bF5Boc_n6u5RHEeTSBFjidQDh9GnzqDHKoFmtgK554vzAMW-p57k327BPzO3Ny-ErcBT4zxPvXLnmwa0y-6MPllB6DYERgcqovi1l4-710XljZYldIWHZgtbeWHJdziGdzqNYfwClARvt198uEfbyyn9k_rpmVIBfziafm0EovFqjsQ7byoNMs8dm2ksImz9axfEHSJ8tfS__D_zkVpgl0RGKrYm3oVHRkTlPgoEK3J_FLX93DMXnlBIXesW1tpllTSqOMLXo3V2V7iUCyM1-1JxMJi56e4iXWbrn_HU4gE6y_AS9LcIaa6iMgLUF4Qc-mJJ2-N_1TPbzd6XFlQIaiWmbhMeUzc2JQKnCiT6BaW6rwcLVjzxU5KGNui9kC8Hsk8znuTHinthKyQy4IjXX09cZOfAUI9rkL0CYTEaPc0j7ElN5iqye2_w-IKfeRzTu1wdQujiij4CBRm4sTegztqB7T3URI8JWOJXpMizvXlZW_y0asnUN1AF0iSVLHBiUKIqpMCR875JBdtOyR4uzNpXk603xTJnC8yYIkfq3XUcd82jrBiOhLi8_bUv0eqiEM1VWVBL004birCoh240jppnNJ2aiHlBGvz4K8odg-sdFKqoEqOWe29stWo2FDkmjZUNWCrTQvscVkrRzSJwjpUfFVNXeHLIwSG_5WYL5D_HvBUdo8PE5MeztmmnvpMadHx9-_mXMsGIvyiodb8JyM2wSwgddrdENg-K1c1tTNDYUm-P3vohSRUCkMlcTU8YoF8QNeBivRsZywhPjZhIdxZ8013Jvm8nEE-QcShbqg9XY7vK6KgZiUlbGrea8Yo3sA&cid=CAASJeRoRuk8Tp7yqfkdtdDITLRmbUvjkkqh75GRfPMKsqfVjXQbyNc&rfl=2%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb7b7e31cd0bc4f5cfc2c8745e4b1876ebb137dbe6881eb952b1dfc5a5b3cb54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33690
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame D822 2 KB
1 KB 73ms
47ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:12:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D822 117 KB
36 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame D822 15 KB
6 KB 71ms
45ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:13:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D822 0
0 104ms
15ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQd4RvmOd6kvSuIWiRIvY4kCCN08Xx9DLMiZ_ICP_NsbeWUggYXvxAvJ8_9iP8AyMzwSWyk6wtEziB9eah0dhXBI8Lppg
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D822 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AI2nniSlqKm7iwyUfd_y6S2lgYQYA04-e1F0M2rlM9f3Fn1ZTW3OK0utEnFv3dVXdkAFvOPU4fg6M6-LlPeLdbVa-4B5n1TjcM_wJIv_LbxdAxLDw

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 264F 640 B
316 B 26ms
24ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic5u7AATAB&v=APEucNXYzAyEf0JozL0t_usoOiv9DGQ6yIgOL6iLuhh7unMk5_MJrwt7PBQ9uUoYC0SsQxN8OqX7Svkm_2jXJ5imLqfjxaFl9QZhfEV0sK7hugKflgvU--jEq1DMs1HpsnrUm2IP83WAN64ci5T0UXFtejVzPwC_ZkaZ8DBrgQDCVYupcEftE3cSQUQfNflypBeekUPN8SL65BSI0BYG7lD_7N4uvB6rVg

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Mar 2022 17:16:54 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FDED 79 KB
33 KB 75ms
74ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BjgXYLxkINCTd4PLsLRpSNTag_86olbij4gd3ZCAZmS5dTSEI2JNswLQLZTL6vrXKPa_uoPcR-Yo6UlMBkt6gz3D34XjWwYR8Dd1O-DL4qipePiGG84SNdNveyJwZDV5L-Rs0_g6f9DVnSZGH5Km8zcT8tqQ&dbm_d=AKAmf-AySpjht8_D-aAci5zbFpIOYIBiub4uGGgR9m9wUN9yh0gocvRL4164X0aOI74oPf-a35tnGKWCCZinFVxazZoEPEERkJf4ty12_611mt8wl4e3Lx3ejlIuRhVacYfixobNbDac3-j-MFBp8Cmc74rJtYkOFZd9kARqAMmpK_RungAgy7gjHaaMQb8EbeM-_dq60R14TUvbGYT8ybXYLt6Yj8Nx_4Pae2sxYwTWwdA1fY7gUiTNQcHEMr1fGsXKJODTj3fWpMWXa9ID6ZqcKlkx-OEtqdKYUkuDCdLE-R5cmT4VIAJv4pQ2H7MM9Pb6jmSEgtW0t9I4rt377EqRPw6T3v2hxhVPQzvaUk8fwXBmQRUq9ZcOMbflFHvThFBUqidZDClb-fOlHJOwlMTlMKOpPSGwdWqgDFqqieBiY5Y2HozRFZZr5eMC-ry5kHaRj8gJIceT7lDttKK2rad3DECg5RR8wYm3Sr9cRA5DTIS-p2m3gOWJRrDdTxO4lBEuvnY8HEE3TCNLQxgla5qaIMdcJ9-WHb-eOZuqZQS-wmNKRw4qirWT6Enbr2QnCZmOlyrasnIA83677r1Sugm5XemZYUapqo7jkjmfvnusZprbC2-1X58kzyW46PLFkhduVYQa8v5qAxlG3bbB2Vz5Oe_1v7HXHxpvU2KqLCM8TSMeVHmdhzDQ3YM-1l1klz4vUceH9zlUq7UwCkpvNsplUUApr6uMatupFsoNIOCNf97QF7plBADRC6GIWObOEh8lWunZixy7ngzaLvg8pD2p_zQQ7LuN00hYjfVYTyt96y5DUSJu4J0M4wSqX2MJN9HOEaevDzszW6VCAgxukJv1W1h4dtr6s2-VuglMdQ6Cv0dAt3m-lGr9mgk_JAaSTOLHZne0fio5afyAKLpVeQWaXyTEiJVdf5AoqBIEioUjqUveHlQ4wn4_AOC1fjAiWmrggbuJI1EChq-bRl41LYtIqi-u7u8VZRT6ScrGBl5TGIdGv_eFkTPdW3C-hf6yaGPpplpV4kaIRySRIZrz45qHMHo-8wYAlNnMMi-aEjT9awW0AmfT69sd-7m_nYp-_r1sm_AHvfvknKRxqk4bQm1XXXzljMXZx8pEXqWj31V3G6ULU3lqTNA2OYpO1COXALILCyFnF13B6vlxRQJ_Wfs_F2xIY12VV1a-e5dnspAgGOJ_DaVCtULn0k7wLjk6OljpTPdTZ3ZKZEY5IU8ocZGqJrXIzSlMjJlis6hFQdB-6nm2gqPOG7rsCPIfp7O9hmDHlRzlL7JsSZzxb6jIklEgJ97SuoIV8pH_Q2opLFg3n1sak9XNMprZimoiNlFJY5oXSXW0FgUVSJxRcrvZbMUGjdQhOQ0yO3O2IQwYX8_D8ckf-BOu_FRGKGYteu3DUoHLo8KiuoLPfcMSJ_5URBrOmKCnmyORG-AjK_mT_hNliVqwHWSYkL8tb5gSxLYZPF37ylWydniAsCePkdYJauskur32GBVtGUqt4ZGvKaNShl0JNwJIAyCS645Hl_Nodz0AB7oi8BIu1Ku-D-Arlbh8jfqOifbKtwz7XaxyKeyOG1uVhiCiKmdgJicQd5vcyTlhsLNIZHxOd80ZHQa5srlSOAWod1K9ihlVTbH4VfpPBSa1ABdv_d9-jURm2fr5XTez5hj_SNmjGVzjaZT_gO35C7UINqoolMHG04Z0woyYchr4DqC_EFBsWtMzhQr3MM6VZPtz_Oba6CGmzzF5Lh9QtyO__r8zRWIIvt0DM1265XjZYmh1vH0NsUkkkOdwP6UQoOlF1aEBua-jhhKCb7QmNl6rQ665T3GfDIhfXWwb_mo1L61ntJjD1lu8xxpoKad2oTPnYhHqe7OlOP5-STRs1yMO0eIiLSzF4vTUv4mV4Tz1G1VX68JLmIYOGTtF4YAhTKaRQoMOQzfuzuYU4pAzlwDwxqDdfxLWBSYATNOVtb38rwlfB9iLvOgL0K8Eu-0zUbsLw_aUHp4whQLqOduskj7BkGaUaLcPLpgOgs74iwj5mWZoNAcC7iz3DR1JLkMyJKl3mHQTpojMVjwvofG_ZCq5M1KRUrE4aKpwq1PLVkyDkjrNzqzFAucKylnzKRYdvCQk9r1rCJR-mxKH5ED1RrrhPk9cTFM_HkIQpqqEswAQ06Xe8-moKFojFywJCPZGskNebDTlPXO5JaygN4TLGAU6fsfRxoPyutl0M7RW_iwLK57P1UrBk-aMJqqP4RHHo69Q8w0MEnkI00NZJa75B2Pn7srj-jn1rd7Yo4qYlG8bKLayKHMl63IuZ7bz96L43nZfrFLqY69PLBojsKMu2Tw83EhhOSP3O7-2yrOEha2D3PSKFSCwwb-g--5_tnsBkmP-GgzZGNzTWSUi86vQoaR8HVFNF7DmGwTQdWdoUZ1SQVzWEUopW1xaOsLrgeS6RaoFxdw2kqma1KSTgzZk8i1fKNbvP0-fvTv7qUd_UBQ_G3acSXOufBMwNBxyQ8t5MXWEb55GYv8nOxGQzEverVmqH62whYO2D9Q7kdR_PkWwHINn_IX4e_fIq5GkIxOt6TIShapZx6rCKEjsMM3rJG9WNOsmPtJqNpqjErOzw_HraslicUimSJDSeQL2nwVMoqe4mnfHs8Xic3T7c2ELp1HaGfbXqTO0HJH7Z3W7Fr6O7fczyDq3_KzfcQNjxo2yF4w3F3CVyZzS5DDQbleax17Ixn0aOwNH9QQEl7YpraNBLRi63JboXW6muFYU9yHviCjfbPnHsrTVTX6wfdvV8a-yARG_rTn-Y0ekW7O0dkhTPw07xNJhUnOYX7jQsbrngLkKwQmhG-Pcqcspiaeljk49w9qC2TAfeAH-InYs6q9wnS9LiSTJSvAnVvCYQHaA0Vw2If0S7BQgA8jWxwObWpZxmueDtyI4lxmaJ9cd5CJ41ZGQm0SbAyrPvEfo0cNDFAs45wvk8sNWWgA6A7nqYfd4gyXJOBX1RoM7GrMK-1AFM6hkJcQmWkVLi_tXcOuaeiNVqO91rQfaZAyUomSgPwV_1BYD82qgL6OaZfZSstbGHnMZT38z_KBN7NIdnLXBExkiNQJU5dh5W_HtT1L_33WSRKQo0p2cSt63l_k_NHkJqiaK_eEqi2SCGhukvr_Lm3EhJz7FJerKglmdV77JDjlUpwKd_rfIr8c_lFQinXntsysgrXo&cid=CAASJeRoNacT3WHco9FZFWTWyptOgs_AB0E6iOkzlPi49odtc9_V8kg&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b38af3a465240f759fee9ed2a935c0eeed55b79482711ff665b5f317a2006159

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33653
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FDED 42 B
63 B 37ms
36ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D8NyOCB3hqXxQXFughbUIOJruMJ0DjPt-k8akTcXBc-Jd_xenj2j9axbo0ISGMq5C9hxzjUoVcfghBmw6_bwncRKKYoxemHzz1m_LgmUDz0QeZcrA

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame FDED 2 KB
1 KB 70ms
47ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:12:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FDED 117 KB
36 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame FDED 15 KB
6 KB 68ms
45ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:13:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FDED 0
0 99ms
13ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTH6yHxWHRFb73DdGXRhpbIlWDJoTpz9PttKW2GPE8Omn6MI7GjwTBKdvB8NRe2Rjrjr0aibZS79ewJIajRA0b31INRWA
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9F5C 0
0 62ms
62ms Fetch
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C2zaAhXgvYouFO5KS7_UP7PSQ6AbJntKxXPXqoYaIAcCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0oAHVttLqA8gBCakCESfkN4Zhsj7gAgCoAwGqBKACT9AQfxXb8nqC-tqR3TZ-vrDysC4qYx2yV2_n9tsVxDf3UeKQinWZGqxFVqN0qYeQrOFEgKhug72dn7A7LwiZcwjT9dCbtIJupELzpr5CmLRO1Z1ZjBOh5E7oelclo4Z6Rx2vKBxzuYxop930H0D_QomcGvrXc6gr3Ytt3E1aWmn4FEd21haIijojrASZc_ehPveoHomEeXkl3_A8mQ3DPSJQb22WGH5yntUwGk5X_a55UzkEXUg1kMBIqY42bFoi86KP7CprM9fCAXDIlg20grNdi_Q_hJb3ZVfLgB8N7FXno69-lWfAZpuvocxgBRQej9GGj3Xy0o5-up521HiXUi87PFurXBSlTQPTc2p_cdfHbvi6-onidkVxaqqPiCK34AQBgAai4MeB8uC3y5ABoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTk5Mzg1NjU4MjIwMzQ2ODCACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMzgzMTg5NDU1OTAxNDYxNBj9-RM&sigh=_1WEDoZYjWw&uach_m=[UACH]&cid=CAQSPACNIrLMzo2VQB-xhrMU5sw5gvHa1uo_QMQxtNIqpJb_WB4bNzxTm9Tn04Ul3zSU9PG1js3suHysJu2RuRgB
Requested by: Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 9F5C 0
0 100ms
16ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=U_S-DLr5RJIEZJ2DYgICAAAAr-LRh6lMyNsZFwHLmc9pphCFeC9ixsxumaUkc_2yceMAEg&wp=Yi94hQAOwosIu8kSAAQ6bAKAlQ9uXFq-9yyB0g

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:53 GMT
server: Kestrel
server-processing-duration-in-ticks: 176079
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame BB6D 164 KB
50 KB 238ms
153ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yi94hQAOwosIu8kSAAQ6bAKAlQ9uXFq-9yyB0g&u=%7C2x2cCGSh%2FEFkFtyRVB97s3T6haTWJUkFvXVydniMn%2Fg%3D%7C&c1=zhOks3zwNR2QJkrtGpxDD0z6RaFAlAQ6ciC3rnAoG72_3BFDfZ8qj0n6FwJ08CvvAGNOXbGt8dS1K7BAsQCJQ5J-Qmor5QE8TopbP1DQmyz4KLQo38C14ufimpftpKE7i0zxjQ5yhByd7Bq71d9id8DH2aSdEdrObxFrG98d2Lg4KlwHhOS3q8Dr5MW94cbNA3Md2oRDqhOfTzDtHTgglDHSXlkoiNyXj9Uw1SDuAcwJ7HTAwVvi9A40N1efphPky_oa2BGQakczV4-RmwN_iMoGRqhFw0Py9oTu-LR1M97xEMABQ3ocyiaJU-Bt3P4nN-0zJTxK6F0mGL7wejH5wacYkGGV2vFS4BvP4RUoO9bQna4UpovKkfeiNdJCWg5oKw0fooj3cKOy-0m5U8u8bW_LGR8lEor_Djm30DEdmGQ6Lwa5ajq0O1n2RNRgphefhuzGyeP0KrPE73jCXO0mOw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvcjkhXgvYouFO5KS7_UP7PSQ6AbJntKxXPXqoYaIAcCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0oAHVttLqA8gBCakCESfkN4Zhsj7gAgCoAwGqBKMCT9AQfxXb8nqC-tqR3TZ-vrDysC4qYx2yV2_n9tsVxDf3UeKQinWZGqxFVqN0qYeQrOFEgKhug72dn7A7LwiZcwjT9dCbtIJupELzpr5CmLRO1Z1ZjBOh5E7oelclo4Z6Rx2vKBxzuYxop930H0D_QomcGvrXc6gr3Ytt3E1aWmn4FEd21haIijojrASZc_ehPveoHomEeXkl3_A8mQ3DPSJQb22WGH5yntUwGk5X_a55UzkEXUg1kMBIqY42bFoi86KP7CprM9fCAXDIlg20grNdi_Q_hJb3ZVfLgB8N7FXno69-lWfAZpuvocxgBRQej9GGj3Xy0o5-utx09eoQ3bMog8e__8SY6_vaZ2DJe_nf7Exyxy8QyVtdci8lDDEI9Pzp4AQBgAai4MeB8uC3y5ABoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTk5Mzg1NjU4MjIwMzQ2ODD6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3KnDt9z-rlfnySyG1qSN3SkEEfig%26client%3Dca-pub-3831894559014614%26adurl%3D

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

5c777431c1470110a5fb07d70b3472b1f15e264a9d3b78e516b9684da1e7ad94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=46oEUSwJ3YLTDbEEDign5RG2Z-1h7JgiJjUmDT6VqEk5cEKU9zmH1z82DTI420GxFdQ5gRdi9p7xG8doTghD-otbbGe_6AQjn-jlMmOiZyz2TnDzCerJuZYsqv-TAev6icGo0W_ugLpxB0zc-UBwrFEMg86AfnkvXUsW8TUTZce9zBM3lhViaPNfCb2OhF2-7_yI8xquXNY27hkCbYnE7PzeihoSAnsYIRFRTdVDaDSksBnv71AbOTrxgys"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 136715706
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 9F5C 2 KB
1 KB 56ms
36ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:12:20 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 27E0 1 KB
749 B 30ms
18ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 14 Mar 2022 05:53:44 GMT
expires: Tue, 15 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 40990
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9F5C 117 KB
36 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 9F5C 15 KB
6 KB 57ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:13:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9F5C 0
0 95ms
14ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTQhj-18GKXBEzgXZ7h10yoCtb0Eytuir07MpP8vOvXQj6dhQZSurtYtgyJ_oGYxiNqaXvebonsh5b651Ilaz5y9yZXPQ
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 9F5C 22 KB
7 KB 57ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 14:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10818
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 14:16:36 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8FEC 499 B
334 B 62ms
48ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGPyJtMQBMAE&v=APEucNVA4onkFAx2C4Bygx52IteknlnQzGL9TNNHbBOrBRGXWtbi1EiJRta2V4ukr9FNhng3kSK2kZtKWiuX9OSj6kx0EFnlHoc5i8nZ4Ij4J7W_-zWRdxJJkRUs21yGb4U6ZOJG8mu0sIKJGlgNbHGT2XvzES65BtwwOAFGAczKKBBB1y_Wzr2WT6PXOFRLCQ-elYu8hqsALSrbmBcNEb4wZp0UKW-j_A

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Mar 2022 17:16:54 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 980A 106 KB
37 KB 50ms
26ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
Origin: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 12:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16152
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 12:47:42 GMT

GET
H3 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame 980A 6 KB
3 KB 29ms
23ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2626
x-xss-protection: 0
server: cafe
etag: 8548655983161038638
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:13:39 GMT

GET
H3 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 980A 19 KB
8 KB 40ms
34ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite_fy2019.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:03:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7865
x-xss-protection: 0
server: cafe
etag: 17470246482903461409
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:03:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 980A 42 B
63 B 53ms
47ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AViZ37FjBJOy88s66kmnkVEENZ2iPpNBkZw2D0l9oWa--MNb-sMmr3Qrn-ZNd_HMUGzT8Sffk8yDRM_UGUhAO4BOoNHU-mUj4n_k-EzcqtRkTl1so

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 980A 2 KB
1 KB 50ms
44ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:12:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 980A 117 KB
36 KB 57ms
51ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 980A 15 KB
6 KB 49ms
43ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:13:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 980A 0
0 82ms
16ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS87-Ytee-70d7NlcO9yf5Jb1tusz5NKziabUeVDu7sDHTSdN0jr0A6J0YZd_FNLX1pOuv9NzfAngAqwoqauLg0dWn3Ug
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 28A6 22 KB
7 KB 45ms
42ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 14:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10818
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 14:16:36 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 28A6 2 KB
448 B 63ms
18ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cardo:400,700&lang=de

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

99102e527161666787f96e02feaaf9416de6b06d3fcea9635c500ef4662d238b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 17:16:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 14 Mar 2022 17:16:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H3 200 15509668166230846236
tpc.googlesyndication.com/simgad/ Frame 28A6 936 KB
936 KB 44ms
42ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15509668166230846236?

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb8ae618006941b6b9f90f644b3fffa993586c2ceb817a5fab715a0a7b543c47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:02:53 GMT
x-content-type-options: nosniff
age: 357241
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 958606
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:33:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 10 Mar 2023 14:02:53 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 28A6 117 KB
36 KB 62ms
60ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H2 200 show_pla Show response
obs.cheqzone.com/ 2 KB
2 KB 298ms
107ms Script
text/javascript 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.cheqzone.com/show_pla?id=65349&url=https%3A%2F%2Fwww.hawtcelebs.com%2F&sf=0&k=&idx=0&ch=&ext=&np=linux%20x86_64&nv=google%20inc.&rand=64021158200029208991097839026150035018082622182872778691550823892712&nc=0&tsf=0&tsfmi=&pv=0&cb=1647278214617&ref=&pit=1&hl=2&op=0&fs=1600x1200&ss=1600x1200&pre=0&jsonp=OBR.extern.onCheqResponse&mr=&ag=437199853&at=&bid=e30%3D&di=W1siZWYiLDQ5MTddLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbDJcIixcInZcIjpcImdvb2dsZSBpbmMu%0D%0AIChnb29nbGUpXCIsXCJyXCI6XCJhbmdsZSAoZ29vZ2xlLCB2dWxrYW4gMS4yLjAgKHN3aWZ0c2hh%0D%0AZGVyIGRldmljZSAoc3ViemVybykgKDB4MDAwMGMwZGUpKSwgc3dpZnRzaGFkZXIgZHJpdmVyLTUu%0D%0AMC4wKVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDMuMDAgKG9wZW5nbCBlcyBnbHNsIGVzIDMu%0D%0AMCBjaHJvbWl1bSlcIixcImd2ZXJcIjpcIndlYmdsIDIuMCAob3BlbmdsIGVzIDMuMCBjaHJvbWl1%0D%0AbSlcIixcImd2ZW5cIjpcIndlYmtpdFwiLFwiYmVuXCI6NyxcIndnbFwiOjEsXCJncmVuXCI6XCJ3%0D%0AZWJraXQgd2ViZ2xcIixcInNlZlwiOjE3NTUyMzM3NTUsXCJzZWNcIjpcIlwifSJdLFstMSwiLSJd%0D%0ALFstMiwiMzIsZVlHOVgxL1gxdFpsUzIyZDUxeDhZTlk5TXhKUUVNQ2RVQkhKTDg2TDIzQUNHVWhC%0D%0ASXdJU1NFRUFjSUpmUmVBZ1FJRUZvSW5kQ3h3UVhqaG8yNzE5Nm1Nak92L3I4NzB1eHFGeCJdLFst%0D%0AMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwibWhqZmJtZGdjZmpiYnBhZW9qb2ZvaG9lZmdp%0D%0AZWhqYWlcIixcImludGVybmFsLW5hY2wtcGx1Z2luXCJdIl0sWy00LCItIl0sWy01LCItIl0sWy02%0D%0ALCJ7XCJ3XCI6W1wiMFwiLFwiY2hyb21lXCIsXCJfX3JvY2tldExvYWRlckV2ZW50Q3RvclwiLFwi%0D%0AX19yb2NrZXRMb2FkZXJMb2FkUHJvZ3Jlc3NTaW11bGF0b3JcIixcIl9fY2ZRUlwiLFwiZGVtYW5k%0D%0AU3VwcGx5U2NcIixcImRlbWFuZFN1cHBseUNyXCIsXCJkZW1hbmRTdXBwbHlTclwiLFwiaG91c2VB%0D%0AZENhbXBhaWduc1wiLFwiZGVtYW5kU3VwcGx5VGlcIixcImRlbWFuZFN1cHBseUFwXCIsXCJkZW1h%0D%0AbmRTdXBwbHlUY1wiLFwiZGVtYW5kU3VwcGx5XCIsXCJnb29nbGV0YWdcIixcImdvb2dfcHZzaWRc%0D%0AIixcImdnZWFjXCIsXCJnb29nbGVfanNfcmVwb3J0aW5nX3F1ZXVlXCIsXCJkc3BianNcIixcIl9h%0D%0AcHBcIixcImdvb2dsZV9zcnRcIixcImdvb2dsZV9sb2dnaW5nX3F1ZXVlXCIsXCJ0bW9kXCIsXCJn%0D%0Ab29nbGVfYWRfbW9kaWZpY2F0aW9uc1wiLFwiZ29vZ2xlX3BlcnNpc3RlbnRfc3RhdGVfYXN5bmNc%0D%0AIixcImdvb2dsZV9tZWFzdXJlX2pzX3RpbWluZ1wiLFwiZ29vZ2xlX3JlYWN0aXZlX2Fkc19nbG9i%0D%0AYWxfc3RhdGVcIixcIl9nZnBfYV9cIixcImFkc2J5Z29vZ2xlXCIsXCJnb29nbGVfdXNlcl9hZ2Vu%0D%0AdF9jbGllbnRfaGludFwiLFwiZ29vZ2xlVG9rZW5cIixcImdvb2dsZUlNU3RhdGVcIixcInByb2Nl%0D%0Ac3NHb29nbGVUb2tlblwiLFwiZ29vZ2xlX3VuaXF1ZV9pZFwiLFwiZ2FHbG9iYWxcIixcImdvb2df%0D%0Ac2RyX2xcIixcInVkbV9hZHNfcXVldWVcIixcInVkbV9lZGdlX2luaXRcIixcIl9xb3B0aW9uc1wi%0D%0ALFwiX3FldmVudHNcIixcInVkbV9yM0NodW5rXCIsXCJ1ZG1fcjNcIixcIl9wYmpzR2xvYmFsc1wi%0D%0ALFwiX19jb3JlLWpzX3NoYXJlZF9fXCIsXCJlbmRlZEhhbmRsZXJcIixcInVkbV9wcm9jZXNzX2Fk%0D%0Ac19xdWV1ZVwiLFwiZGVsZXRlX3VkbV9lZGdlXCIsXCJyZWxvYWRfdWRtX2VkZ2VcIixcInF1YW50%0D%0Ac2VydmVcIixcIl9fcWNcIixcImV6dFwiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTcsIi0iXSxb%0D%0ALTgsIi0iXSxbLTksIisiXSxbLTEwLCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W1wiZGVz%0D%0AY3JpcHRpb25cIl19Il0sWy0xMiwibnVsbCJdLFstMTMsIi0iXSxbLTE0LCJ7XCJvXCI6MC4wNDY4%0D%0ANzV9Il0sWy0xNSwiLSJdLFstMTYsIjAiXSxbLTE3LCI0Il0sWy0xOCwiWzAsMCwwLDFdIl0sWy0x%0D%0AOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEy%0D%0AMDAsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCJdIl0sWy0yMCwiMjEyMzUxNTQ4Mi4xNjQ3%0D%0AMjc4MjEzIl0sWy0yMSwiVEdlMEdibVMiXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yMywiKyJd%0D%0ALFstMjQsIltdIl0sWy0yNSwiLSJdLFstMjYsIntcInRqaHNcIjozNTEwMDAwMCxcInVqaHNcIjoy%0D%0ANzYwMDAwMCxcImpoc2xcIjozNzYwMDAwMDAwfSJdLFstMjcsIlswLDkuMywwLFwiNGdcIixudWxs%0D%0AXSJdLFstMjgsImVuLVVTIl0sWy0yOSwie1widlwiOlsyLDIsMiwyLDAsMCwwLDIsMCwyLDAsMiww%0D%0ALDAsMiwyLDIsMiwwXX0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFstMzIsIjIi%0D%0AXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstMzUsIlsxNjQ3Mjc4MjE0NjA5LDBdIl0sWy0zNiwiW1wi%0D%0ANC8zXCIsXCI0LzNcIl0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTM4LCJjLC0xLC0xLDUxLDAs%0D%0AMSwwLDAsNDQsMTUxNSwyMiwxLDE4MjUuOCwxODI1LjgsMzI0OSwzMjUwIl0sWy0zOSwiW1wiMjAw%0D%0AMzAxMDdcIiwwLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRy%0D%0AdWUsOCxmYWxzZSxudWxsLDBdIl0sWy00MCwiMzMiXSxbLTQxLCItIl0sWy00MiwiMTcyNDI5NzY1%0D%0AMyJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAxMTAwIl0sWy00NCwiMCwwLDAsNSJdLFst%0D%0ANDUsIi0iXSxbLTQ2LCIwIl0sWy00NywiRXRjL1Vua25vd24sZW4tVVMsbGF0bixncmVnb3J5Il0s%0D%0AWy00OCwiMCwwIl0sWy00OSwiLSJdLFsiYm5jaCIsMTE5XV0%3D&tsfu=&fst=1600x1200&dep=0&cpos=%5B%7B%22x%22%3A451%2C%22y%22%3A1422%2C%22w%22%3A537%2C%22h%22%3A0%7D%2C%7B%22w%22%3A1600%2C%22h%22%3A1200%7D%5D&ver=41&cri=OQHknqcJzk&sdd=%7B%7D&pto=3259
Requested by: Host: ob.cheqzone.com
URL: https://ob.cheqzone.com/placement_invocation?id=65349&idx=0
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: d112ea122dd38422c354c2db709c195c123b6ad5978ecddfb62286ee4f90851f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript
content-length: 1428
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 77ms
24ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-10995097-8&cid=2123515482.1647278213&jid=165538619&gjid=717873351&_gid=1313498691.1647278214&_u=YAhAAUAAAAAAAC~&z=1450657002

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.hawtcelebs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 14 Mar 2022 17:16:54 GMT
content-type: text/plain
access-control-allow-origin: https://www.hawtcelebs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0D4B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1&C=1

43 B
894 B

32ms
32ms

Image
image/gif

72.247.225.98
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGIbDncEBMAE&v=APEucNUSmTvxPKF1atckIvRgwpPT4YU9rN7ibTHWTGWpEZlYVp_v6wI3cl80ARYxulZGZ9dXN52jseOQBHq7KuuDQIQgDMsXsnhEyWXfTPnHavYKNWxrNFdI6GrL-ZznrwO5dnNK43trlPW-YelCIiKPA6QdiA-hP_9nv3_9QT8Hc4wulzeprDNFKAsf5pxKLoHZXKQuShhr-uK0PMBub1qR54QGS0Jatw
Protocol: HTTP/1.1
Server: 72.247.225.98 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Mar 2022 17:16:55 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:54 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0D4B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi94htiYWvIqpHdq4z.wIAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1&google_hm=2

43 B
894 B

32ms
32ms

Image
image/gif

72.247.225.98
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGIbDncEBMAE&v=APEucNUSmTvxPKF1atckIvRgwpPT4YU9rN7ibTHWTGWpEZlYVp_v6wI3cl80ARYxulZGZ9dXN52jseOQBHq7KuuDQIQgDMsXsnhEyWXfTPnHavYKNWxrNFdI6GrL-ZznrwO5dnNK43trlPW-YelCIiKPA6QdiA-hP_9nv3_9QT8Hc4wulzeprDNFKAsf5pxKLoHZXKQuShhr-uK0PMBub1qR54QGS0Jatw
Protocol: HTTP/1.1
Server: 72.247.225.98 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Mar 2022 17:16:55 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZ8ZbX7lUg-B4zhwgPdZ7U&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0D4B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFSiZEOLmHUvGaef-RrhORc&google_cver=1

43 B
1014 B

26ms
11ms

Image
image/gif

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFSiZEOLmHUvGaef-RrhORc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGIbDncEBMAE&v=APEucNUSmTvxPKF1atckIvRgwpPT4YU9rN7ibTHWTGWpEZlYVp_v6wI3cl80ARYxulZGZ9dXN52jseOQBHq7KuuDQIQgDMsXsnhEyWXfTPnHavYKNWxrNFdI6GrL-ZznrwO5dnNK43trlPW-YelCIiKPA6QdiA-hP_9nv3_9QT8Hc4wulzeprDNFKAsf5pxKLoHZXKQuShhr-uK0PMBub1qR54QGS0Jatw

Protocol

HTTP/1.1

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:54 GMT
X-Proxy-Origin: 193.27.14.42; 193.27.14.42; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3c87123c-2244-468e-bc72-f2dd4e575d27
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFSiZEOLmHUvGaef-RrhORc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D4B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MjYwMDc5NjEyOTQ0NDkyNQ%3D%3D

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MjYwMDc5NjEyOTQ0NDkyNQ%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:54 GMT
X-Proxy-Origin: 193.27.14.42; 193.27.14.42; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: be168187-8374-4037-9423-0ade347b68b1
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MjYwMDc5NjEyOTQ0NDkyNQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 23B9 13 KB
5 KB 26ms
25ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 17:15:21 GMT
expires: Tue, 14 Mar 2023 17:15:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 93
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6013 783 B
536 B 53ms
19ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c10c8422a6970a549363496d223f4b4802c14346bab793afb114623d7c67405b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gU317Lz6cjDVteNajX6BLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 14 Mar 2022 17:16:54 GMT
date: Mon, 14 Mar 2022 17:16:54 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-gU317Lz6cjDVteNajX6BLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.069548115
https://udmserve.net/udm/fetch.pix?dt=1;apnid=3472600796129444925;cb=0.069548115

43 B
612 B

160ms
156ms

Image
image/gif

68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?dt=1;apnid=3472600796129444925;cb=0.069548115
Protocol: HTTP/1.1
Server: 68.71.249.118 , Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:54 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:54 GMT
X-Proxy-Origin: 193.27.14.42; 193.27.14.42; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: fc6a9277-2e80-412f-9b2b-c0435361e3d8
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://udmserve.net/udm/fetch.pix?dt=1;apnid=3472600796129444925;cb=0.069548115
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pubmatic
um.simpli.fi/
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEAsqrBJCAsYTMZZXoyWb6Ds&google_cver=1
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

43 B
409 B

23ms
23ms

Image
image/gif

169.50.137.184
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Protocol

Server

169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b8.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 13 Mar 2022 17:16:55 GMT

Redirect headers

location: https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
date: Mon, 14 Mar 2022 17:16:54 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 207
content-type: text/html; charset=utf-8

GET
H2 204 services
sync.technoratimedia.com/ 0
296 B 102ms
102ms Image
text/plain 132.226.41.106
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=54&cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bsncr%3D[USER_ID]%3Bcb%3D0.069548115
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 132.226.41.106 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 884893887
access-control-allow-origin: https://www.hawtcelebs.com/
access-control-allow-credentials: true

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9D07 41 KB
15 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35377
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 07:27:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4342 1 KB
749 B 23ms
23ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 14 Mar 2022 05:53:44 GMT
expires: Tue, 15 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 40990
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/2908843633792309460/ Frame 4272 6 KB
2 KB 27ms
12ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2908843633792309460/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bc868abaa8d8b2b2a71b474d429899524cb291130769ccb0b634b7af54554fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 2396
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 09 Mar 2022 15:51:28 GMT
expires: Thu, 09 Mar 2023 15:51:28 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 09 Mar 2022 08:07:35 GMT
content-type: text/html
age: 437126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9D07 0
571 B 60ms
37ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsslqFb4zZDQmlJ7_5DYb6VX6O59ZGR_nKbNf6W3wVVR2gOoZZkQF900DBcYtmD9vzyU-17g4gtIXXeQgKTWeQ90uCGuRwI-7b2Ys0hBaHCcGPm95SOs74892M2jafDibK3tKrN_9lrFf0KsEeJxmlXElo3fFNtAu2bzXpln8vpPlKe9pqQ4t4iMZJV8Y_VEVxfUrWl7kShGpa1ud4w2JxjJNuDr527W0aMxe4yLz63fCukb6kZL1pJOu_Jepsx5km7aZ6X9oK3wU97_e15KO_gJU-Gju5B-CQqAj0PSSoalpaZY6bdemnEqy8rCwtKFy_o6KF5NqOQFo13ESzRa-EDsLUEdKO24LZBFhowaDVp1uLM2br70FOmtM6k8ZmhEPR3DTp2g3uigwoLgTqq2_kMVKnAegwRmnZyuY7R5q-o-6rdmiFvzUNMErWlq20DzCbBQp5HAPk0J6aHtxYpJ0gx86vb3vsT_PwtXP-jjfMW56QMIhNOdsGNY9zCd1oAc8eN29Plz4lv-grY3JPf7DBcUsEL6KHAXbNkFx5szXhIDwoRKVUbbTe-joyZdqdm7yB8ETKCTmSz_ePLYrBbj7SBGvm6XIuq53fP4Ad7-zavK7VA98g8CaFrABNe_DPx1goF-bAr4AAItX5yOefZYu9piH7RvfXBYDsHwRTz_MMQq_F3I3iakc__4FQ8jwnmAF0U4_QQDfy6KQiE2U1q80BD7FCInGV7umGCObOjMHTDeFjyA3dHnPnPhnR7YhFnzHlz-VkautAry9l8CTQaO5lEsfB2mIGKizbnwXc0kAokSrnmdm0bRKM4XQQyGw6ooHB-AcR_wx_8CjY4BUcI8fU8UTZgMROHgBF3E059cZ2-LsZR5yfeVoZ6KsUmRJLU96Ae_1HWl8q7frs6a-GVeH0SnZlGE68voTDUWal-APvszZW5IbxVk3G6gmeBGRuPJ7zJut9AihX6kt-4tgZkMEUGYwSJW6etysZhNQSujnO5d3JSa-Qf17T7l__149z-3xopn4rqK3mJVuo4Q3rAm14eZdVkIp6b4jPpXH_x5GDSZxXI8iCsIE5i0Bg1c8xeE_i2T5zWHtXiiEgZlm50KcG6TMiavPpsg987pmdfcJOB93auqa_Riz7t0ZqMUTdV7EBUmxuQu-HcG9yrlECE-yGjMDMmfoFcbxNSaisGQzYR-WtROyJXw7U4qx3qRQM47LHIMeE-ZEcdZehVZMvnbVP9HGuGvutpZh00pgdVz-TmCISVvoMgXzTrYZcnTce8Kge8TgYITO5-2pX4cyXWtQvm3-wSXuXqv&sai=AMfl-YSxDwy-_Ehm0miC9dXPnaWvM6Chy3M_pgqksyqZ6gdYQoNpQ0MaAAc8adq1jXGuZhd4l62MRNLzxQ5JmHbcEl76BvfexFNKG3mbkJDH2uW1y-gEPIk78KmInUlGhrmpn2f_cdr0b1gwWLY4ZlIVea_lJaMHZxf6rjcnW24gMkDF31AI_X68LgFEbZ2mRADl14z0jkAA9acmcNrD6AOYZCrWSC816CZFZcso1kkJYiQJeWOY4z405ttvQAjF0ucQXF81EjuNbgxGAqob_bcmyQ6a-h5CyIRD7Tu_78z2ibn2&sig=Cg0ArKJSzDCj2Ej1briDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=348&cbvp=1&cstd=345&cisv=r20220308.97493&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Mar 2022 17:16:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 264F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI7XUrEue2igbrt_5VQ-8TM&google_cver=1

43 B
61 B

32ms
21ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI7XUrEue2igbrt_5VQ-8TM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic5u7AATAB&v=APEucNXYzAyEf0JozL0t_usoOiv9DGQ6yIgOL6iLuhh7unMk5_MJrwt7PBQ9uUoYC0SsQxN8OqX7Svkm_2jXJ5imLqfjxaFl9QZhfEV0sK7hugKflgvU--jEq1DMs1HpsnrUm2IP83WAN64ci5T0UXFtejVzPwC_ZkaZ8DBrgQDCVYupcEftE3cSQUQfNflypBeekUPN8SL65BSI0BYG7lD_7N4uvB6rVg
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
via: 1.1 google
server: OXGW/17.2.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI7XUrEue2igbrt_5VQ-8TM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 264F 43 B
120 B 36ms
16ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic5u7AATAB&v=APEucNXYzAyEf0JozL0t_usoOiv9DGQ6yIgOL6iLuhh7unMk5_MJrwt7PBQ9uUoYC0SsQxN8OqX7Svkm_2jXJ5imLqfjxaFl9QZhfEV0sK7hugKflgvU--jEq1DMs1HpsnrUm2IP83WAN64ci5T0UXFtejVzPwC_ZkaZ8DBrgQDCVYupcEftE3cSQUQfNflypBeekUPN8SL65BSI0BYG7lD_7N4uvB6rVg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
server: OXGW/17.2.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 264F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEHNDtGOCTRtP1HZcmzWqDo4&google_cver=1

23 B
172 B

47ms
47ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEHNDtGOCTRtP1HZcmzWqDo4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic5u7AATAB&v=APEucNXYzAyEf0JozL0t_usoOiv9DGQ6yIgOL6iLuhh7unMk5_MJrwt7PBQ9uUoYC0SsQxN8OqX7Svkm_2jXJ5imLqfjxaFl9QZhfEV0sK7hugKflgvU--jEq1DMs1HpsnrUm2IP83WAN64ci5T0UXFtejVzPwC_ZkaZ8DBrgQDCVYupcEftE3cSQUQfNflypBeekUPN8SL65BSI0BYG7lD_7N4uvB6rVg
Protocol: H2
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 14 Mar 2022 17:16:55 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEHNDtGOCTRtP1HZcmzWqDo4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 264F 23 B
172 B 135ms
46ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic5u7AATAB&v=APEucNXYzAyEf0JozL0t_usoOiv9DGQ6yIgOL6iLuhh7unMk5_MJrwt7PBQ9uUoYC0SsQxN8OqX7Svkm_2jXJ5imLqfjxaFl9QZhfEV0sK7hugKflgvU--jEq1DMs1HpsnrUm2IP83WAN64ci5T0UXFtejVzPwC_ZkaZ8DBrgQDCVYupcEftE3cSQUQfNflypBeekUPN8SL65BSI0BYG7lD_7N4uvB6rVg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 14 Mar 2022 17:16:54 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame 9D07 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4ff06bfa155fcf94266bfae176a3f159c19105c1599349f2d3ec6e1aad9b306

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 8D11
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI7XUrEue2igbrt_5VQ-8TM&google_cver=1

43 B
61 B

29ms
18ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI7XUrEue2igbrt_5VQ-8TM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARigvNe9ATAB&v=APEucNV0UtgQiwW8V3VRRuJJkgaQLnHvHVmVQKCRSy3pmuVp0WkySkk6bHOhlbroxdQV_DqqEr2zz4BtCdPs2WW5H2NGYPVTrQGJEt_7docQ6zV3P6B0VTf9seoiw8IEXSUledlRNzjFFOIrFVBLshhYZJxPRMDw0fcKbsPcjIKnv1CEEpLsk8xb58OLnRioK4iPU_Ht-P8DlJ3Fg6uU8mYSvmz87ULCXQ
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
via: 1.1 google
server: OXGW/17.2.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI7XUrEue2igbrt_5VQ-8TM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 8D11 43 B
305 B 33ms
16ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARigvNe9ATAB&v=APEucNV0UtgQiwW8V3VRRuJJkgaQLnHvHVmVQKCRSy3pmuVp0WkySkk6bHOhlbroxdQV_DqqEr2zz4BtCdPs2WW5H2NGYPVTrQGJEt_7docQ6zV3P6B0VTf9seoiw8IEXSUledlRNzjFFOIrFVBLshhYZJxPRMDw0fcKbsPcjIKnv1CEEpLsk8xb58OLnRioK4iPU_Ht-P8DlJ3Fg6uU8mYSvmz87ULCXQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
server: OXGW/17.2.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 8D11
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEHNDtGOCTRtP1HZcmzWqDo4&google_cver=1

23 B
172 B

47ms
47ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEHNDtGOCTRtP1HZcmzWqDo4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARigvNe9ATAB&v=APEucNV0UtgQiwW8V3VRRuJJkgaQLnHvHVmVQKCRSy3pmuVp0WkySkk6bHOhlbroxdQV_DqqEr2zz4BtCdPs2WW5H2NGYPVTrQGJEt_7docQ6zV3P6B0VTf9seoiw8IEXSUledlRNzjFFOIrFVBLshhYZJxPRMDw0fcKbsPcjIKnv1CEEpLsk8xb58OLnRioK4iPU_Ht-P8DlJ3Fg6uU8mYSvmz87ULCXQ
Protocol: H2
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 14 Mar 2022 17:16:55 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEHNDtGOCTRtP1HZcmzWqDo4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 8D11 23 B
172 B 123ms
45ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARigvNe9ATAB&v=APEucNV0UtgQiwW8V3VRRuJJkgaQLnHvHVmVQKCRSy3pmuVp0WkySkk6bHOhlbroxdQV_DqqEr2zz4BtCdPs2WW5H2NGYPVTrQGJEt_7docQ6zV3P6B0VTf9seoiw8IEXSUledlRNzjFFOIrFVBLshhYZJxPRMDw0fcKbsPcjIKnv1CEEpLsk8xb58OLnRioK4iPU_Ht-P8DlJ3Fg6uU8mYSvmz87ULCXQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 14 Mar 2022 17:16:54 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame D822 169 KB
59 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
Origin: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 12:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 12:47:41 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame D822 8 KB
3 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BThWmXNzVOFG79BU7MUk7OKs9tPTwq8OrNLlRIemKLb_2jOfP5Atg1Hg6KeZBv_zrk_-XWTTYofCZl_C9n0C8D1isA7yQ62EETUqp14W5oyCNrG4EXaA3dy8vJ-g5emvSAVs1jh7INEIybyxQ2RvCgnf3Qhg&dbm_d=AKAmf-CgUHb9B2lQiOnlj29kmwXhlNsrnjng68_6Mcl2QZPz2YZFHAJcC8e9nuXqnNaLI3sgQQHE8JJ4rBgAncCe_dn1_CsyEA_LuFIZREDhXnBq8izzzLX6jAuXtE295ZTJlR8v-t9dzeA-1yp3VqicZNFJDXRwe3kr7n3fPjrpU41jlrUU3sGnIl5X9X6_hUqo4DSKQ1jsoO1_68LEx56Vgz7NvrXsPKTqgWLpttJ-p_nwuz4jv2_cNx0sGP3-Cfeu-WNASTh9ZhwXbLhPSJ5VaSwuYXN2NfftGGVDmaHHfKxQzJ6Z6UAWvSSIDZqwq6WxDkSkgbUQpoCWEPwrfhdEsEa200aKOLPk4Ck8fIkBgwVjX4qnLnPDIonPGRl4pK7yYfrT4uEPRpY6ODEHSvlhqsn1-q3uEQOLc3pzvBSd9P9C7RhZjbCTr0Ur-upkCUhygB7zVvmXJK2Imq4t_RtJrYKHzJ7zH2jXvfHD62pkFNG23Im6bkaCM_exIAijv8S72oIEKrOfP7jBW3-QqbPT5B5Z_CZBM-nGn4EgfR6CXFqmiFygIa5LTxBW3IUeqYLGH62qNfjoJsQiXXzVzKPTuRPDfxUo8IjWiRxc3RusN7U6QreJyDelWCBAv6qODqvm-byz-ZYIvOfHSGF4QF4zC_IiDcOMGy-sCNB89KoCjf5uSxRwMNkV3l-tBLzlYi63c2Vs9wsU0G876LWAMxsh_q16iwGzbxWZ1xqiVWvuz15kbtrxp4Ju55o0vDmQNu0Lesy9sXFKgkCtoM04Xn59lAfoiOb9QL6HuMHB0MjbnHCzRrVppvBpJlf_xO25EF9XqlLY-At6RUFv6GVrFtLu-kTZ9LvZh0HBGj_dTNsbtfug8vQJbhX5SolDSSLHs4bMXfkWyLfOB0ympclpX1cyREPq51APJzvEa0TfY8NvFfY6roFaP2EdCcM_OaCnTBNZoDFNoycnkvEanKYEwumXoRush6NBqqWcP6yYLy5_vy47vCpk3k2XCziTa7YnE2hNRhxvu24AWCIYHwhQeTxvvRsyADdn274K5n5qGfDky7yjErQ_SBvx7wXzL0NXCP699xUwfUnTK1rAdSTd-ZYX46kQtjo3JnLUkWh19pHVMukKWn3lDLCOQugNEgojjBLgy9JBYLMiwr5KRS1ao8L2ffDGfF_Yx4_q6BHiCukgDFg8iOgCT1OFjdVKtU35N4B_YEV_u5Qi2IuPTUPPGzWMfRx1Emz9PP5CAQSHAOi9TbpvHPbFTUjUsIpnEmF2y3VCjiZnmrasIQmS4_0ZApqVIE4DPtearyBCQ2BZCMKw9uNp1uBaQhqH3VL8MmCpGqO6xQsbySAQs1G76H-DSv8IfHSc_Ij9hiWOBui6Xyt-0u_cLbvhnFbg5anj94r7dAHQj1EA5kMjA1dPDz4kPp01sosb1Va-ATNPAiOikHOCw4B0XsyHjjpKQhKUeSNqZfEHnXHhRqhSL6MYQ4jR8tBsSyCfw2qO9lMP_dkawbwXfCbcHCA6S3EaRLJuqj1h1XmqfJiSf8vtwIN_Nynzy_ZIyGiX7iAr3Zw3ImKrGvfG3v7uZhv-BWkyP0Lgqs-zc8OR3KHTmlLn65BWjzGO_16a5ycrVjLxEdGCxDQ2epUMg-taLRWPp-D2Ocd_YSCv2HnOU8wUHR8H2Exh5nJ4G4YHQ8IKdVxcuHBtm3iF2dJzCnuZCjaPsKuW2JbtI8gwTnqdX8GH6jqP6RLQGB9qi_CWorjgSAVedch2BUFO0NZOHGNrT8tLzD0_cc67MMlwR5tSapHc3XVvNhGlU9WKvJN8E4uNCvfqTkw3U_5o0n8Bn_mrTTCwHGKZ6zYpfDXXIijMrSkB-89PMN00mXYbEWQv9KPvFLtnttpg4MArg8WerZ1JAQS7MhdgXOPbw8NPwJcgwGh8QiGZbSgscdXyjLfPSJZJiToTtqKsVEUYlBnMf4Z54-Ddrx-6LMANK61KHeHdE3LvFk5-pHVnq_YYwpnFpzCrxZNAR-BeUcolkRR7uevKy_VKSaa6s7hQyEFh6XsQaC9jvqubf3c4fbGQa6oSLzOG5gQZ9vfPq-eYghz1aCBYeFGA3TAG-tdGMZ_a0LPkBp17G4ett4gFkB8fzgbUdLsNxi8sBaGF9CqBNV-v9daolChOc4VPO5up9Tn6QyzRG2nwlo-ahpZUmQWQ9TMsV1RKfEp9VzaVLLgV2gzomdcquJ_854osMi1VF65SxMn6W9UslwmQaAxiKyoq7Q1LQ-gUU3iRSM9AVYc9ZGfjjjYg-1nLkFpyDVjzlGSGM2IUjkd9s2VoxCKuwQ0N_HCNIQ-MN047bF5Boc_n6u5RHEeTSBFjidQDh9GnzqDHKoFmtgK554vzAMW-p57k327BPzO3Ny-ErcBT4zxPvXLnmwa0y-6MPllB6DYERgcqovi1l4-710XljZYldIWHZgtbeWHJdziGdzqNYfwClARvt198uEfbyyn9k_rpmVIBfziafm0EovFqjsQ7byoNMs8dm2ksImz9axfEHSJ8tfS__D_zkVpgl0RGKrYm3oVHRkTlPgoEK3J_FLX93DMXnlBIXesW1tpllTSqOMLXo3V2V7iUCyM1-1JxMJi56e4iXWbrn_HU4gE6y_AS9LcIaa6iMgLUF4Qc-mJJ2-N_1TPbzd6XFlQIaiWmbhMeUzc2JQKnCiT6BaW6rwcLVjzxU5KGNui9kC8Hsk8znuTHinthKyQy4IjXX09cZOfAUI9rkL0CYTEaPc0j7ElN5iqye2_w-IKfeRzTu1wdQujiij4CBRm4sTegztqB7T3URI8JWOJXpMizvXlZW_y0asnUN1AF0iSVLHBiUKIqpMCR875JBdtOyR4uzNpXk603xTJnC8yYIkfq3XUcd82jrBiOhLi8_bUv0eqiEM1VWVBL004birCoh240jppnNJ2aiHlBGvz4K8odg-sdFKqoEqOWe29stWo2FDkmjZUNWCrTQvscVkrRzSJwjpUfFVNXeHLIwSG_5WYL5D_HvBUdo8PE5MeztmmnvpMadHx9-_mXMsGIvyiodb8JyM2wSwgddrdENg-K1c1tTNDYUm-P3vohSRUCkMlcTU8YoF8QNeBivRsZywhPjZhIdxZ8013Jvm8nEE-QcShbqg9XY7vK6KgZiUlbGrea8Yo3sA&cid=CAASJeRoRuk8Tp7yqfkdtdDITLRmbUvjkkqh75GRfPMKsqfVjXQbyNc&rfl=2%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:09:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 424
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:09:50 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame D822 25 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:14:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:14:48 GMT

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame FDED 169 KB
59 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
Origin: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 12:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 12:47:41 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame FDED 8 KB
3 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BjgXYLxkINCTd4PLsLRpSNTag_86olbij4gd3ZCAZmS5dTSEI2JNswLQLZTL6vrXKPa_uoPcR-Yo6UlMBkt6gz3D34XjWwYR8Dd1O-DL4qipePiGG84SNdNveyJwZDV5L-Rs0_g6f9DVnSZGH5Km8zcT8tqQ&dbm_d=AKAmf-AySpjht8_D-aAci5zbFpIOYIBiub4uGGgR9m9wUN9yh0gocvRL4164X0aOI74oPf-a35tnGKWCCZinFVxazZoEPEERkJf4ty12_611mt8wl4e3Lx3ejlIuRhVacYfixobNbDac3-j-MFBp8Cmc74rJtYkOFZd9kARqAMmpK_RungAgy7gjHaaMQb8EbeM-_dq60R14TUvbGYT8ybXYLt6Yj8Nx_4Pae2sxYwTWwdA1fY7gUiTNQcHEMr1fGsXKJODTj3fWpMWXa9ID6ZqcKlkx-OEtqdKYUkuDCdLE-R5cmT4VIAJv4pQ2H7MM9Pb6jmSEgtW0t9I4rt377EqRPw6T3v2hxhVPQzvaUk8fwXBmQRUq9ZcOMbflFHvThFBUqidZDClb-fOlHJOwlMTlMKOpPSGwdWqgDFqqieBiY5Y2HozRFZZr5eMC-ry5kHaRj8gJIceT7lDttKK2rad3DECg5RR8wYm3Sr9cRA5DTIS-p2m3gOWJRrDdTxO4lBEuvnY8HEE3TCNLQxgla5qaIMdcJ9-WHb-eOZuqZQS-wmNKRw4qirWT6Enbr2QnCZmOlyrasnIA83677r1Sugm5XemZYUapqo7jkjmfvnusZprbC2-1X58kzyW46PLFkhduVYQa8v5qAxlG3bbB2Vz5Oe_1v7HXHxpvU2KqLCM8TSMeVHmdhzDQ3YM-1l1klz4vUceH9zlUq7UwCkpvNsplUUApr6uMatupFsoNIOCNf97QF7plBADRC6GIWObOEh8lWunZixy7ngzaLvg8pD2p_zQQ7LuN00hYjfVYTyt96y5DUSJu4J0M4wSqX2MJN9HOEaevDzszW6VCAgxukJv1W1h4dtr6s2-VuglMdQ6Cv0dAt3m-lGr9mgk_JAaSTOLHZne0fio5afyAKLpVeQWaXyTEiJVdf5AoqBIEioUjqUveHlQ4wn4_AOC1fjAiWmrggbuJI1EChq-bRl41LYtIqi-u7u8VZRT6ScrGBl5TGIdGv_eFkTPdW3C-hf6yaGPpplpV4kaIRySRIZrz45qHMHo-8wYAlNnMMi-aEjT9awW0AmfT69sd-7m_nYp-_r1sm_AHvfvknKRxqk4bQm1XXXzljMXZx8pEXqWj31V3G6ULU3lqTNA2OYpO1COXALILCyFnF13B6vlxRQJ_Wfs_F2xIY12VV1a-e5dnspAgGOJ_DaVCtULn0k7wLjk6OljpTPdTZ3ZKZEY5IU8ocZGqJrXIzSlMjJlis6hFQdB-6nm2gqPOG7rsCPIfp7O9hmDHlRzlL7JsSZzxb6jIklEgJ97SuoIV8pH_Q2opLFg3n1sak9XNMprZimoiNlFJY5oXSXW0FgUVSJxRcrvZbMUGjdQhOQ0yO3O2IQwYX8_D8ckf-BOu_FRGKGYteu3DUoHLo8KiuoLPfcMSJ_5URBrOmKCnmyORG-AjK_mT_hNliVqwHWSYkL8tb5gSxLYZPF37ylWydniAsCePkdYJauskur32GBVtGUqt4ZGvKaNShl0JNwJIAyCS645Hl_Nodz0AB7oi8BIu1Ku-D-Arlbh8jfqOifbKtwz7XaxyKeyOG1uVhiCiKmdgJicQd5vcyTlhsLNIZHxOd80ZHQa5srlSOAWod1K9ihlVTbH4VfpPBSa1ABdv_d9-jURm2fr5XTez5hj_SNmjGVzjaZT_gO35C7UINqoolMHG04Z0woyYchr4DqC_EFBsWtMzhQr3MM6VZPtz_Oba6CGmzzF5Lh9QtyO__r8zRWIIvt0DM1265XjZYmh1vH0NsUkkkOdwP6UQoOlF1aEBua-jhhKCb7QmNl6rQ665T3GfDIhfXWwb_mo1L61ntJjD1lu8xxpoKad2oTPnYhHqe7OlOP5-STRs1yMO0eIiLSzF4vTUv4mV4Tz1G1VX68JLmIYOGTtF4YAhTKaRQoMOQzfuzuYU4pAzlwDwxqDdfxLWBSYATNOVtb38rwlfB9iLvOgL0K8Eu-0zUbsLw_aUHp4whQLqOduskj7BkGaUaLcPLpgOgs74iwj5mWZoNAcC7iz3DR1JLkMyJKl3mHQTpojMVjwvofG_ZCq5M1KRUrE4aKpwq1PLVkyDkjrNzqzFAucKylnzKRYdvCQk9r1rCJR-mxKH5ED1RrrhPk9cTFM_HkIQpqqEswAQ06Xe8-moKFojFywJCPZGskNebDTlPXO5JaygN4TLGAU6fsfRxoPyutl0M7RW_iwLK57P1UrBk-aMJqqP4RHHo69Q8w0MEnkI00NZJa75B2Pn7srj-jn1rd7Yo4qYlG8bKLayKHMl63IuZ7bz96L43nZfrFLqY69PLBojsKMu2Tw83EhhOSP3O7-2yrOEha2D3PSKFSCwwb-g--5_tnsBkmP-GgzZGNzTWSUi86vQoaR8HVFNF7DmGwTQdWdoUZ1SQVzWEUopW1xaOsLrgeS6RaoFxdw2kqma1KSTgzZk8i1fKNbvP0-fvTv7qUd_UBQ_G3acSXOufBMwNBxyQ8t5MXWEb55GYv8nOxGQzEverVmqH62whYO2D9Q7kdR_PkWwHINn_IX4e_fIq5GkIxOt6TIShapZx6rCKEjsMM3rJG9WNOsmPtJqNpqjErOzw_HraslicUimSJDSeQL2nwVMoqe4mnfHs8Xic3T7c2ELp1HaGfbXqTO0HJH7Z3W7Fr6O7fczyDq3_KzfcQNjxo2yF4w3F3CVyZzS5DDQbleax17Ixn0aOwNH9QQEl7YpraNBLRi63JboXW6muFYU9yHviCjfbPnHsrTVTX6wfdvV8a-yARG_rTn-Y0ekW7O0dkhTPw07xNJhUnOYX7jQsbrngLkKwQmhG-Pcqcspiaeljk49w9qC2TAfeAH-InYs6q9wnS9LiSTJSvAnVvCYQHaA0Vw2If0S7BQgA8jWxwObWpZxmueDtyI4lxmaJ9cd5CJ41ZGQm0SbAyrPvEfo0cNDFAs45wvk8sNWWgA6A7nqYfd4gyXJOBX1RoM7GrMK-1AFM6hkJcQmWkVLi_tXcOuaeiNVqO91rQfaZAyUomSgPwV_1BYD82qgL6OaZfZSstbGHnMZT38z_KBN7NIdnLXBExkiNQJU5dh5W_HtT1L_33WSRKQo0p2cSt63l_k_NHkJqiaK_eEqi2SCGhukvr_Lm3EhJz7FJerKglmdV77JDjlUpwKd_rfIr8c_lFQinXntsysgrXo&cid=CAASJeRoNacT3WHco9FZFWTWyptOgs_AB0E6iOkzlPi49odtc9_V8kg&rfl=1%2Chttps%253A%252F%252Fwww.hawtcelebs.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:09:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 424
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:09:50 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame FDED 25 KB
9 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:14:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 17:14:48 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 8FEC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESED4tgGRitHaUqvH-V_Tk_KI&google_cver=1

43 B
549 B

45ms
17ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESED4tgGRitHaUqvH-V_Tk_KI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGPyJtMQBMAE&v=APEucNVA4onkFAx2C4Bygx52IteknlnQzGL9TNNHbBOrBRGXWtbi1EiJRta2V4ukr9FNhng3kSK2kZtKWiuX9OSj6kx0EFnlHoc5i8nZ4Ij4J7W_-zWRdxJJkRUs21yGb4U6ZOJG8mu0sIKJGlgNbHGT2XvzES65BtwwOAFGAczKKBBB1y_Wzr2WT6PXOFRLCQ-elYu8hqsALSrbmBcNEb4wZp0UKW-j_A
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 142
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESED4tgGRitHaUqvH-V_Tk_KI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8FEC
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=OGJlNjA3ZGUtYTNiYS0xMWVjLTk0NmQtMWRiYzU1NTkwMjA2

170 B
188 B

22ms
22ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=OGJlNjA3ZGUtYTNiYS0xMWVjLTk0NmQtMWRiYzU1NTkwMjA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGPyJtMQBMAE&v=APEucNVA4onkFAx2C4Bygx52IteknlnQzGL9TNNHbBOrBRGXWtbi1EiJRta2V4ukr9FNhng3kSK2kZtKWiuX9OSj6kx0EFnlHoc5i8nZ4Ij4J7W_-zWRdxJJkRUs21yGb4U6ZOJG8mu0sIKJGlgNbHGT2XvzES65BtwwOAFGAczKKBBB1y_Wzr2WT6PXOFRLCQ-elYu8hqsALSrbmBcNEb4wZp0UKW-j_A

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=OGJlNjA3ZGUtYTNiYS0xMWVjLTk0NmQtMWRiYzU1NTkwMjA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 72
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 8FEC 0
194 B 74ms
18ms Image
text/plain 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 52ms
51ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-10995097-8&cid=2123515482.1647278213&jid=165538619&_u=YAhAAUAAAAAAAC~&z=2014986248

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 70ms
47ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-10995097-8&cid=2123515482.1647278213&jid=165538619&_u=YAhAAUAAAAAAAC~&z=2014986248

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cmp-list.json Show response
test.quantcast.mgr.consensu.org/GVL-v2/ 9 KB
3 KB 39ms
9ms XHR
application/json 2600:9000:225e:3000:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:3000:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 35fee54d1936ef02f161aeb36334a12a8dafdf581b4f59567f273d6f53092ea4

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.hawtcelebs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 03:00:36 GMT
content-encoding: br
age: 51379
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Sat, 05 Mar 2022 19:52:29 GMT
server: AmazonS3
etag: W/"981d25ed3ef5d4bfb8a6bca9de845edc"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: qGKaHdiTG3Kzr7xdxm5CP1wdaqv_htUi
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-cf-pop: FRA60-P4
content-type: application/json
x-amz-cf-id: easuH-C7AAqhe9GHXbStDxIWXOcsDDNRQeizBIITlmCEh0NlmGYrwg==

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/ 292 KB
105 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9550021008970935&plah=www.hawtcelebs.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965b428ce26477449f65a680a07a85aa8fe82db035a5279a239045d134bac29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107542
x-xss-protection: 0
server: cafe
etag: 6887112957029833986
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 980A 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35377
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 07:27:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 38FD 1 KB
749 B 11ms
10ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 14 Mar 2022 05:53:44 GMT
expires: Tue, 15 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 40990
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 28A6 0
0 30ms
30ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssLcy69GzeJGQX7XASWYDAMrdD3Xbtzj43RQL3ZDKs2aEZCmCVlWJxzTvi5YcxzbgNWfOFosnmbrV7ql8avk9fl-WvFatDXEglacEB4TyCtc962mzbOcqgQ4SMutS9fhrVLHJzNejNKi7z9HJAzSSKUHvZVcPWcav_2ISe8hkB0Xp1BmlzkQZ3i_sNe143eOq2DpN8fhUMGjzy48pNvVCuyfmu-rzXRZ8G3oRgR_imNMn31HemwdgFvnWU1YlTnimDU8tGcHtfxt0J56dc-0Z_YlBtvLfcChLrW3GMjXj5mIIPhGNIBg-ttfNc5ty9NQy2jv1_eMtYdMGVu6VLiWTJ2XbI_3wPyLPFLCDKYLCQ_nlyUGZYQ&sig=Cg0ArKJSzKhNttDwrqKyEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 wlp_gwjKBV1pqhv43IE.woff2
fonts.gstatic.com/s/cardo/v18/ Frame 28A6 15 KB
15 KB 27ms
11ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cardo/v18/wlp_gwjKBV1pqhv43IE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cardo:400,700&lang=de

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1346360729e77380edf8f17fa421b76452289ae1b5f4be290b19c4d204e9587

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 19:52:06 GMT
x-content-type-options: nosniff
age: 422688
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:58:30 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Mar 2023 19:52:06 GMT

GET
H3 200 wlpygwjKBV1pqhND-ZQW-WM.woff2
fonts.gstatic.com/s/cardo/v18/ Frame 28A6 18 KB
18 KB 23ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cardo/v18/wlpygwjKBV1pqhND-ZQW-WM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cardo:400,700&lang=de

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f94a0b25ed421e6643ca8ae21ccd63cf5630e8db8a3b64f63a669936d068c427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 16:53:28 GMT
x-content-type-options: nosniff
age: 1406
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18852
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:58:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 16:53:28 GMT

GET
DATA 200
OK truncated
/ Frame 980A 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 713982e547fb01c423cc5c2e960731c46de7dc33baea85f767494ad98d9fdd1c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8472981474830724725/ Frame 05C9 6 KB
2 KB 12ms
12ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8472981474830724725/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7f91f15c294c0b5602aa75a6546b25bb250f299134292893e3c56f0d5549d39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 2482
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 13:48:23 GMT
expires: Tue, 14 Mar 2023 13:48:23 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 08 Mar 2022 14:18:49 GMT
content-type: text/html
age: 12511
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 980A 0
24 B 52ms
36ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssEF-XBzvXb6vlk_QJ7VsIcsJlWQ-lShPpMbM239X5Ng7GHOhKU88bNV0051FoOjQfiGgqeLt0LNuCXL2rwdGvCk6vvO5MwXWToGhcYv3Hp4QO_LOtSRhU2irjR4lGG3clxCQu-5juKNf5qmNre32qQBspz6desFtsSVqe1OKUBIo_oJyfG9Ih6afpDbomGBEwUDzU6rI-aly1LyQZgIVOOTDO3_jF8wRVZZEmN0w6edV0hbFtfqS3zNveAMJ2RWcgZNW6pHd8qBDpiSCCdw6z9-4vU96FPiXJMuzrhT1kUr6OlUoi3AbUUv3-7HLEKOT1VnaXYDGvQI0W0oOQ3YwMIZZMTjNwae2lg8081q6RwhhAthfy76YpOQRhizOahQ3qnQxsbyIccfgVH75LPkPdoyepimTip8dOsx-m9t6LhvBC4_h5FQCnucJWSi6nNcFhUR-cvCc_3N4YYWQpH6K_BjQBa8bSL4f6lILhPJ-MHixLgR9l4g_7TCWTqiTMuKQRWsaFTp2Ud22i3H7sIHwwgmgwUUNzVz1vtXCUeBEhSdKw7T_pS3_BRHvkE8eS-Gjgn2E7O0z4pf2wmxNEDQs1FgJVDX-q6cZoLrUCkz-qmU2NAw6gg6ggrvYk07xrQ4TmF8QcRRUCbxQt7ksVfrEpDr3EtidZUNWK_qk3b_dpnuFOtC_gImOVJ0DKdX7aYdTXOowedVnbZOcHCLoZ0sEBUWw81tBPC95l1mZI9ZSA-7dH72D0eBWkFuiHjCWm40Idg4bEWWaToQFNSUsRS7guuPVdaNqXy6FEl7lzpjAjbLAa_UhkpLCisuHCL15d5xkba-A9BuQ3te9f_2ZW8nlZpaoYaq_jYsSEQHqmNmbGr0KMfrfW1IE-e4WMtWRgTVs2EtSLPCzDyQ5tHqSdFRtgE1r0PssHTmyrC-7PIjT8hUHQ9NR0HGZ5aYsnDK0GRN0PvV4mMGM4Zb2K6VItkHU32rt82QL937bBxqLQ_54Xa_rRpbxooxzLd3p_v1fbuA7K04EECnefoynyzABuRizrbsUghudz8p_o98syuZLkjKkXtr5e7g1tNq3bTFlULClqsACXpvdYeNu67F0DwJ9Ha2CJUIjzMVwpjQtumr_vjiWfhA2lHLIQgy8fSWZZThC_ru-jygL4Xc-1RdqxUnT_rcjlz9F0Z6Tmz8TisvNw1X7cKqDiGA5a_WZY77jSry3qNrNcqg7wqag0LuawRkp1sbMGPZRHvWBlUlcmY4QrvP_Jj2WVcsmapj7EnAJrXuESerHikqLSXl81k7UAnIjeBUg&sai=AMfl-YQN1XF8Ywnp2PiCF5YtvY160hGS2hOkA-t8m8BbTuXWtcK4PdgOGkvUo1W8mvIgQVT-9G7a0jD_oPXyojFpkk-R2DOtep8pj2Ty8Znvch6cwgNTKcrUYKTy8OW2k_lK7OtGMe5RRzScLG2ctX5DQNbf08F2F_JOGoZM19-LG2_tWOga_Znzo011zEB5wU_YjGdR_qiOko6tqjpD1PqQET0ZCVqQxsHKYql64ZfFxbS56UXg9hxcgugij0xUMrSv1oQR17xjDbvsTl190ULSDtaQvXhWM1uNv9bPlSw_DpzH&sig=Cg0ArKJSzMlCASTEyiDpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=437&cbvp=1&cstd=435&cisv=r20220308.65548&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Mar 2022 17:16:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 58ms
24ms XHR
application/json 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220314

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-6.14.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd8f881ad9704d2cce4bc833d75ebdb71383bcdce25c4a7ead4dea3b38cb21c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.hawtcelebs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8148
x-jsd-version: 1.0.1281
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19146-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"668-N2fm9lfh2D4RUcWWDtTOlJ06ib4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6ebea8ebbfe30211-ZRH

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 28A6 0
0 30ms
29ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvKPyv7buj6QkWEdJiSAUnmcf6jMOSwhLXy-Cj-noA8DO9I20mOZxeLKGDnSE9baFvLxir_3SxVqjOh_rnTFVghGDBt5KqWZFnrGaYHcWmc1nfjxGMxzEEL6WO9768X91qmRn6PyZuHf1cWzghYA3FVTbT_1x_SmkWbHymmr9JnoDBEPxwAH8UGrhqbARfdSYUYI7gVQR4nsvVt9NhoGNbsr52reRmqa3VUc66laivLLgH3RpIo0yGKm10xWBnjOr-hBiW_ScEiJME-pgjwB_LbjSUSkxz6-Hm_pdx4yJVlKCLkzhNukgn4ie9-7MVHw0k-7bWPQFL0XGsGg5qI0dFAYoyBYIW7yNjaKRRdqpd9WFIszMImOmQ&sig=Cg0ArKJSzGWTR17ClRR7EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 14 Mar 2022 17:16:54 GMT

GET
H3 200 1572962830.jpg
assets.vlitag.com/widget/2019/11/05/ 192 KB
192 KB 171ms
146ms Image
image/jpeg 2606:4700:10::6816:3bc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/widget/2019/11/05/1572962830.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31370f14534e5bb78d3da68b6cf0e72369feea1bd68aaeac1b61d07094aa1deb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 269720
cf-polished: degrade=85, origSize=227959, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 196267
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Tue, 05 Nov 2019 14:07:11 GMT
server: cloudflare
etag: "5dc1820f-37a77"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
expires: Sat, 26 Feb 2022 15:38:46 GMT
cache-control: max-age=16070400
accept-ranges: bytes
cf-ray: 6ebea8ec28a80211-ZRH
cf-bgj: imgq:85,h2pri

GET
H3 200 1596163502.jpg
assets.vlitag.com/widget/2020/07/30/ 104 KB
105 KB 153ms
129ms Image
image/webp 2606:4700:10::6816:3bc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/widget/2020/07/30/1596163502.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5db53bf6a77148dae0aece6b6512e4a6bf94603af72e449a0f23ed03e8b96ff3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 429793
cf-polished: qual=85, origFmt=jpeg, origSize=140376
content-disposition: inline; filename="1596163502.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 106784
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Fri, 31 Jul 2020 02:45:02 GMT
server: cloudflare
etag: "5f2385ae-22458"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Sun, 06 Mar 2022 03:08:07 GMT
cache-control: max-age=16070400
accept-ranges: bytes
cf-ray: 6ebea8ec28a70211-ZRH
cf-bgj: imgq:85,h2pri

GET
H3 200 1635928361.png
assets.vlitag.com/widget/2021/11/03/ 95 KB
95 KB 120ms
96ms Image
image/webp 2606:4700:10::6816:3bc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/widget/2021/11/03/1635928361.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d59625b6564d07e0b7bb8808f2273a0f930a1cbbe622ad9b4eb911abdb56ef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 769509
cf-polished: origFmt=png, origSize=154658
content-disposition: inline; filename="1635928361.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 97154
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Wed, 03 Nov 2021 08:32:41 GMT
server: cloudflare
etag: "61824929-25c22"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Fri, 04 Mar 2022 16:19:56 GMT
cache-control: max-age=16070400
accept-ranges: bytes
cf-ray: 6ebea8ec28a20211-ZRH
cf-bgj: imgq:85,h2pri

GET
H3 200 1635928418.png
assets.vlitag.com/widget/2021/11/03/ 130 KB
130 KB 81ms
58ms Image
image/webp 2606:4700:10::6816:3bc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/widget/2021/11/03/1635928418.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a2a95a3a1132f723ce3e0491f8ffff068d48e038449074b52494e552e894996

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 839293
cf-polished: origFmt=png, origSize=219844
content-disposition: inline; filename="1635928418.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 132702
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Wed, 03 Nov 2021 08:33:38 GMT
server: cloudflare
etag: "61824962-35ac4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Wed, 09 Feb 2022 22:14:07 GMT
cache-control: max-age=16070400
accept-ranges: bytes
cf-ray: 6ebea8ec28a30211-ZRH
cf-bgj: imgq:85,h2pri

GET
H3 200 1592801729.jpg
assets.vlitag.com/widget/2020/06/22/ 74 KB
74 KB 52ms
29ms Image
image/webp 2606:4700:10::6816:3bc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/widget/2020/06/22/1592801729.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8341f341848ee9eec71870d976b0895ef1084190c2e0b0349d2ba1c9b9ef64e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2570915
cf-polished: qual=85, origFmt=jpeg, origSize=103053
content-disposition: inline; filename="1592801729.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 75514
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Mon, 22 Jun 2020 04:55:29 GMT
server: cloudflare
etag: "5ef039c1-1928d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Tue, 18 Jan 2022 19:23:14 GMT
cache-control: max-age=16070400
accept-ranges: bytes
cf-ray: 6ebea8ec28a40211-ZRH
cf-bgj: imgq:85,h2pri

GET
H3 200 1572962870.jpg
assets.vlitag.com/widget/2019/11/05/ 107 KB
107 KB 105ms
82ms Image
image/webp 2606:4700:10::6816:3bc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/widget/2019/11/05/1572962870.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45fe766308841d0d4a2068ef014d83df899ef6623f6bb4bde509431657b1c707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 429793
cf-polished: qual=85, origFmt=jpeg, origSize=151033
content-disposition: inline; filename="1572962870.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 109336
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Tue, 05 Nov 2019 14:07:50 GMT
server: cloudflare
etag: "5dc18236-24df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Wed, 09 Feb 2022 19:00:14 GMT
cache-control: max-age=16070400
accept-ranges: bytes
cf-ray: 6ebea8ec289a0211-ZRH
cf-bgj: imgq:85,h2pri

GET
DATA 200
OK truncated
/ Frame 9F5C 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1dcbcadccd8600a11e8792ba1be97c8d7f30a7f0c12e28f845ce8d2257e269c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame BB6D 2 KB
1 KB 50ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yi94hQAOwosIu8kSAAQ6bAKAlQ9uXFq-9yyB0g&u=%7C2x2cCGSh%2FEFkFtyRVB97s3T6haTWJUkFvXVydniMn%2Fg%3D%7C&c1=zhOks3zwNR2QJkrtGpxDD0z6RaFAlAQ6ciC3rnAoG72_3BFDfZ8qj0n6FwJ08CvvAGNOXbGt8dS1K7BAsQCJQ5J-Qmor5QE8TopbP1DQmyz4KLQo38C14ufimpftpKE7i0zxjQ5yhByd7Bq71d9id8DH2aSdEdrObxFrG98d2Lg4KlwHhOS3q8Dr5MW94cbNA3Md2oRDqhOfTzDtHTgglDHSXlkoiNyXj9Uw1SDuAcwJ7HTAwVvi9A40N1efphPky_oa2BGQakczV4-RmwN_iMoGRqhFw0Py9oTu-LR1M97xEMABQ3ocyiaJU-Bt3P4nN-0zJTxK6F0mGL7wejH5wacYkGGV2vFS4BvP4RUoO9bQna4UpovKkfeiNdJCWg5oKw0fooj3cKOy-0m5U8u8bW_LGR8lEor_Djm30DEdmGQ6Lwa5ajq0O1n2RNRgphefhuzGyeP0KrPE73jCXO0mOw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvcjkhXgvYouFO5KS7_UP7PSQ6AbJntKxXPXqoYaIAcCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0oAHVttLqA8gBCakCESfkN4Zhsj7gAgCoAwGqBKMCT9AQfxXb8nqC-tqR3TZ-vrDysC4qYx2yV2_n9tsVxDf3UeKQinWZGqxFVqN0qYeQrOFEgKhug72dn7A7LwiZcwjT9dCbtIJupELzpr5CmLRO1Z1ZjBOh5E7oelclo4Z6Rx2vKBxzuYxop930H0D_QomcGvrXc6gr3Ytt3E1aWmn4FEd21haIijojrASZc_ehPveoHomEeXkl3_A8mQ3DPSJQb22WGH5yntUwGk5X_a55UzkEXUg1kMBIqY42bFoi86KP7CprM9fCAXDIlg20grNdi_Q_hJb3ZVfLgB8N7FXno69-lWfAZpuvocxgBRQej9GGj3Xy0o5-utx09eoQ3bMog8e__8SY6_vaZ2DJe_nf7Exyxy8QyVtdci8lDDEI9Pzp4AQBgAai4MeB8uC3y5ABoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTk5Mzg1NjU4MjIwMzQ2ODD6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3KnDt9z-rlfnySyG1qSN3SkEEfig%26client%3Dca-pub-3831894559014614%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame BB6D 2 KB
1 KB 56ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame BB6D 308 B
636 B 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame BB6D 507 B
835 B 15ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame BB6D 43 B
1 KB 73ms
20ms Image
image/gif 85.14.248.72
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=15&extPu=pharao-criteo&extLi=204660&rnd=1647278214&consent_string=&iab=1&criteoid=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.72 Meerbusch, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Mo, 14 Mrz 2022 05:16:55 GMT
Server: Microsoft-IIS/8.5
Date: Mon, 14 Mar 2022 17:16:54 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://ads.eu.criteo.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1701
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame BB6D 43 B
347 B 55ms
21ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=Pb3B2MoiQBkI_oO-TRwhnrSKzwCZrBgtAO5pPt1xV2GVmkJ0wpfEkglJ6ymHj88lKGRDF4Ch2k9lJiMhmbqxdi2LtatxBCkLZLhhDPzgo5ohnyd6brc96Q4TXb6xX3FyQWfGjRCol4NQcY9vtJBWxa6DdrHkRlxV-kl-wgktqrfDFuUFRgeBGxJ_O5VAOTdzw_VQ5ov3bcINdpX1BbzUj1YuKFfFEGIbDnjq4TW-4m6QmBF6NORlhKmwWWJN0kIY2BvUsA2aK9UNF7jArD9ABWn_WX8-UN-s0KGDm4aovjOfPB8r3ick18N6GeLlBRsizFJv7ndf7-mrkWvy4utb8G9jx6ESXWQX_BWYCT8HWaWPRRtEEnc0nGl4ha3JXQlU9rTFMqA2HLmsQzsltOmNncmwSbqRltAz15f2pttVEAZfhYgXo6NaprleLM8inr3L9GcMOg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:54 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3526283
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E0
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECkaNq0rlpcxrds93n7RGIM&google_cver=1&google_push=AYg5qPLb-uw2f6yAEjYt6vYrIw-ACW0E7YMFPEbwVYgK3-G6aq2sfeYlsfdkH3L5N-_8pIDAlmszc_UhGuGrHGWQdyOnLm7_L4Ha
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPLb-uw2f6yAEjYt6vYrIw-ACW0E7YMFPEbwVYgK3-G6aq2sfeYlsfdkH3L5N-_8pIDAlmszc_UhGuGrHGW...

170 B
188 B

25ms
25ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPLb-uw2f6yAEjYt6vYrIw-ACW0E7YMFPEbwVYgK3-G6aq2sfeYlsfdkH3L5N-_8pIDAlmszc_UhGuGrHGWQdyOnLm7_L4Ha

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPLb-uw2f6yAEjYt6vYrIw-ACW0E7YMFPEbwVYgK3-G6aq2sfeYlsfdkH3L5N-_8pIDAlmszc_UhGuGrHGWQdyOnLm7_L4Ha
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Sun, 13 Mar 2022 17:16:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E0
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESENb_jUt4y0gYa_C9jc0dq-w&google_cver=1&google_push=AYg5qPLE3_QWf6gUtUvlEdIwlwuzqg1aNEorks8jjSqS-nnNjgHaDAN2xWmXd8Xw6P870B8oFTQAFxuhenvryK3d0Kw4lm9vU2s
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=OEM2QTM2N0FFQUJCOThCMg==

170 B
188 B

22ms
22ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=OEM2QTM2N0FFQUJCOThCMg==

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=OEM2QTM2N0FFQUJCOThCMg==
date: Mon, 14 Mar 2022 17:16:55 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E0
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIeN02TlTyemqBp3hzpy0X0&google_cver=1&google_push=AYg5qPJyKHfTZzJu8AUeFq4pEwXzclMp8kUQAUpRe_SOP2bO2WEb8Ry4uhuLFMoqr5iIrFXh3CnzTNewKocOp22C3IF-...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIeN02TlTyemqBp3hzpy0X0&google_cver=1&google_push=AYg5qPJyKHfTZzJu8AUeFq4pEwXzclMp8kUQAUpRe_SOP2bO2WEb8Ry4uhuLFMoqr5iIrFXh3CnzTNewKocOp2...
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle
https://x.bidswitch.net/sync?dsp_id=59&user_id=48f563e6-53e8-4d25-b160-251ae0556a86&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJyKHfTZzJu8AUeFq4pEwXzclMp8kUQAUpRe_SOP2bO2WEb8Ry4uhuLFMoqr5iIrFXh3CnzTNewKocOp22C3IF-vDh2JP8L&google_hm=GACEq8lNT6iME0zJcSeLlA==

170 B
188 B

20ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJyKHfTZzJu8AUeFq4pEwXzclMp8kUQAUpRe_SOP2bO2WEb8Ry4uhuLFMoqr5iIrFXh3CnzTNewKocOp22C3IF-vDh2JP8L&google_hm=GACEq8lNT6iME0zJcSeLlA==

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJyKHfTZzJu8AUeFq4pEwXzclMp8kUQAUpRe_SOP2bO2WEb8Ry4uhuLFMoqr5iIrFXh3CnzTNewKocOp22C3IF-vDh2JP8L&google_hm=GACEq8lNT6iME0zJcSeLlA==
Date: Mon, 14 Mar 2022 17:16:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E0
Redirect Chain

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEEFtITmD46tPf26UnV1_GgY&google_cver=1&google_push=AYg5qPI8lvsCTWfhVt5UBI8_m04M6toi9o9VOOtMSH1sv8vDq7jovnnH0SgXrOhOLwALQ...
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPI8lvsCTWfhVt5UBI8_m04M6toi9o9VOOtMSH1sv8vDq7jovnnH0SgXrOhOLwALQmmtWTaBC8VFDush40Zb0S3YWCJ3qiK-&google_hm=QVhpLUp2Y0dxOFJiUkhGdVVV...

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPI8lvsCTWfhVt5UBI8_m04M6toi9o9VOOtMSH1sv8vDq7jovnnH0SgXrOhOLwALQmmtWTaBC8VFDush40Zb0S3YWCJ3qiK-&google_hm=QVhpLUp2Y0dxOFJiUkhGdVVVY3A0Nnc=

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPI8lvsCTWfhVt5UBI8_m04M6toi9o9VOOtMSH1sv8vDq7jovnnH0SgXrOhOLwALQmmtWTaBC8VFDush40Zb0S3YWCJ3qiK-&google_hm=QVhpLUp2Y0dxOFJiUkhGdVVVY3A0Nnc=
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E0
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAFP1ZfDMKrysXeF4LzlvnI&google_cver=1&google_push=AYg5qPK8j7b-86skjur0LK_GXfCdT-2Ae37ZCIqKl90vHvPXG54c4lMmNNTbr4JNZ7plqCNCw4-...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxSDUtMUMtTzc=&google_push=AYg5qPK8j7b-86skjur0LK_GXfCdT-2Ae37ZCIqKl90vHvPXG54c4lMmNNTbr4JNZ7plqCNCw4-n64Dwsyd_aR_2NlxY4KFYp-m1

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxSDUtMUMtTzc=&google_push=AYg5qPK8j7b-86skjur0LK_GXfCdT-2Ae37ZCIqKl90vHvPXG54c4lMmNNTbr4JNZ7plqCNCw4-n64Dwsyd_aR_2NlxY4KFYp-m1

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxSDUtMUMtTzc=&google_push=AYg5qPK8j7b-86skjur0LK_GXfCdT-2Ae37ZCIqKl90vHvPXG54c4lMmNNTbr4JNZ7plqCNCw4-n64Dwsyd_aR_2NlxY4KFYp-m1
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E0
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESECzpbLfJs9DOyO_lB0BZ98E&google_cver=1&google_push=AYg5qPJk_fUZ-5XxuswnBHGziNyle2i82rLpsTREET49OBpLp-o-1SA9BEP82zlXdeJ6U-y5DqUVqemnPJYf4huj...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJk_fUZ-5XxuswnBHGziNyle2i82rLpsTREET49OBpLp-o-1SA9BEP82zlXdeJ6U-y5DqUVqemnPJYf4huj15quLRlzpObM

170 B
188 B

19ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJk_fUZ-5XxuswnBHGziNyle2i82rLpsTREET49OBpLp-o-1SA9BEP82zlXdeJ6U-y5DqUVqemnPJYf4huj15quLRlzpObM

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 14 Mar 2022 17:16:55 GMT
via: 1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJk_fUZ-5XxuswnBHGziNyle2i82rLpsTREET49OBpLp-o-1SA9BEP82zlXdeJ6U-y5DqUVqemnPJYf4huj15quLRlzpObM
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: vTrCzLNUcNbbrQgA3QnabTIgL_aUodl2_KVJkV3IcQ3gbPSjSOTQ5w==

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 27E0 42 B
233 B 312ms
110ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEKKm9NiJ6X2Vo6lNnLhIkWU&google_cver=1&google_push=AYg5qPKwQsU_BVW6XbTG-2mSzD2u1fNDNX1mw2g5kG_Xn8uiWJQhvrWjd5_0iDYQYGh_CbZLt6LY8Yjkz8PuF28AZFyzd1iKxQgJ9A
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 27E0 0
12 B 18ms
18ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LjAdlExS0phZWA6tMGDlhV7-D3f57vRfpNC6xrfPfwvBgztbW99ymXTb-sYg5WKVMQ9W1Evw

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 28A6 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e8f4b4c370d7d4efbe0f4c932304e610f67324e62fb2c24721b36e76152903d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cmp2ui-en.js Show response
quantcast.mgr.consensu.org/tcfv2/39/ 227 KB
55 KB 8ms
7ms Script
text/javascript 2600:9000:2240:dc00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/39/cmp2ui-en.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:dc00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a6bdf620e64f6f9481b0b273e6365a133ce173c2feb8839cfb99542f0f7f518e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 10:07:30 GMT
content-encoding: br
age: 112165
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Thu, 03 Feb 2022 15:12:35 GMT
server: AmazonS3
etag: W/"58b24098a17406b31f4f22592394578b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 b3fce8903671f8346e7a6a138d2d4610.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: oESWgwFfLAVmIGqWGdaJBxHmZWWe5XBOk2IkiYlddShRdg5uAQrbuw==

GET
H2 200 vendor-list-trimmed-v1.json Show response
quantcast.mgr.consensu.org/GVL-v2/ 284 KB
36 KB 40ms
20ms XHR
application/json 2600:9000:2240:dc00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/GVL-v2/vendor-list-trimmed-v1.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:dc00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2f28abe358edbac612a26d0c71639459a2c85b22ed214cfaa068191ac729c94b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 03:00:35 GMT
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age: 51381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Mon, 14 Mar 2022 03:00:32 GMT
server: AmazonS3
etag: W/"d145a5fedb5dca2cef35025c69493f0f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
cache-control: max-age=172800
access-control-allow-credentials: true
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: YAbs0W4c_gMhvnLIMAu1VJRHRINUQ2Pr2fL47B5GMNMXCZ5rzU90Ow==

GET
H2 200 google-atp-list.json Show response
quantcast.mgr.consensu.org/tcfv2/ 153 KB
36 KB 40ms
21ms XHR
application/json 2600:9000:2240:dc00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.hawtcelebs.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:dc00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 421f9d4dd949f42a877bdb43dc005cf24707a5ed61a0d7e42036e7af263e9452

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.hawtcelebs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 03:01:27 GMT
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age: 51329
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Mon, 14 Mar 2022 03:01:25 GMT
server: AmazonS3
etag: W/"ba9458437e366dbb245457b06a87d251"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
cache-control: max-age=172800
access-control-allow-credentials: true
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: xYiQaCg9wOzBYVCJrZp6il92m4kqBRaZ_28y-HCOhz_SzJVV4oLpxw==

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 375ms
85ms XHR
application/json 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1647278215109&sessionId=7c9e63de-df10-cdef-a77f-0a97e163f92a&url=www.hawtcelebs.com&cheqSource=1&cheqEvent=0&exitReason=3
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:55 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: a5c5b52d2b000a1062066e488cf6936b
Content-Length: 4
Expires: 0

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4272 236 KB
63 KB 176ms
174ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2908843633792309460/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2908843633792309460/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 17:16:55 GMT

GET
H3 200 avoury-always-on-300x250.js Show response
s0.2mdn.net/sadbundle/2908843633792309460/ Frame 4272 82 KB
10 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2908843633792309460/avoury-always-on-300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2908843633792309460/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ed2420d6fbb5f860c190caccbce59e16fdd9723ed181948e44e6d92e4d5b9f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2908843633792309460/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 15:51:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 437127
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9853
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 08:07:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 15:51:28 GMT

GET
H2 200 tc.js Show response
cdn.tynt.com/ 17 KB
7 KB 64ms
21ms Script
application/javascript 104.18.29.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tynt.com/tc.js
Requested by: Host: waust.at
URL: https://waust.at/c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.29.199 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 27 Aug 2021 20:58:45 GMT
server: cloudflare
age: 27252
etag: W/"61295205-431d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6ebea8ecd8919241-FRA
expires: Thu, 17 Mar 2022 17:16:55 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a682ad13e1535e4077c573179247c072d7891ad507c73b7466163562f6c2fa8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 571D 22 KB
8 KB 17ms
11ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 07:27:17 GMT
expires: Tue, 14 Mar 2023 07:27:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 35378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/17686342995189694464/ Frame A15D 42 KB
10 KB 22ms
20ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14df882bf9ebb7bbecae0400a2289a5846c17ba3366db6c77ad38dabd72ecb82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:55 GMT
expires: Tue, 14 Mar 2023 17:16:55 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 11 Jun 2021 18:32:43 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D822 0
24 B 39ms
39ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsusjDaGDxZuhFPS9ZBQJcFDyTSlr46fBxxNF2NLjV4eMeZ2qiq79gahUbRkGOaOnIeUkBeIePihTnAOtMszTqYMCN7zrv-W8ECYOuudfDKNxILuN8PBSJ-2defQrUYmEovThOriiuL6IVnA1vgrj2yb2JL-QWQlgbAFwomc3gHIgaAHlRGypE0RKtHwXWq23kfJ6gIwkaab-AKAlbhDzdnwMsY12xjkzTL06F36kpO6rL_ZnzewjTpSf6MpAD0irQjO294l6K_qK3TSfeytREwTyUqhWnHRH0HYacpl7ojIcyoEBll2lZrRF53Oqeurqd-nAoWvCQ5uajLfJFhjXAfve8ehRmKLxTfNUSIjNm3X-v1u2y552NfwFTc7xJyGFRPhKaSUOXp1cARsrKhJ_smXDhCFIjgySZ_nw5emgpIeQ4X6-SKofLdsxBnO0etpRPsmP8mOjDqoiVWbONM3ChX7xnhRznmLFzxFKuWrQnkt8H-b-AwgCU7w5SxXu9kAMPq0osiIh3JMBKKO5hk4uu9mN-FP5ICxM-mcAQ2rzJ3eys_vGPYouDZFCPdunDoxDIhBQhwSMjYVjwtxqweh9KQZO4LWucDB1waOvgd8z5qsog7HWn3oMlFMEUUrM6CaKr0F5bzjhbXUpXu_2KZUaDq-W4RS-YNMZDInq3s_j6dRS0O3t96nI_BNvPgVDan_yp8htlnQQRCyOENSnYDea0-X5FlmBpOgXorvzuHtXM7xlNKltw3o4m1NN9eLmCDLo3dmN7ypbwjCuTq_eQhpzdtCuQEFMVk7gWatFeiHocmjgyWACNGjOVejr1wHDIGWQxjHv_XdSa_rZgZneZFiX6vGUIQbDRRspbyUOz4misCLsAFMnmNmyzwPME0W_Czciz-lqY9wyIZdUpZ6Z_PzgvmhAwp8MAQNLVkMz4qANEhnhxLphhtCLJVnTkGM8LUz7egal1yoi1w7t0j1KALcPttlPneBAw46vfM5LueBiPBDmAmYC40XTi0q3bmiowVyG_FcDNt6GJzXTJosyPbfKptWUV8iKM3ems526r9fDqnkBp-8xqmlhS5gmx8jdmaTEA0I2Yt5Gd66ymgQq4Ph_JHh-4UcfO8m86nB4J2xeCcStW_2B-6X4wah_-Wxo60ukI4rlytpFlmGU9BK4r0-Vo15BL3jvFfmQ8UXTIkmwqRldqzxzIhinNuaAwKD4KtYNcQUiZBgWpsbyF9Y0-MbPqFldfBljqT-PtCBGRXf48fGtVG_1ga9qVjJcSHBRKBijCqSD6T3okyFM3U&sai=AMfl-YT4BY6XDFzI0rcmRiizuLPFAnOThBCiKf_8KBJlLdYT6plYQ53OcNCb2eumn7M-O8j4FVUvO_jIlknTege5sPAVAEORbXoZZ0SzRoVaG7dwjlwzi4nurexTf2Wtqamh0FIOO1l10b3IrwhQApyWL8NcFxk8JQew3b7aEVNhRJemxgOgF-qF8fpypry1YJfAhWmYKi5YmjMrgEQ9wCwEdFWo&sig=Cg0ArKJSzCaVX3H2VcSlEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=447&cbvp=1&cstd=440&cisv=r20220308.65883&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Mar 2022 17:16:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 05C9 236 KB
63 KB 114ms
114ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8472981474830724725/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8472981474830724725/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 17:16:55 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 05C9 6 KB
686 B 22ms
22ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8472981474830724725/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

043a67f768fc7eadd84edcca6dc5ae899a1a9a327890cde538b2959be6678cc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 16:32:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 14 Mar 2022 17:16:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Mar 2022 17:16:55 GMT

GET
H3 200 avoury-300x600.js Show response
s0.2mdn.net/sadbundle/8472981474830724725/ Frame 05C9 40 KB
9 KB 7ms
7ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8472981474830724725/avoury-300x600.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8472981474830724725/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32fc25fc3861f0d68b3ee4fa9c3392b7d19dca2989a27205785b48a0e657dd17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8472981474830724725/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 07:58:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 465520
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8960
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:18:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 07:58:15 GMT

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/9999815340063719424/ Frame 1D5C 42 KB
10 KB 17ms
17ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9999815340063719424/160x600.html?e=69&leftOffset=0&topOffset=0&c=RJrxymZT8r&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99ebebeb5e1c550e15f728d9f90b704923df50ff24caf956faac335925c1870a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:55 GMT
expires: Tue, 14 Mar 2023 17:16:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 27 Jan 2022 13:32:31 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FDED 0
24 B 44ms
44ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBKE2DxKvSYCQkv5oOJ4QgvTx3nicb9CX3FEtz87u6ZP0RTW2hhHyuivwMoq2GbL2LmBfWPLr6lbHXYkCl9BvKXyiMtD3EuC8vUzcYsImbmXozGhI_6ZLzIWZuq0u7fg-IUM3SZHnJsVp5FWD8tKgwjriQQ3j0cTAE6vpmcXijaGNNFmI0bovGwy0iiUK8lePssT6ddzotqn5apK9Z-MmObaxowdlucBpBgRKaOxeQxoRX_bf-FnDAKvxbOCUIofg_XkxXLRPmmbvyq4w5c43rKeqMRp54Hkr8S3nFa3l4BP3PIQ2dggyvGjpQ_L6S15IJkPnqIhsKND_r7bN1vphki8oVQd_GcCZqOC2fjqmf74yqCgDjWXq9KdiyIU-61nWiUdNHgP3HsIaohZDHjKFJyv6ildB1DYUzFEQ-yKHO1uVNkmSJZ7zJGJrNH6SJ6t9O-22ljpCe1219Bvmlo45TAnFT8okfWJQuRXkMHAIbzMhDYxwQtQ8KkA-SUqKU-11y9A5d8bugG-O9UwT5fFc55ztbBdmBSV-4T6pljQntzWbWp2gVC2zOhG6WpaBxXkF1S6JZxZZxfTNlpq78w6U4fqKw8sajePJE-O00lQhT6jwLxcQ9_6oARXKk9ZF3Jsp6SIMoBuKODuc2yXG_yFasRf_qcjHEAGLtQzMvWNHAT1qQLRvTxXxWrH_ycm9FHY3wzwIE3cWsQR2cA2zKvNtbPRA1KWugvbt-tnuSIsn-VEPc-_I7LElfNZbcYmMGiB3lh3HSAjy1o2OWl3YJkMpPeanczTo-ZMYSek31Qs7vKNI32iZywm5vhIYX6KsPx9reNo_RDdn80c1q0djzSN5Y-t8hSAFGrpWuz_vJ86Zk-ptiLMXL_0W_qzPsvuACyz6GNDc_qzLuAgezK87zOF5Mfto1zBZ10EKQlwdxNv1vCmW_99LYXiCi_t36cKWNbjpKVwZ-OSEP-Ze3rPYiP1Cr1wBrVek_8zeHrO9B_JKIxBQK7KuAC1RRLn93tJGPIMhrDmswUhBnqMXp5ZGdHEVH4yjNsxwB8SHCVHC8w1gOgqO-VuJcN5mbn1898VQ5YGI7X6RLTc1RZyZtxMXgvdzUVKwizzy-nuWp4-xC53gIsUewIujzQqA0uKuanuuVk_sZB8KTfRsuCb9RyMiIrMVqBAEK7juiYyWgqEx3jbLnQi_qSFL82WINgAUG1RlTrZXLMqjQ5lMNjr1ZqULAQgsa65Y0ulEC-d7cFO4GIrEhSJ8X8DIn7n-j3mvZXkXsw7PM8CT13Q2u&sai=AMfl-YSefPTWBNEsXkcZuQw4q_xu_nKkx9G3n4oxGpPUsGpM_pN7_AWyx1Er7nJeLUP_ahXxeSObw0CqEsIeIG_qojP_gQ833-3OP_4IPU8ldqzEk1gCnsH7pxnsimy7R4yEEpTQH72ewFaq8TAdFG7EYaH-5LyjqhPREhv9NNQr7rVwNMEhl4oCweKT1SZQgmF-kRUpsXIjVYc0GQRiWdPD5Vrn&sig=Cg0ArKJSzDGG_LlHKRkrEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=454&cbvp=1&cstd=450&cisv=r20220308.15911&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Mar 2022 17:16:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 4342 0
104 B 124ms
25ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESENc2b6ddirc9A0Qyt_SGy9g&google_cver=1&google_push=AYg5qPIfC6CeJm3qaYDp16Fa8Pemf8HBOAtof7ArxpCXSVB6yJ0Hi33svyE4r0thV8sMMUTcrKNzWrVmdgpy6JnRTxPNTATAvpb5Kg
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4342
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECAoCg0dUyc36kY3NymxszI&google_cver=1&google_push=AYg5qPLEna30bzt0K6miKnuZiIaD88mMaDM_z5IWoNMMr746Sico-AJwjqzfQzBlI9SkcNVUh46RjEDU0AqBi_TiQHm-nygqMd3YUA
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPLEna30bzt0K6miKnuZiIaD88mMaDM_z5IWoNMMr746Sico-AJwjqzfQzBlI9SkcNVUh46RjEDU0AqBi_T...

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPLEna30bzt0K6miKnuZiIaD88mMaDM_z5IWoNMMr746Sico-AJwjqzfQzBlI9SkcNVUh46RjEDU0AqBi_TiQHm-nygqMd3YUA

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPLEna30bzt0K6miKnuZiIaD88mMaDM_z5IWoNMMr746Sico-AJwjqzfQzBlI9SkcNVUh46RjEDU0AqBi_TiQHm-nygqMd3YUA
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Sun, 13 Mar 2022 17:16:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4342
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMmtA7LI9UOlY4isLX-s130&google_cver=1&google_push=AYg5qPKuzcTbAKUf-E75udxJMRLas9BBiuStJmREqsAnMkk8tMgVY7_cfJNRAdKyFg2aGivvNkgXQH5YSFj...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPKuzcTbAKUf-E75udxJMRLas9BBiuStJmREqsAnMkk8tMgVY7_cfJNRAdKyFg2aGivvNkgXQH5YSFjqOQj4IZPfTKCFNWVK

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPKuzcTbAKUf-E75udxJMRLas9BBiuStJmREqsAnMkk8tMgVY7_cfJNRAdKyFg2aGivvNkgXQH5YSFjqOQj4IZPfTKCFNWVK

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPKuzcTbAKUf-E75udxJMRLas9BBiuStJmREqsAnMkk8tMgVY7_cfJNRAdKyFg2aGivvNkgXQH5YSFjqOQj4IZPfTKCFNWVK
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4342
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHBp6hQQLCGfrg2eURC0FFQ&google_cver=1&google_push=AYg5qPL_oxbDUb3SLPjoGBpFfRk4Jikkr6osasifMTFXBqYhJk3W9PjM8TJOyR6kkHaJexh-4lv...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxSzctMjEtRjA2SA==&google_push=AYg5qPL_oxbDUb3SLPjoGBpFfRk4Jikkr6osasifMTFXBqYhJk3W9PjM8TJOyR6kkHaJexh-4lv07L_yiZ8GjwvdvQZ4GoINpxBfUw

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxSzctMjEtRjA2SA==&google_push=AYg5qPL_oxbDUb3SLPjoGBpFfRk4Jikkr6osasifMTFXBqYhJk3W9PjM8TJOyR6kkHaJexh-4lv07L_yiZ8GjwvdvQZ4GoINpxBfUw

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxSzctMjEtRjA2SA==&google_push=AYg5qPL_oxbDUb3SLPjoGBpFfRk4Jikkr6osasifMTFXBqYhJk3W9PjM8TJOyR6kkHaJexh-4lv07L_yiZ8GjwvdvQZ4GoINpxBfUw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4342
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItJnDVFAj25zjyR6MXkesA&google_cver=1&google_push=AYg5qPIzwf5eDaWwHdqyAsWqt6Ld9gflfg3fVWhCgW4Um6oIWWOfuA56LKFAXNZXU8gp-K19Fykad836AkHICtuz-...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItJnDVFAj25zjyR6MXkesA&google_cver=1&google_push=AYg5qPIzwf5eDaWwHdqyAsWqt6Ld9gflfg3fVWhCgW4Um6oIWWOfuA56LKFAXNZXU8gp-K19Fykad836AkHICtuz-...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIzwf5eDaWwHdqyAsWqt6Ld9gflfg3fVWhCgW4Um6oIWWOfuA56LKFAXNZXU8gp-K19Fykad836AkHICtuz-3gVPKP7XL8W&google_hm=767f2a675cb08c014a686a9d

170 B
188 B

18ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIzwf5eDaWwHdqyAsWqt6Ld9gflfg3fVWhCgW4Um6oIWWOfuA56LKFAXNZXU8gp-K19Fykad836AkHICtuz-3gVPKP7XL8W&google_hm=767f2a675cb08c014a686a9d

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIzwf5eDaWwHdqyAsWqt6Ld9gflfg3fVWhCgW4Um6oIWWOfuA56LKFAXNZXU8gp-K19Fykad836AkHICtuz-3gVPKP7XL8W&google_hm=767f2a675cb08c014a686a9d
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 4342 0
44 B 843ms
231ms Image
text/plain 54.150.24.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEMHcwxWlQRzHtD9bsX7fFH4&google_cver=1&google_push=AYg5qPI8dR7J8wH7STxu_9kTEA3cVnmKdYo8ooLpT7DgY_khaKCxRe0s3pKHON8MER-dPB2xRcBeqhDSTJkrPGZLViY5m-5Jt0sxtQ
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.150.24.141 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-150-24-141.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
server: awselb/2.0

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 4342
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEO7XXcNXnLiKy2e-v_g1YlE&google_cver=1&google_push=AYg5qPK-lFOeDa4-s9FCZ5aRnMsC_3UFmKNGA504vu48oeuTSd7z8aoBuJKRXoxH5uPLIzaRbDShTVRLDyo...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPK-lFOeDa4-s9FCZ5aRnMsC_3UFmKNGA504vu48oeuTSd7z8aoBuJKRXoxH5uPLIzaRbDShTVRLDyoKk7p7ZRH8j38KeIZ3w6s
https://onetag-sys.com/sync/i,19/?google_error=5

0
148 B

11ms
6ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?google_error=5

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/sync/i,19/?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 4342 0
12 B 21ms
18ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JjRxHc4jGGuNKElQmcQQkdn7wL4sZQuFEgobt1zt1TfUnhg3PlLCmjAUpNJkbdwq_sF2zoqA

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2393 22 KB
8 KB 19ms
17ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 07:27:17 GMT
expires: Tue, 14 Mar 2023 07:27:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 35378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D822 41 KB
15 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35378
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 07:27:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8527 1 KB
749 B 11ms
9ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 14 Mar 2022 05:53:44 GMT
expires: Tue, 15 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 40991
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D822 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a0a35de1f74ffa2e7e7d335f45c2a8b0a796d8c416f24ade692b79009371b97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 306ms
85ms XHR
application/json 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1647278215263&sessionId=7c9e63de-df10-cdef-a77f-0a97e163f92a&url=www.hawtcelebs.com&cheqSource=1&cheqEvent=2&responseTime=934
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:55 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 213400902e1f98435d2bb15daa25b8f7
Content-Length: 4
Expires: 0

GET
H2 200 imp.gif
obs.cheqzone.com/tracker/ 43 B
102 B 93ms
93ms Image
image/gif 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.cheqzone.com/tracker/imp.gif?e=37dfbd8ee84e00136ee9c532e2458b999225c24f567d51c5c30f41b0254384cfa532ff1a285aa40e98d022e0b44dc87ea4a36fde4c1b8c682309094d0ba0bfea9475489e91da563e351aff717718956a8b70cd0130003f8101424d3f065cc3bf775d36fa26e877cb55e2cc7ce2586fb01f6f3903d053f054abd1c5d52fe87547ed62d2f1157f84163343714593d65337fd78afe6d4e3474fbe498cbd39e821da61c45085052aae2d05f91e44042f9e5b32b49affa125be2ab8589801f95c0c2cf38e6b256a655c9b6599857ea95a61a7d4f232331e32d786302080903b477442750c1bef8828796d76e4ba152cebfea755c9a444771e2bb5a5a384800cc6b9a326f746c0016537dd9fcfe6ad6b89cc9133d56c5384e6c0250616e96567ac940a61efc89825d957bd1fad811bc551c8c96dd82a77c3d835d27795dabdf7dce7e01129a779bfb3ac200066bcd23298bc4bb443420782590b8285c38681eb923bce6a88de93a349cd5c5513a2377b94c1c24e2387bd70a856b7c21c972df82d171a579e60e80a8d94fb2debd5688752a798ccd527d6195178e8121e506b5f7fc0a264b45498cd8a2be8de2bbd962b9adabab03d9fb7e44e6b72c8b10d0a9ba7071a5acdbfac65a43386e95ee9fc2db774bc329450c809d1a83ddb0721e4aa8e7b3c39601f370d5c15c7fd9e3fc008a5313b5135eae65dd599041ebbe9cdb0b870d0aeb1bec0aded82140a62bf1ed8e14b64c701204ecb711e317efc7be2&cb=1647278215263&cri=OQHknqcJzk
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
cache-control: no-cache, no-store, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK img.fetch Show response
udmserve.net/udm/ 1 B
470 B 155ms
155ms Script
application/x-javascript 68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to

Full URL: https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;gdprApplies=true;consentGiven=false;consentData=
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_Fri_3_11_10_11_16_2022.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 68.71.249.118 , Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Connection: Keep-Alive
P3p: NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Content-Length: 1
Content-Type: application/x-javascript

GET
H/1.1 200
OK img.fetch Show response
udmserve.net/udm/ 1 B
470 B 312ms
156ms Script
application/x-javascript 68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to

Full URL: https://udmserve.net/udm/img.fetch?sid=17047;tid=1;dt=8;gdprApplies=true;consentGiven=false;consentData=
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_Fri_3_11_10_11_16_2022.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 68.71.249.118 , Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Connection: Keep-Alive
P3p: NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Content-Length: 1
Content-Type: application/x-javascript

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6013 0
0 60ms
60ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030901&jk=1938207847620433&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 38FD 0
103 B 14ms
12ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESENc2b6ddirc9A0Qyt_SGy9g&google_cver=1&google_push=AYg5qPIoygg0ZmCptvzkopcZQJ7-EkMQjUIa7tA-Au8pZGZLwmVv1Eqcg7ztrM7wlYAfIgODR49KKSPhUmvG18qoyoLUAXnrW20
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 38FD
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECAoCg0dUyc36kY3NymxszI&google_cver=1&google_push=AYg5qPIiJAupcGJIP9PaG6lX6YnkYWbRknFsU_IQgx-RTSKYnlfzmU6f1OG8ooaLOSAHY0FNYq8AksoA2-v0IGQrdC29a2SZihGf
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPIiJAupcGJIP9PaG6lX6YnkYWbRknFsU_IQgx-RTSKYnlfzmU6f1OG8ooaLOSAHY0FNYq8AksoA2-v0IGQ...

170 B
188 B

19ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPIiJAupcGJIP9PaG6lX6YnkYWbRknFsU_IQgx-RTSKYnlfzmU6f1OG8ooaLOSAHY0FNYq8AksoA2-v0IGQrdC29a2SZihGf

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPIiJAupcGJIP9PaG6lX6YnkYWbRknFsU_IQgx-RTSKYnlfzmU6f1OG8ooaLOSAHY0FNYq8AksoA2-v0IGQrdC29a2SZihGf
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Sun, 13 Mar 2022 17:16:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 38FD
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMmtA7LI9UOlY4isLX-s130&google_cver=1&google_push=AYg5qPLdevwJIjVgCbIY9G64Avv1oJ_VUENfeMal2TqXvvqmsLSXfh8gEcWItZTmnxR8WuWEnhbegSd3IHy...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPLdevwJIjVgCbIY9G64Avv1oJ_VUENfeMal2TqXvvqmsLSXfh8gEcWItZTmnxR8WuWEnhbegSd3IHyg8KdMJLCuUgybvDj6

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPLdevwJIjVgCbIY9G64Avv1oJ_VUENfeMal2TqXvvqmsLSXfh8gEcWItZTmnxR8WuWEnhbegSd3IHyg8KdMJLCuUgybvDj6

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPLdevwJIjVgCbIY9G64Avv1oJ_VUENfeMal2TqXvvqmsLSXfh8gEcWItZTmnxR8WuWEnhbegSd3IHyg8KdMJLCuUgybvDj6
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2999
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 38FD
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGVbYYGwu8XSJ4Kgfs6xpTo&google_cver=1&google_push=AYg5qPLzKlSlsXSG4S-HIn9SKAoEA29ukLwH2u_8yJMoa43FWKC7aG99G9GPcN1cfWiVdqB6zx6t1ZBW...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEGVbYYGwu8XSJ4Kgfs6xpTo&google_cver=1&google_push=AYg5qPLzKlSlsXSG4S-HIn9SKAoEA29ukLwH2u_8yJMoa43FWKC7aG99G9GPcN1cfWiVdqB6zx6...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTAwNzI0NTQyNzk0MTc2MTIxNQ&google_push=AYg5qPLzKlSlsXSG4S-HIn9SKAoEA29ukLwH2u_8yJMoa43FWKC7aG99G9GPcN1cfWiVdqB6zx6t1Z...

170 B
188 B

25ms
24ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTAwNzI0NTQyNzk0MTc2MTIxNQ&google_push=AYg5qPLzKlSlsXSG4S-HIn9SKAoEA29ukLwH2u_8yJMoa43FWKC7aG99G9GPcN1cfWiVdqB6zx6t1ZBWB-EP6MrJOVmXlKPOEOOd

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTAwNzI0NTQyNzk0MTc2MTIxNQ&google_push=AYg5qPLzKlSlsXSG4S-HIn9SKAoEA29ukLwH2u_8yJMoa43FWKC7aG99G9GPcN1cfWiVdqB6zx6t1ZBWB-EP6MrJOVmXlKPOEOOd
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 38FD 0
43 B 697ms
232ms Image
text/plain 54.150.24.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEMHcwxWlQRzHtD9bsX7fFH4&google_cver=1&google_push=AYg5qPINbGMPR5G2LzWD0srpGoC6EEeyY7H8e4qE0Jxcvk2wuEe6bRdV4BAIxHDco7U10a9LmFES3cre3036l4wm12HYvKLBskQ
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.150.24.141 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-150-24-141.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
server: awselb/2.0

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 38FD 42 B
233 B 123ms
96ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEFX_5Cj-TZw9e9hB8vFHSA8&google_cver=1&google_push=AYg5qPJiJUbDPGzn2xZnKO3Ja9YBQTKCl-YZyPY1EgkkiBI4GP2rBqYoKE2-zH4QpgyEvxL7dJJndRvisFCm8YH8A8ccUwNk6rjX0Q
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 38FD
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEO7XXcNXnLiKy2e-v_g1YlE&google_cver=1&google_push=AYg5qPK7e4y2kiYVwJOezFk1PXSW8RHTi-14WfzfRDBCLalizVkR6cz5-rpd0b039h_fIUJrYjksNnzsphD...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPK7e4y2kiYVwJOezFk1PXSW8RHTi-14WfzfRDBCLalizVkR6cz5-rpd0b039h_fIUJrYjksNnzsphD5KVtY6zWZz6sdYk_juA
https://onetag-sys.com/sync/i,19/?google_error=5

0
148 B

11ms
11ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?google_error=5

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/sync/i,19/?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 38FD 0
12 B 15ms
15ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kkwo54Ywkr0jo9nIzqNkNKL2OmAQfGVnYM2_pfdpjq_9TcQ9zJi_RkLpq6QIbN2UQOmwdLLyE

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FDED 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35378
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 07:27:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 74F9 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 14 Mar 2022 05:53:44 GMT
expires: Tue, 15 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 40991
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame BB6D 12 KB
6 KB 84ms
84ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 1 KB
2 KB 102ms
56ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=196&m=0&partner=1881&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F1881%2F150924%2F512fe8591ccf429bba8b32f7d3736857_logo_privacy.jpg&v=3&w=196&s=hufpgWrCpd6JkHrxWB3k-7yi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b6a6a2a20d15f226fa342d50ff201e59035a50acea6134177bdb9361c767e399

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29168214
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1522
expires: Wed, 15 Feb 2023 07:33:50 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 29 KB
30 KB 95ms
50ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1001%2F22%2F10012248_01.JPG&v=3&w=400&s=k5ZmgcEp-dLz2Z4xqKCadeFw&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

21eff19ed2607ebca7cf6f0fc296942553b766c7baaf8fc90da2cd2f3799a907

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 30078
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 29 KB
29 KB 69ms
25ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1006%2F62%2F10066290_01.JPG&v=3&w=400&s=xepVqg_gx7jnw4j89QYmXlEf&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

952bb6ca890af4caa9109cc91e851b49246ac2c837ec2c5841982af89d8be734

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 29872
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 15 KB
16 KB 94ms
49ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1008%2F63%2F10086383_01.JPG&v=3&w=400&s=LSiTeZCieQz4a6nX7stOoY7e&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

6e21934b978c8a01ee949238c3be51b93e0ab62d60022e755bb1dab81e69ddf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 15838
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 29 KB
29 KB 86ms
42ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1010%2F54%2F10105433_01.JPG&v=3&w=400&s=YN6JjbraPZX2gD8cRppI4kbe&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

94352a6e25c025d9f314e5feccb7f304bba6ebe148011dec463b534ccf7c4535

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 29380
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 12 KB
12 KB 81ms
36ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1010%2F67%2F10106742_01.JPG&v=3&w=400&s=a1dB8kUWYOOSbBpQ0uVkobuH&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ca119b79988ac6bd9e8c041503404c18ef72615c0303279618a2fbe9a078d946

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 12384
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 17 KB
18 KB 51ms
50ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1007%2F06%2F10070693_01.JPG&v=3&w=400&s=z_1LptzEmrZ5iCdEh-aRiZsw&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

56f1fd8da94af5c149466e93ec701b778ac56dba606008b476a3262c7af9e511

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 17720
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 21 KB
21 KB 47ms
47ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1005%2F21%2F10052170_01.JPG&v=3&w=400&s=SgNXI0_njho5Trglkl_mvtkc&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

022f36ac2e753f933db16a6fb9d2df41cc8d6f6d6d4ee62e2ae9a914d83f6b7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 21422
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 13 KB
13 KB 53ms
52ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1008%2F32%2F10083269_01.JPG&v=3&w=400&s=SEYeDFMMMLuZGKdH48-CPIQf&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

85a62f1cff3a62e192b07126c95e8405b45c0e552d5dae1450ad0f9573c60a82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 12890
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 23 KB
23 KB 53ms
53ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1005%2F74%2F10057439_01.JPG&v=3&w=400&s=6X_svUPc8eujj1J0sbJ2RRAc&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

19a1f2599bb28ef11e677c6b1d1bf77104079a36c8145e12bf1505bef317a24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 23260
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 7 KB
8 KB 57ms
56ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1006%2F81%2F10068104_01.JPG&v=3&w=400&s=UArbwlZn856CfzHF4HkZuVxf&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

8b4a58e49cb01da41a3e8be16f5f596e428ec3f4f2aedabe1349854e321e3872

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7622
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 11 KB
12 KB 58ms
57ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1008%2F32%2F10083276_01.JPG&v=3&w=400&s=yb3c85t25nQysV3kcmIE1gau&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

229cb9fff285c234e313eb40bbc7b0a8ce695f967495d3022850d59a7e89709c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 11596
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BB6D 21 KB
22 KB 61ms
60ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=1881&q=80&r=0&u=https%3A%2F%2Fportal.pharao24.de%2Fbilder%2F1007%2F01%2F10070191_01.JPG&v=3&w=400&s=4FJ2yfSYgBo-eOgGI2LQk6ZK&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

1e26791594019a8cabe268812e0ed999e23c460aed496cae1dd7edb412c19109

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 21820
expires: Thu, 09 Mar 2023 17:16:55 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame BB6D 0
127 B 51ms
14ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=46oEUSwJ3YLTDbEEDign5RG2Z-1h7JgiJjUmDT6VqEk5cEKU9zmH1z82DTI420GxFdQ5gRdi9p7xG8doTghD-otbbGe_6AQjn-jlMmOiZyz2TnDzCerJuZYsqv-TAev6icGo0W_ugLpxB0zc-UBwrFEMg86AfnkvXUsW8TUTZce9zBM3lhViaPNfCb2OhF2-7_yI8xquXNY27hkCbYnE7PzeihoSAnsYIRFRTdVDaDSksBnv71AbOTrxgys&sds=2&rev=unknown&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 14 Mar 2022 17:16:54 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame BB6D 2 KB
1 KB 24ms
24ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame BB6D 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 Mar 2023 17:16:55 GMT

GET
DATA 200
OK truncated
/ Frame FDED 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3f2e1c6049cf73f2e45c75fad592406182f1ca64bce0e8e5a056e92c2d27b639

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame A15D 110 KB
38 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 14:21:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10521
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 14:21:34 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame A15D 60 KB
24 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 17:16:55 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 1D5C 118 KB
40 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9999815340063719424/160x600.html?e=69&leftOffset=0&topOffset=0&c=RJrxymZT8r&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9999815340063719424/160x600.html?e=69&leftOffset=0&topOffset=0&c=RJrxymZT8r&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 15:52:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5064
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 15:52:31 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1D5C 60 KB
24 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9999815340063719424/160x600.html?e=69&leftOffset=0&topOffset=0&c=RJrxymZT8r&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9999815340063719424/160x600.html?e=69&leftOffset=0&topOffset=0&c=RJrxymZT8r&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 17:16:55 GMT

GET
H3 200 xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js Show response
pagead2.googlesyndication.com/bg/ Frame 23B9 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6df1f67ffd26978bcacb3a3445a713ad2e3bf4992eba3081ad16b64a64e2e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:55:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13756
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 11:55:09 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 321ms
104ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1647278215455&dn=TC&iso=0&t=HawtCelebs%20%E2%80%93%20Latest%20Celebrities%20Pictures
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 / Show response
audit-tcfv2.quantcast.mgr.consensu.org/ 2 B
101 B 35ms
9ms XHR
text/plain 3.69.18.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22274pYeudnKvDs%22%2C%22domain%22%3A%22www.hawtcelebs.com%22%2C%22publisher%22%3A%22HawtCelebs%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.39%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%224rHc6iLEBI7fi7DodmBOXQ%22%2C%22clientTimestamp%22%3A1647278215484%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-5b7wd7v3crj0yg15ve0y%22%7D
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/39/cmp2ui-en.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.69.18.111 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-69-18-111.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.hawtcelebs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 14 Mar 2022 17:16:55 GMT
content-length: 2
content-type: text/plain; charset=utf-8

GET
H2 200 get Show response
odb.outbrain.com/utils/ 41 KB
15 KB 278ms
227ms Script
text/javascript 151.101.114.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/get?url=%20&idx=0&rand=50357&key=NANOWDGT01&widgetJSId=TF_6&va=true&et=true&format=html&pdobuid=-1&adblck=false&abwl=false&clss=L%2FSMjhDdkq7XwX%2BRwWeeizz0Ydzc0WEdP6334x%2FOJxQitEi5kHeHLaqgoPbXhWpXc2OZ8fqqxSTEYG4z&px=451&py=1437&vpd=237&cw=537&activeTab=true&darkMode=false&settings=true&recs=true&version=2000636&sig=TGe0GbmS&apv=false&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=1&ccpa=1---&ccpaStat=1&ogn=https%3A%2F%2Fwww.hawtcelebs.com%2F
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d1a94cec495c993b0d2e7284e13837caf46c03cfd1285c35fc36dbe74a6287d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, LGA, HHN, Europe1
x-timer: S1647278216.574921,VS0,VE218
accept-ranges: bytes
x-served-by: cache-lga21952-LGA, cache-hhn4073-HHN
vary: Accept-Encoding, User-Agent
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
x-cache-hits: 0, 0
x-traceid: e4eaf647b1a181773eecfd329ecdaf50
content-encoding: gzip
content-length: 15165
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0115 22 KB
8 KB 13ms
13ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 07:27:17 GMT
expires: Tue, 14 Mar 2023 07:27:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 35378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js Show response
pagead2.googlesyndication.com/bg/ Frame 571D 35 KB
13 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6df1f67ffd26978bcacb3a3445a713ad2e3bf4992eba3081ad16b64a64e2e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:55:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13756
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 11:55:09 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2D77 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 07:27:17 GMT
expires: Tue, 14 Mar 2023 07:27:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 35378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 8527 0
103 B 16ms
12ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESENc2b6ddirc9A0Qyt_SGy9g&google_cver=1&google_push=AYg5qPINomr2PjoTe2IFJP6gtvKrHCi0qdIQmzBhrcJVNOG2ht4FbwtBlFlrKod56_vCG552rcgWjP6aEh9RPnbyz69q2mvKOOsX
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8527
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECAoCg0dUyc36kY3NymxszI&google_cver=1&google_push=AYg5qPIFWQfXRNMTHDnjF6sNMEv8QcTUxTYfcSPLjCGwy7SPedE_Az2DsAdjNRAVNfd1YV_1rjRoF4OLAW8Xh7WUBdtVq1aKURp1
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPIFWQfXRNMTHDnjF6sNMEv8QcTUxTYfcSPLjCGwy7SPedE_Az2DsAdjNRAVNfd1YV_1rjRoF4OLAW8Xh7W...

170 B
188 B

20ms
20ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPIFWQfXRNMTHDnjF6sNMEv8QcTUxTYfcSPLjCGwy7SPedE_Az2DsAdjNRAVNfd1YV_1rjRoF4OLAW8Xh7WUBdtVq1aKURp1

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPIFWQfXRNMTHDnjF6sNMEv8QcTUxTYfcSPLjCGwy7SPedE_Az2DsAdjNRAVNfd1YV_1rjRoF4OLAW8Xh7WUBdtVq1aKURp1
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Sun, 13 Mar 2022 17:16:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8527
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMmtA7LI9UOlY4isLX-s130&google_cver=1&google_push=AYg5qPL0kwqMVai2ihFttADnaSdFBRKqMTSnqU18s9j672dm-vgsYpvFxTxwGB02JFhYWjh2xOMo70amaVU...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPL0kwqMVai2ihFttADnaSdFBRKqMTSnqU18s9j672dm-vgsYpvFxTxwGB02JFhYWjh2xOMo70amaVUnPyTD9qCrxf0F3UIM

170 B
188 B

21ms
20ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPL0kwqMVai2ihFttADnaSdFBRKqMTSnqU18s9j672dm-vgsYpvFxTxwGB02JFhYWjh2xOMo70amaVUnPyTD9qCrxf0F3UIM

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPL0kwqMVai2ihFttADnaSdFBRKqMTSnqU18s9j672dm-vgsYpvFxTxwGB02JFhYWjh2xOMo70amaVUnPyTD9qCrxf0F3UIM
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2998
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8527
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHBp6hQQLCGfrg2eURC0FFQ&google_cver=1&google_push=AYg5qPLRKbGlP3vZsDHu7flEfcHVPXAHsLk9qrXyD5JuoWw_wYOaGQhlDnS0VEV9Ak0VdwqeXKw...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxVlQtMTYtS0o1OQ==&google_push=AYg5qPLRKbGlP3vZsDHu7flEfcHVPXAHsLk9qrXyD5JuoWw_wYOaGQhlDnS0VEV9Ak0VdwqeXKw_h1hg6xm7caei-f9U74Ao3x4

170 B
188 B

23ms
21ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxVlQtMTYtS0o1OQ==&google_push=AYg5qPLRKbGlP3vZsDHu7flEfcHVPXAHsLk9qrXyD5JuoWw_wYOaGQhlDnS0VEV9Ak0VdwqeXKw_h1hg6xm7caei-f9U74Ao3x4

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxVlQtMTYtS0o1OQ==&google_push=AYg5qPLRKbGlP3vZsDHu7flEfcHVPXAHsLk9qrXyD5JuoWw_wYOaGQhlDnS0VEV9Ak0VdwqeXKw_h1hg6xm7caei-f9U74Ao3x4
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8527
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItJnDVFAj25zjyR6MXkesA&google_cver=1&google_push=AYg5qPL0lO_kNvSqNZoQ2Q1LN_4eFJeZTQGndGkNqrgBQv_3W6neJjzuIoD-9BlR3WbCERJ_VBwGna2kHhaFvQlJd...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL0lO_kNvSqNZoQ2Q1LN_4eFJeZTQGndGkNqrgBQv_3W6neJjzuIoD-9BlR3WbCERJ_VBwGna2kHhaFvQlJdjkAEFWWA1Z0&google_hm=767f2a675cb08c014a686a9d

170 B
188 B

20ms
19ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL0lO_kNvSqNZoQ2Q1LN_4eFJeZTQGndGkNqrgBQv_3W6neJjzuIoD-9BlR3WbCERJ_VBwGna2kHhaFvQlJdjkAEFWWA1Z0&google_hm=767f2a675cb08c014a686a9d

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL0lO_kNvSqNZoQ2Q1LN_4eFJeZTQGndGkNqrgBQv_3W6neJjzuIoD-9BlR3WbCERJ_VBwGna2kHhaFvQlJdjkAEFWWA1Z0&google_hm=767f2a675cb08c014a686a9d
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 8527 42 B
233 B 90ms
89ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEFX_5Cj-TZw9e9hB8vFHSA8&google_cver=1&google_push=AYg5qPL6x-c9vPEw-w7B3DlBHADbKT2BMJk7Xv02FFdgaJl-_mGfn96K-UUQNYbHto-BfY55gPswzzXUdL1dftGkF6hD31QDqVeh
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 8527
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEO7XXcNXnLiKy2e-v_g1YlE&google_cver=1&google_push=AYg5qPIgTHCuy_ZRdtx4xxV3qFwpFhN4FBH_VrTPFNgyhkP1Q5T6aviQV6VbhHQDtf-eObrqITvFpsXQL0I...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPIgTHCuy_ZRdtx4xxV3qFwpFhN4FBH_VrTPFNgyhkP1Q5T6aviQV6VbhHQDtf-eObrqITvFpsXQL0IfNfDIQzMi4A7G_SDdqQ
https://onetag-sys.com/sync/i,19/?google_error=5

0
148 B

9ms
9ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?google_error=5

Protocol

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/sync/i,19/?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8527 0
12 B 25ms
24ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LzTjBcLGN9XnecxEHWZpvAc-xNTpJmqERMAmeka5Y6Oq2OXWMeMngpXrxiYY_aiA_c131X8pk

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 avoury_always_on_300x250_atlas_P_1.png
s0.2mdn.net/sadbundle/2908843633792309460/images/ Frame 4272 45 KB
45 KB 18ms
10ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2908843633792309460/images/avoury_always_on_300x250_atlas_P_1.png

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

506720cdcd6b5cd5bad9c5cd12adefdd3254846c3b8e6ad0dcbac784860bd61d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2908843633792309460/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 15:51:28 GMT
x-content-type-options: nosniff
age: 437127
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45767
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 08:07:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 15:51:28 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9D07 0
23 B 36ms
31ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsslqFb4zZDQmlJ7_5DYb6VX6O59ZGR_nKbNf6W3wVVR2gOoZZkQF900DBcYtmD9vzyU-17g4gtIXXeQgKTWeQ90uCGuRwI-7b2Ys0hBaHCcGPm95SOs74892M2jafDibK3tKrN_9lrFf0KsEeJxmlXElo3fFNtAu2bzXpln8vpPlKe9pqQ4t4iMZJV8Y_VEVxfUrWl7kShGpa1ud4w2JxjJNuDr527W0aMxe4yLz63fCukb6kZL1pJOu_Jepsx5km7aZ6X9oK3wU97_e15KO_gJU-Gju5B-CQqAj0PSSoalpaZY6bdemnEqy8rCwtKFy_o6KF5NqOQFo13ESzRa-EDsLUEdKO24LZBFhowaDVp1uLM2br70FOmtM6k8ZmhEPR3DTp2g3uigwoLgTqq2_kMVKnAegwRmnZyuY7R5q-o-6rdmiFvzUNMErWlq20DzCbBQp5HAPk0J6aHtxYpJ0gx86vb3vsT_PwtXP-jjfMW56QMIhNOdsGNY9zCd1oAc8eN29Plz4lv-grY3JPf7DBcUsEL6KHAXbNkFx5szXhIDwoRKVUbbTe-joyZdqdm7yB8ETKCTmSz_ePLYrBbj7SBGvm6XIuq53fP4Ad7-zavK7VA98g8CaFrABNe_DPx1goF-bAr4AAItX5yOefZYu9piH7RvfXBYDsHwRTz_MMQq_F3I3iakc__4FQ8jwnmAF0U4_QQDfy6KQiE2U1q80BD7FCInGV7umGCObOjMHTDeFjyA3dHnPnPhnR7YhFnzHlz-VkautAry9l8CTQaO5lEsfB2mIGKizbnwXc0kAokSrnmdm0bRKM4XQQyGw6ooHB-AcR_wx_8CjY4BUcI8fU8UTZgMROHgBF3E059cZ2-LsZR5yfeVoZ6KsUmRJLU96Ae_1HWl8q7frs6a-GVeH0SnZlGE68voTDUWal-APvszZW5IbxVk3G6gmeBGRuPJ7zJut9AihX6kt-4tgZkMEUGYwSJW6etysZhNQSujnO5d3JSa-Qf17T7l__149z-3xopn4rqK3mJVuo4Q3rAm14eZdVkIp6b4jPpXH_x5GDSZxXI8iCsIE5i0Bg1c8xeE_i2T5zWHtXiiEgZlm50KcG6TMiavPpsg987pmdfcJOB93auqa_Riz7t0ZqMUTdV7EBUmxuQu-HcG9yrlECE-yGjMDMmfoFcbxNSaisGQzYR-WtROyJXw7U4qx3qRQM47LHIMeE-ZEcdZehVZMvnbVP9HGuGvutpZh00pgdVz-TmCISVvoMgXzTrYZcnTce8Kge8TgYITO5-2pX4cyXWtQvm3-wSXuXqv&sai=AMfl-YSxDwy-_Ehm0miC9dXPnaWvM6Chy3M_pgqksyqZ6gdYQoNpQ0MaAAc8adq1jXGuZhd4l62MRNLzxQ5JmHbcEl76BvfexFNKG3mbkJDH2uW1y-gEPIk78KmInUlGhrmpn2f_cdr0b1gwWLY4ZlIVea_lJaMHZxf6rjcnW24gMkDF31AI_X68LgFEbZ2mRADl14z0jkAA9acmcNrD6AOYZCrWSC816CZFZcso1kkJYiQJeWOY4z405ttvQAjF0ucQXF81EjuNbgxGAqob_bcmyQ6a-h5CyIRD7Tu_78z2ibn2&sig=Cg0ArKJSzDCj2Ej1briDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1269&vt=11&dtpt=921&dett=3&cstd=345&cisv=r20220308.97493&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 avoury_300x600_atlas_P_1.png
s0.2mdn.net/sadbundle/8472981474830724725/images/ Frame 05C9 78 KB
78 KB 16ms
9ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8472981474830724725/images/avoury_300x600_atlas_P_1.png

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53db131d222652dc58a0b6f8167862a8f29f65834c01a23f9521e1faf72a6ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8472981474830724725/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 07:58:16 GMT
x-content-type-options: nosniff
age: 465519
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79570
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:18:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 07:58:16 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 980A 0
23 B 35ms
31ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssEF-XBzvXb6vlk_QJ7VsIcsJlWQ-lShPpMbM239X5Ng7GHOhKU88bNV0051FoOjQfiGgqeLt0LNuCXL2rwdGvCk6vvO5MwXWToGhcYv3Hp4QO_LOtSRhU2irjR4lGG3clxCQu-5juKNf5qmNre32qQBspz6desFtsSVqe1OKUBIo_oJyfG9Ih6afpDbomGBEwUDzU6rI-aly1LyQZgIVOOTDO3_jF8wRVZZEmN0w6edV0hbFtfqS3zNveAMJ2RWcgZNW6pHd8qBDpiSCCdw6z9-4vU96FPiXJMuzrhT1kUr6OlUoi3AbUUv3-7HLEKOT1VnaXYDGvQI0W0oOQ3YwMIZZMTjNwae2lg8081q6RwhhAthfy76YpOQRhizOahQ3qnQxsbyIccfgVH75LPkPdoyepimTip8dOsx-m9t6LhvBC4_h5FQCnucJWSi6nNcFhUR-cvCc_3N4YYWQpH6K_BjQBa8bSL4f6lILhPJ-MHixLgR9l4g_7TCWTqiTMuKQRWsaFTp2Ud22i3H7sIHwwgmgwUUNzVz1vtXCUeBEhSdKw7T_pS3_BRHvkE8eS-Gjgn2E7O0z4pf2wmxNEDQs1FgJVDX-q6cZoLrUCkz-qmU2NAw6gg6ggrvYk07xrQ4TmF8QcRRUCbxQt7ksVfrEpDr3EtidZUNWK_qk3b_dpnuFOtC_gImOVJ0DKdX7aYdTXOowedVnbZOcHCLoZ0sEBUWw81tBPC95l1mZI9ZSA-7dH72D0eBWkFuiHjCWm40Idg4bEWWaToQFNSUsRS7guuPVdaNqXy6FEl7lzpjAjbLAa_UhkpLCisuHCL15d5xkba-A9BuQ3te9f_2ZW8nlZpaoYaq_jYsSEQHqmNmbGr0KMfrfW1IE-e4WMtWRgTVs2EtSLPCzDyQ5tHqSdFRtgE1r0PssHTmyrC-7PIjT8hUHQ9NR0HGZ5aYsnDK0GRN0PvV4mMGM4Zb2K6VItkHU32rt82QL937bBxqLQ_54Xa_rRpbxooxzLd3p_v1fbuA7K04EECnefoynyzABuRizrbsUghudz8p_o98syuZLkjKkXtr5e7g1tNq3bTFlULClqsACXpvdYeNu67F0DwJ9Ha2CJUIjzMVwpjQtumr_vjiWfhA2lHLIQgy8fSWZZThC_ru-jygL4Xc-1RdqxUnT_rcjlz9F0Z6Tmz8TisvNw1X7cKqDiGA5a_WZY77jSry3qNrNcqg7wqag0LuawRkp1sbMGPZRHvWBlUlcmY4QrvP_Jj2WVcsmapj7EnAJrXuESerHikqLSXl81k7UAnIjeBUg&sai=AMfl-YQN1XF8Ywnp2PiCF5YtvY160hGS2hOkA-t8m8BbTuXWtcK4PdgOGkvUo1W8mvIgQVT-9G7a0jD_oPXyojFpkk-R2DOtep8pj2Ty8Znvch6cwgNTKcrUYKTy8OW2k_lK7OtGMe5RRzScLG2ctX5DQNbf08F2F_JOGoZM19-LG2_tWOga_Znzo011zEB5wU_YjGdR_qiOko6tqjpD1PqQET0ZCVqQxsHKYql64ZfFxbS56UXg9hxcgugij0xUMrSv1oQR17xjDbvsTl190ULSDtaQvXhWM1uNv9bPlSw_DpzH&sig=Cg0ArKJSzMlCASTEyiDpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1169&vt=11&dtpt=732&dett=3&cstd=435&cisv=r20220308.65548&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js Show response
pagead2.googlesyndication.com/bg/ Frame 2393 35 KB
13 KB 16ms
10ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6df1f67ffd26978bcacb3a3445a713ad2e3bf4992eba3081ad16b64a64e2e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:55:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13756
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 11:55:09 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 74F9
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECAoCg0dUyc36kY3NymxszI&google_cver=1&google_push=AYg5qPKH3nA9uj22cT8iDMa5qeXLghhp2lRhYZwBBoTMI3yIi1qM4HRLc5AD_V8CmCtYx8NDEu8gS0GQecw6OhG2xkyfrf6oDBUGbw
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPKH3nA9uj22cT8iDMa5qeXLghhp2lRhYZwBBoTMI3yIi1qM4HRLc5AD_V8CmCtYx8NDEu8gS0GQecw6OhG...

170 B
188 B

19ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPKH3nA9uj22cT8iDMa5qeXLghhp2lRhYZwBBoTMI3yIi1qM4HRLc5AD_V8CmCtYx8NDEu8gS0GQecw6OhG2xkyfrf6oDBUGbw

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=665070C465D24970A99603A500FDBDBB&google_push=AYg5qPKH3nA9uj22cT8iDMa5qeXLghhp2lRhYZwBBoTMI3yIi1qM4HRLc5AD_V8CmCtYx8NDEu8gS0GQecw6OhG2xkyfrf6oDBUGbw
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Sun, 13 Mar 2022 17:16:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 74F9
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMmtA7LI9UOlY4isLX-s130&google_cver=1&google_push=AYg5qPJXavg5M5o-Q6f1FwTydZIKiAnPn6Jzc14I7S7d2LEl6Hw6QhCume0FJMeCvztUWSW_WKmi4Z1rsP5...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPJXavg5M5o-Q6f1FwTydZIKiAnPn6Jzc14I7S7d2LEl6Hw6QhCume0FJMeCvztUWSW_WKmi4Z1rsP5gZHHeNwV-qXwb2-P0

170 B
188 B

20ms
19ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPJXavg5M5o-Q6f1FwTydZIKiAnPn6Jzc14I7S7d2LEl6Hw6QhCume0FJMeCvztUWSW_WKmi4Z1rsP5gZHHeNwV-qXwb2-P0

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPJXavg5M5o-Q6f1FwTydZIKiAnPn6Jzc14I7S7d2LEl6Hw6QhCume0FJMeCvztUWSW_WKmi4Z1rsP5gZHHeNwV-qXwb2-P0
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2997
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 74F9
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHBp6hQQLCGfrg2eURC0FFQ&google_cver=1&google_push=AYg5qPKzHLhO1CO-AeBeMIQRV5oY26Gw-O-9ynDzHAoegMD7ibw8-tt3KjpJvrwVu2CwW41cl4t...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxWEMtUC0zRjRX&google_push=AYg5qPKzHLhO1CO-AeBeMIQRV5oY26Gw-O-9ynDzHAoegMD7ibw8-tt3KjpJvrwVu2CwW41cl4tRG60rEFjM5n_KrpnVT8Xzzeiv

170 B
188 B

26ms
25ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxWEMtUC0zRjRX&google_push=AYg5qPKzHLhO1CO-AeBeMIQRV5oY26Gw-O-9ynDzHAoegMD7ibw8-tt3KjpJvrwVu2CwW41cl4tRG60rEFjM5n_KrpnVT8Xzzeiv

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBRWVgxWEMtUC0zRjRX&google_push=AYg5qPKzHLhO1CO-AeBeMIQRV5oY26Gw-O-9ynDzHAoegMD7ibw8-tt3KjpJvrwVu2CwW41cl4tRG60rEFjM5n_KrpnVT8Xzzeiv
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 74F9
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItJnDVFAj25zjyR6MXkesA&google_cver=1&google_push=AYg5qPLNkTQ3rjL_2tIKn2LRQVVSWVgd6p78U0LzCqTqYc5p-17x6EG8VLcinE_SNT91crfb552Fic3LaJEHgwnfz...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLNkTQ3rjL_2tIKn2LRQVVSWVgd6p78U0LzCqTqYc5p-17x6EG8VLcinE_SNT91crfb552Fic3LaJEHgwnfznqo8C5MSryObQ&google_hm=767f2a675cb08c014a68...

170 B
188 B

23ms
22ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLNkTQ3rjL_2tIKn2LRQVVSWVgd6p78U0LzCqTqYc5p-17x6EG8VLcinE_SNT91crfb552Fic3LaJEHgwnfznqo8C5MSryObQ&google_hm=767f2a675cb08c014a686a9d

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLNkTQ3rjL_2tIKn2LRQVVSWVgd6p78U0LzCqTqYc5p-17x6EG8VLcinE_SNT91crfb552Fic3LaJEHgwnfznqo8C5MSryObQ&google_hm=767f2a675cb08c014a686a9d
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 74F9 0
43 B 392ms
232ms Image
text/plain 54.150.24.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEMHcwxWlQRzHtD9bsX7fFH4&google_cver=1&google_push=AYg5qPLxFZlLHAigwnADYDydrvFAlARXJ7NepiYByFwyVUf3TVQ2Si2hONNbIQM6xkmd_qsqMeXusRFkBn9RaxEJhusafyfOHXNrnw
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.150.24.141 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-150-24-141.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
server: awselb/2.0

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 74F9 42 B
233 B 89ms
87ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEFX_5Cj-TZw9e9hB8vFHSA8&google_cver=1&google_push=AYg5qPIQxpbyihTp5HSW2flS8vglNPC5EFvMO0bHk2qhT-r9gw551sXQQ0zrl6IVItxK7srqIfJ42YJiIzgurYIseSmuaTwIUQ_0_A
Requested by: Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:55 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 74F9
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEO7XXcNXnLiKy2e-v_g1YlE&google_cver=1&google_push=AYg5qPJy6sVIKQnFIl2ZsmJFlKqANKVHHThflLqv2FKXLzwUtWip8IO7PAnqBsbsqByRYIzifKOWL28xxhH...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPJy6sVIKQnFIl2ZsmJFlKqANKVHHThflLqv2FKXLzwUtWip8IO7PAnqBsbsqByRYIzifKOWL28xxhHxQBhFEpfIVpJi7t8csg
https://onetag-sys.com/sync/i,19/?google_error=5

0
148 B

8ms
8ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?google_error=5

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/sync/i,19/?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 74F9 0
12 B 18ms
17ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LVymisxzvQh_ktDzWc40gk34nvT-0eyJrTv8Ux0y3e4lrCvKOCWlJLL8lV4PtA8zWgb7TzccA

Requested by

Host: 12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
URL: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FDED 0
23 B 31ms
31ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBKE2DxKvSYCQkv5oOJ4QgvTx3nicb9CX3FEtz87u6ZP0RTW2hhHyuivwMoq2GbL2LmBfWPLr6lbHXYkCl9BvKXyiMtD3EuC8vUzcYsImbmXozGhI_6ZLzIWZuq0u7fg-IUM3SZHnJsVp5FWD8tKgwjriQQ3j0cTAE6vpmcXijaGNNFmI0bovGwy0iiUK8lePssT6ddzotqn5apK9Z-MmObaxowdlucBpBgRKaOxeQxoRX_bf-FnDAKvxbOCUIofg_XkxXLRPmmbvyq4w5c43rKeqMRp54Hkr8S3nFa3l4BP3PIQ2dggyvGjpQ_L6S15IJkPnqIhsKND_r7bN1vphki8oVQd_GcCZqOC2fjqmf74yqCgDjWXq9KdiyIU-61nWiUdNHgP3HsIaohZDHjKFJyv6ildB1DYUzFEQ-yKHO1uVNkmSJZ7zJGJrNH6SJ6t9O-22ljpCe1219Bvmlo45TAnFT8okfWJQuRXkMHAIbzMhDYxwQtQ8KkA-SUqKU-11y9A5d8bugG-O9UwT5fFc55ztbBdmBSV-4T6pljQntzWbWp2gVC2zOhG6WpaBxXkF1S6JZxZZxfTNlpq78w6U4fqKw8sajePJE-O00lQhT6jwLxcQ9_6oARXKk9ZF3Jsp6SIMoBuKODuc2yXG_yFasRf_qcjHEAGLtQzMvWNHAT1qQLRvTxXxWrH_ycm9FHY3wzwIE3cWsQR2cA2zKvNtbPRA1KWugvbt-tnuSIsn-VEPc-_I7LElfNZbcYmMGiB3lh3HSAjy1o2OWl3YJkMpPeanczTo-ZMYSek31Qs7vKNI32iZywm5vhIYX6KsPx9reNo_RDdn80c1q0djzSN5Y-t8hSAFGrpWuz_vJ86Zk-ptiLMXL_0W_qzPsvuACyz6GNDc_qzLuAgezK87zOF5Mfto1zBZ10EKQlwdxNv1vCmW_99LYXiCi_t36cKWNbjpKVwZ-OSEP-Ze3rPYiP1Cr1wBrVek_8zeHrO9B_JKIxBQK7KuAC1RRLn93tJGPIMhrDmswUhBnqMXp5ZGdHEVH4yjNsxwB8SHCVHC8w1gOgqO-VuJcN5mbn1898VQ5YGI7X6RLTc1RZyZtxMXgvdzUVKwizzy-nuWp4-xC53gIsUewIujzQqA0uKuanuuVk_sZB8KTfRsuCb9RyMiIrMVqBAEK7juiYyWgqEx3jbLnQi_qSFL82WINgAUG1RlTrZXLMqjQ5lMNjr1ZqULAQgsa65Y0ulEC-d7cFO4GIrEhSJ8X8DIn7n-j3mvZXkXsw7PM8CT13Q2u&sai=AMfl-YSefPTWBNEsXkcZuQw4q_xu_nKkx9G3n4oxGpPUsGpM_pN7_AWyx1Er7nJeLUP_ahXxeSObw0CqEsIeIG_qojP_gQ833-3OP_4IPU8ldqzEk1gCnsH7pxnsimy7R4yEEpTQH72ewFaq8TAdFG7EYaH-5LyjqhPREhv9NNQr7rVwNMEhl4oCweKT1SZQgmF-kRUpsXIjVYc0GQRiWdPD5Vrn&sig=Cg0ArKJSzDGG_LlHKRkrEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=959&vt=11&dtpt=505&dett=3&cstd=450&cisv=r20220308.15911&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D822 0
23 B 32ms
31ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsusjDaGDxZuhFPS9ZBQJcFDyTSlr46fBxxNF2NLjV4eMeZ2qiq79gahUbRkGOaOnIeUkBeIePihTnAOtMszTqYMCN7zrv-W8ECYOuudfDKNxILuN8PBSJ-2defQrUYmEovThOriiuL6IVnA1vgrj2yb2JL-QWQlgbAFwomc3gHIgaAHlRGypE0RKtHwXWq23kfJ6gIwkaab-AKAlbhDzdnwMsY12xjkzTL06F36kpO6rL_ZnzewjTpSf6MpAD0irQjO294l6K_qK3TSfeytREwTyUqhWnHRH0HYacpl7ojIcyoEBll2lZrRF53Oqeurqd-nAoWvCQ5uajLfJFhjXAfve8ehRmKLxTfNUSIjNm3X-v1u2y552NfwFTc7xJyGFRPhKaSUOXp1cARsrKhJ_smXDhCFIjgySZ_nw5emgpIeQ4X6-SKofLdsxBnO0etpRPsmP8mOjDqoiVWbONM3ChX7xnhRznmLFzxFKuWrQnkt8H-b-AwgCU7w5SxXu9kAMPq0osiIh3JMBKKO5hk4uu9mN-FP5ICxM-mcAQ2rzJ3eys_vGPYouDZFCPdunDoxDIhBQhwSMjYVjwtxqweh9KQZO4LWucDB1waOvgd8z5qsog7HWn3oMlFMEUUrM6CaKr0F5bzjhbXUpXu_2KZUaDq-W4RS-YNMZDInq3s_j6dRS0O3t96nI_BNvPgVDan_yp8htlnQQRCyOENSnYDea0-X5FlmBpOgXorvzuHtXM7xlNKltw3o4m1NN9eLmCDLo3dmN7ypbwjCuTq_eQhpzdtCuQEFMVk7gWatFeiHocmjgyWACNGjOVejr1wHDIGWQxjHv_XdSa_rZgZneZFiX6vGUIQbDRRspbyUOz4misCLsAFMnmNmyzwPME0W_Czciz-lqY9wyIZdUpZ6Z_PzgvmhAwp8MAQNLVkMz4qANEhnhxLphhtCLJVnTkGM8LUz7egal1yoi1w7t0j1KALcPttlPneBAw46vfM5LueBiPBDmAmYC40XTi0q3bmiowVyG_FcDNt6GJzXTJosyPbfKptWUV8iKM3ems526r9fDqnkBp-8xqmlhS5gmx8jdmaTEA0I2Yt5Gd66ymgQq4Ph_JHh-4UcfO8m86nB4J2xeCcStW_2B-6X4wah_-Wxo60ukI4rlytpFlmGU9BK4r0-Vo15BL3jvFfmQ8UXTIkmwqRldqzxzIhinNuaAwKD4KtYNcQUiZBgWpsbyF9Y0-MbPqFldfBljqT-PtCBGRXf48fGtVG_1ga9qVjJcSHBRKBijCqSD6T3okyFM3U&sai=AMfl-YT4BY6XDFzI0rcmRiizuLPFAnOThBCiKf_8KBJlLdYT6plYQ53OcNCb2eumn7M-O8j4FVUvO_jIlknTege5sPAVAEORbXoZZ0SzRoVaG7dwjlwzi4nurexTf2Wtqamh0FIOO1l10b3IrwhQApyWL8NcFxk8JQew3b7aEVNhRJemxgOgF-qF8fpypry1YJfAhWmYKi5YmjMrgEQ9wCwEdFWo&sig=Cg0ArKJSzCaVX3H2VcSlEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=971&vt=11&dtpt=524&dett=3&cstd=440&cisv=r20220308.65883&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.hawtcelebs.com
URL: https://www.hawtcelebs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK img.fetch Show response
udmserve.net/udm/ 1 B
470 B 156ms
155ms Script
application/x-javascript 68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to

Full URL: https://udmserve.net/udm/img.fetch?sid=14863;tid=1;dt=6;gdprApplies=true;consentGiven=false;consentData=
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_Fri_3_11_10_11_16_2022.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 68.71.249.118 , Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Connection: Keep-Alive
P3p: NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Content-Length: 1
Content-Type: application/x-javascript

GET
H3 200 avoury_300x600_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/8472981474830724725/images/ Frame 05C9 111 KB
111 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8472981474830724725/images/avoury_300x600_atlas_NP_1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22627315dd9e5cc05b40fa8bd4b3b714f0c7185988b898b3443c77a2d5216bcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8472981474830724725/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 07:58:16 GMT
x-content-type-options: nosniff
age: 465519
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113750
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:18:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 07:58:16 GMT

GET
H3 200 avoury_always_on_300x250_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/2908843633792309460/images/ Frame 4272 107 KB
107 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2908843633792309460/images/avoury_always_on_300x250_atlas_NP_1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19f4d52a15ded151b47d6c19d9db3f87916caa6cbf3fcf6576a7dea08817303b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2908843633792309460/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 15:51:28 GMT
x-content-type-options: nosniff
age: 437127
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109596
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 08:07:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 15:51:28 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9D07 42 B
64 B 36ms
36ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsseVLVadQv0a1OG4jZq_DFbU5NSIFosugWVo7pi0-Je5tBJTSmwKreGYnEaXIGnz6mAlIvKufAP6vDlNVAYsApXqiy19RjclEOT8dzF1XMf7PtT9iioSg&sai=AMfl-YQjivviaYKhhzUi2wKULVjEYvoR9DogJZZFUytH4hAwN5V6FC-1lsvN7ZXeHNig1k2aOTQukEWOv0l67uUGFPSA6QvDblaptbbdBWTHkty8rFqP1yW5HHLqONqs&sig=Cg0ArKJSzLQrYR6Ys6OcEAE&cid=CAASJeRovYJyLWtbGAlgRtzpTrNp9X2iHWZ9_Z4PI_1bNCOQSizBQNo&id=lidar2&mcvt=1044&p=380,1029,630,1329&mtos=1044,1044,1044,1044,1044&tos=1044,0,0,0,0&v=20220309&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3805234628&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1647278214280&rpt=408&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1D5C 7 KB
6 KB 21ms
21ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0b4164a334505449ed233c85aca0354eda0ebbff127577051582e1fdbba1099

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A15D 7 KB
5 KB 22ms
22ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a425b9e3eb75fe6dfb48037147206c3630b09fed6ae2eb9ce7b9c05e679f3bf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5597
x-xss-protection: 0

GET
H3 200 xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0115 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6df1f67ffd26978bcacb3a3445a713ad2e3bf4992eba3081ad16b64a64e2e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:55:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13756
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 11:55:09 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame A15D 47 KB
47 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:15:47 GMT
x-content-type-options: nosniff
age: 68
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 17:30:47 GMT

GET
H3 200 OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame A15D 47 KB
47 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:04:18 GMT
x-content-type-options: nosniff
age: 757
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47848
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 17:19:18 GMT

GET
H3 200 60005582_20210602065035883_728x090_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame A15D 4 KB
4 KB 10ms
9ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210602065035883_728x090_LOOK-01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

295e968cfad54dc2aada52be23019005be614deeb9e8dec11fe7cf3e1e8df620

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 00:05:11 GMT
x-content-type-options: nosniff
age: 61904
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4170
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 13:50:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 00:05:11 GMT

GET
H3 200 60005582_20210602065039196_728x090_LOOK-02.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame A15D 4 KB
4 KB 10ms
9ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210602065039196_728x090_LOOK-02.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad2bcaea7c91044b59c85100395580a111665d8f90690cfa743e25ba6bd2e9f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:19:31 GMT
x-content-type-options: nosniff
age: 32244
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3990
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 13:50:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 08:19:31 GMT

GET
H3 200 60005582_20210507060843268_Asset_Transparent.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame A15D 2 KB
2 KB 11ms
10ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210507060843268_Asset_Transparent.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17686342995189694464/728x090.html?e=69&leftOffset=0&topOffset=0&c=O7MpZBqofW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:08:17 GMT
x-content-type-options: nosniff
age: 32918
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2040
x-xss-protection: 0
last-modified: Fri, 07 May 2021 13:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 08:08:17 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame A15D 43 B
609 B 36ms
9ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=26952494_4307561_323352014_100511315_-0&ref=26952494_4307561_323352014_100511315_-0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Heusenstamm, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H2 200 v2 Show response
de.tynt.com/deb/ 4 B
202 B 340ms
112ms Script
application/javascript 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?id=w!a9etg89wet&dn=TC&cc=1&r=&us_privacy=1---
Requested by: Host: cdn.tynt.com
URL: https://cdn.tynt.com/tc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: max-age=86400
content-type: application/javascript
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length: 4
expires: Tue, 15 Mar 2022 17:16:56 GMT

GET
H3 200 xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js Show response
pagead2.googlesyndication.com/bg/ Frame 2D77 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6df1f67ffd26978bcacb3a3445a713ad2e3bf4992eba3081ad16b64a64e2e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:55:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13756
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 11:55:09 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 1D5C 47 KB
47 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9999815340063719424/160x600.html?e=69&leftOffset=0&topOffset=0&c=RJrxymZT8r&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:15:47 GMT
x-content-type-options: nosniff
age: 68
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 17:30:47 GMT

GET
H3 200 OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 1D5C 47 KB
47 KB 10ms
7ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9999815340063719424/160x600.html?e=69&leftOffset=0&topOffset=0&c=RJrxymZT8r&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:04:18 GMT
x-content-type-options: nosniff
age: 757
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47848
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 17:19:18 GMT

GET
H3 200 60005582_20211014235440811_APP_iPhone-13-Pro_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 1D5C 26 KB
26 KB 8ms
8ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211014235440811_APP_iPhone-13-Pro_Asset.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59f93c8637fa1e41eb70ab270cc6a5dff7887d9ab040daec1a8fba1e3edc4cd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9999815340063719424/160x600.html?e=69&leftOffset=0&topOffset=0&c=RJrxymZT8r&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 14:16:35 GMT
x-content-type-options: nosniff
age: 10820
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26568
x-xss-protection: 0
last-modified: Fri, 15 Oct 2021 06:54:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 14:16:35 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 1D5C 43 B
609 B 25ms
9ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=26952494_4307561_327349371_165456137_-0&ref=26952494_4307561_327349371_165456137_-0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Heusenstamm, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 17:16:55 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1D5C 17 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 17:16:55 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A15D 17 KB
6 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 17:16:55 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 980A 42 B
64 B 36ms
36ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuIgPKKLnPzIajqTMwRr-O21-ztt7twd_7ziOjDiH0r3lWZHu7FMNWdPwvkp8FAvVgwjJU6C5zDCTxIl5qCoYiz7JZR_OgDLDXQIy-LoLkSJql4HWd74g&sai=AMfl-YScry2B9VFXD5Um7POKA-Vno8sLFW-XUbr3XNyhJGnFbMik1HEqUNw4WGXJ4uy-VJbVmtEy-pdGp6vsAJwyzo_sLENcVrV4fWt9bdUZTH6FwA8N-oed4JxlN_KX&sig=Cg0ArKJSzLS-oBZVJRxPEAE&cid=CAASJeRoqDbqxcHHWbu98RdEhKHcfbvzEuEl4xR0Mup8Z6hvLt4mgkQ&id=lidar2&mcvt=1069&p=775,1288,815,1329&mtos=1069,1069,1069,1069,1069&tos=1069,0,0,0,0&v=20220309&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2601422020&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1647278214294&rpt=510&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 104ms
104ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1647278215455&dn=TC&iso=0&t=HawtCelebs%20%E2%80%93%20Latest%20Celebrities%20Pictures
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 ob_smartFeedLogo.min.svg
widgets.outbrain.com/images/widgetIcons/ 7 KB
7 KB 19ms
19ms Image
image/svg+xml 72.247.225.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_smartFeedLogo.min.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8050f05c230d74be333b63cef230e786094e9100f55fa19c6c0831e95870768d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
last-modified: Tue, 08 Mar 2022 10:17:27 GMT
server: AkamaiNetStorage
etag: "f370d19306add072a726e7f4ade8dc57:1646735223.037249"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 7090
expires: Wed, 13 Apr 2022 17:16:56 GMT

GET
H2 200 achoice.svg
widgets.outbrain.com/images/widgetIcons/ 3 KB
3 KB 20ms
19ms Image
image/svg+xml 72.247.225.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
last-modified: Tue, 08 Mar 2022 10:17:27 GMT
server: AkamaiNetStorage
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1646735198.653837"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2735
expires: Wed, 13 Apr 2022 17:16:56 GMT

GET
H/1.1 200
OK l Show response
mcdp-nydc1.outbrain.com/ 2 B
292 B 364ms
96ms Fetch
text/plain 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-nydc1.outbrain.com/l?token=a4843b0245fee5ad778d78d8b8b55e77_34839_1647278215742&tm=1849&eT=0&widgetWidth=537&widgetHeight=483&widgetX=452&widgetY=1437&wRV=2000636&pVis=1&lsd=-1&eIdx=&cnsnt=no_consent&ccpa=1---&cheq=2&rtt=512&oo=true&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Mon, 14 Mar 2022 17:16:56 GMT
content-encoding: gzip
X-TraceId: 53948f57b5d84bf7ecd02c2d7f1b2d52
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H2 200 streamFeed.js Show response
widgets.outbrain.com/nanoWidget/2000636/module/ 37 KB
14 KB 26ms
23ms Script
application/x-javascript 72.247.225.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/2000636/module/streamFeed.js?e=1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b6a093826b73a379089307af130ef0e0d8c200d7f2bd44669cca3fbc90759bfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
content-encoding: gzip
last-modified: Mon, 14 Mar 2022 11:44:56 GMT
server: AkamaiNetStorage
etag: "c358461fc4b84f1b22803529798aca5e:1647264078.305414"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 13575
expires: Mon, 14 Mar 2022 21:16:56 GMT

GET
H2 200 get Show response
odb.outbrain.com/utils/ 9 KB
3 KB 119ms
119ms Script
text/javascript 151.101.114.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/get?url=undefined&idx=1&rand=98532&key=NANOWDGT01&widgetJSId=SB_1&va=true&et=true&format=html&pdobuid=-1&t=YTQ4NDNiMDI0NWZlZTVhZDc3OGQ3OGQ4YjhiNTVlNzc=&adblck=false&abwl=false&clss=L%2FSMjhDdkq7XwX%2BRwWeeizz0Ydzc0WEdP6334x%2FOJxQitEi5kHeHLaqgoPbXhWpXc2OZ8fqqxSTEYG4z&px=271&py=1035&vpd=0&cw=160&activeTab=true&darkMode=false&settings=true&recs=true&version=2000636&sig=TGe0GbmS&apv=false&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=1&ccpa=1---&ccpaStat=1&ogn=https%3A%2F%2Fwww.hawtcelebs.com%2F
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1201be5a0a663d69d61f230bbe9648b4be392962edc83c1858b94d2bd400929b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, LGA, HHN, Europe1
x-timer: S1647278216.052166,VS0,VE109
accept-ranges: bytes
x-served-by: cache-lga21961-LGA, cache-hhn4073-HHN
vary: Accept-Encoding, User-Agent
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
x-cache-hits: 0, 0
x-traceid: bc09f6b9c66b5c973dbc734ae099e3b3
content-encoding: gzip
content-length: 2879
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 05C9 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 18:59:49 GMT
x-content-type-options: nosniff
age: 512227
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Mar 2023 18:59:49 GMT

GET
H2 200 eyJpdSI6IjMyYjY2YTQyZjNkZDA1OTUwYTY0ZWNhNWExZDFmMTIyNTM1Mjc1OGU3YmI0YWM0NmM5YmNkNzVhMDY5MDE2MDEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 31 KB
31 KB 92ms
21ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjMyYjY2YTQyZjNkZDA1OTUwYTY0ZWNhNWExZDFmMTIyNTM1Mjc1OGU3YmI0YWM0NmM5YmNkNzVhMDY5MDE2MDEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9ed01a61804ca2a4efbc0112199e0c28b0ba6ec3473834126b67324a1fbbbd16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: max-age=1268007
last-modified: Sat, 11 Sep 2021 15:21:37 GMT
x-traceid: 3c7d799c8e1b90f74eb034bf1eca5dec
timing-allow-origin: *
content-length: 31792
content-type: image/webp

GET
H2 200 eyJpdSI6ImY5ZjE3ODQzOTBhOWM5NTU1MzA0Y2ExOTM1OWRjYjM1NWIyY2EyZTIwNTA4MjA4OGZkZjgxMWQ1YmRkZWJiZmMiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 49 KB
50 KB 111ms
41ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImY5ZjE3ODQzOTBhOWM5NTU1MzA0Y2ExOTM1OWRjYjM1NWIyY2EyZTIwNTA4MjA4OGZkZjgxMWQ1YmRkZWJiZmMiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ff09b029f6db35c2ed61a61f8651ca6d1752f1ed164ec057b4e7afad8f365eaa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: max-age=1201251
last-modified: Wed, 10 Nov 2021 11:23:05 GMT
x-traceid: be3f030f05b124c6f7e7ca94fe5a5f01
timing-allow-origin: *
content-length: 50440
content-type: image/webp

GET
H2 200 eyJpdSI6IjNkYTdkNzhkYjMzMWRjMTJhZmJmZTAyMDBiMjExOGVhNmQ5OWJjYjQyOTllMDU2MmQ3NDBhMTQ1ZTMwNzFiZTIiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 35 KB
35 KB 132ms
63ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjNkYTdkNzhkYjMzMWRjMTJhZmJmZTAyMDBiMjExOGVhNmQ5OWJjYjQyOTllMDU2MmQ3NDBhMTQ1ZTMwNzFiZTIiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: bc3909ca4f2103905d31fd63d0267030dd9a393733bf71855fc0466421007862

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: max-age=346268
last-modified: Mon, 17 Jan 2022 19:04:25 GMT
x-traceid: 0f05b40fe0df8d761f3a06179b5d2e29
timing-allow-origin: *
content-length: 35330
content-type: image/webp

GET
H2 200 eyJpdSI6Ijk4ZjJjNDk2OGU4Zjk3NGZhMmEyMzQ0NDc1MjczMWJjOTU4MDBmODhmYzJjNjBlOWJkMTQxMWM0ZjFjNDVjYTkiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 52 KB
52 KB 110ms
41ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6Ijk4ZjJjNDk2OGU4Zjk3NGZhMmEyMzQ0NDc1MjczMWJjOTU4MDBmODhmYzJjNjBlOWJkMTQxMWM0ZjFjNDVjYTkiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 04aaf6970b0998ae69ba77009cbb996e69a775898cfe7aca555a4bcb172183b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: max-age=462490
last-modified: Tue, 26 Oct 2021 12:04:22 GMT
x-traceid: 61fc91ca012f1e52921f2c3be6a0ce56
timing-allow-origin: *
content-length: 52846
content-type: image/webp

GET
H2 200 eyJpdSI6Ijc5N2JhMWNiNmM5MTYzNWIyNDM1ZmMwNTBiYTgzMDk2ZDllOTU3ZTlhYTlhOGUwZmM1MjlkZjRlYjY4NDIzN2UiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 19 KB
19 KB 138ms
69ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6Ijc5N2JhMWNiNmM5MTYzNWIyNDM1ZmMwNTBiYTgzMDk2ZDllOTU3ZTlhYTlhOGUwZmM1MjlkZjRlYjY4NDIzN2UiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d8a2a6bf52cfc77f0dffafd7595fbf538342f311d9c57e1d234257be549d9f11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: max-age=441294
last-modified: Mon, 17 Jan 2022 19:34:15 GMT
x-traceid: fac864feb2dc9b4ac50161d71ef574b3
timing-allow-origin: *
content-length: 19684
content-type: image/webp

GET
H2 200 eyJpdSI6ImFhMWUwYmQ2NGVjYTNkODVmMzRkYjc4MWViNGViMWU1NGMyNjQ0ZGM4MjAyODk3M2JmN2U2MzRkMzczY2I1MWYiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 24 KB
24 KB 138ms
69ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImFhMWUwYmQ2NGVjYTNkODVmMzRkYjc4MWViNGViMWU1NGMyNjQ0ZGM4MjAyODk3M2JmN2U2MzRkMzczY2I1MWYiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 26f4a60ddc9dd208083fe38c46311cc6edc4f398baed850a936a88a54cd35d51

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: max-age=1602288
last-modified: Tue, 02 Nov 2021 07:41:31 GMT
x-traceid: 6ada0449a9b2594cf9f1df7812c9f006
timing-allow-origin: *
content-length: 24326
content-type: image/webp

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 23B9 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?zj04dg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js Show response
pagead2.googlesyndication.com/bg/ Frame 7A67 35 KB
13 KB 19ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6df1f67ffd26978bcacb3a3445a713ad2e3bf4992eba3081ad16b64a64e2e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:55:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278507
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13756
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 11:55:09 GMT

GET
H3 200 charter.woff2
s0.2mdn.net/sadbundle/2908843633792309460/ Frame 4272 53 KB
53 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2908843633792309460/charter.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd81384f187e42628894eed4bb384acd8209a3980c45c3ab285ac154f28bf9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/2908843633792309460/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 14:00:52 GMT
x-content-type-options: nosniff
age: 11764
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54205
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 08:07:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 14:00:52 GMT

GET
H3 200 xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js Show response
pagead2.googlesyndication.com/bg/ Frame 479C 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xt8fZ__SaXi8rLOjRFpxOtLjv0mS66MIGtFrZKZOLkM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6df1f67ffd26978bcacb3a3445a713ad2e3bf4992eba3081ad16b64a64e2e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:55:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278507
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13756
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 11:55:09 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 110ms
110ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1647278215455&dn=TC&iso=0&t=HawtCelebs%20%E2%80%93%20Latest%20Celebrities%20Pictures
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 ob_logo_16x16.svg
widgets.outbrain.com/images/widgetIcons/ 13 KB
14 KB 31ms
30ms Image
image/svg+xml 72.247.225.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_logo_16x16.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c3c89d5295be3c6415416b83a9e4c0fc67a790e55713ddc3f2d0c07185779acf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
last-modified: Tue, 08 Mar 2022 10:17:27 GMT
server: AkamaiNetStorage
etag: "af7be0711fb1cf2f41bb793256c8f148:1646735216.590497"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 13687
expires: Wed, 13 Apr 2022 17:16:56 GMT

GET
H2 200 achoice.svg
widgets.outbrain.com/images/widgetIcons/ 3 KB
3 KB 43ms
43ms Image
image/svg+xml 72.247.225.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
last-modified: Tue, 08 Mar 2022 10:17:27 GMT
server: AkamaiNetStorage
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1646735198.653837"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2735
expires: Wed, 13 Apr 2022 17:16:56 GMT

GET
H/1.1 200
OK l Show response
mcdp-nydc1.outbrain.com/ 2 B
292 B 204ms
91ms Fetch
text/plain 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-nydc1.outbrain.com/l?token=7e7a0fe5817b04dd63c54ad8dfad4028_34839_1647278216109&tm=2105&eT=0&widgetWidth=160&widgetHeight=25&widgetX=272&widgetY=1035&wRV=2000636&pVis=0&lsd=-1&eIdx=&cnsnt=no_consent&ccpa=1---&rtt=246&oo=true&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Mon, 14 Mar 2022 17:16:56 GMT
content-encoding: gzip
X-TraceId: a0ef1ce534115dfd395380070c3ed4fa
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H2 200 get Show response
mv.outbrain.com/Multivac/api/ 70 KB
24 KB 598ms
591ms Script
text/javascript 151.101.114.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mv.outbrain.com/Multivac/api/get?url=%20&settings=true&recs=true&widgetJSId=TF_6&key=NANOWDGT01&version=2000636&apv=true&sig=TGe0GbmS&format=html&rand=16376&pdobuid=-1&osLang=en-US&va=true&et=true&cmpStat=1&ccpa=1---&ccpaStat=1&scrW=1600&scrH=1200&t=YTQ4NDNiMDI0NWZlZTVhZDc3OGQ3OGQ4YjhiNTVlNzc=&winW=1600&winH=1200&adblck=false&abwl=false&secured=true&feedIdx=0&lastIdx=1&lastCardIdx=0&fAB=no_abtest&clss=L%2FSMjhDdkq7XwX%2BRwWeeizz0Ydzc0WEdP6334x%2FOJxQitEi5kHeHLaqgoPbXhWpXc2OZ8fqqxSTEYG4z&dpr=1&cw=537&darkMode=false&activeTab=true&ogn=https%3A%2F%2Fwww.hawtcelebs.com%2F
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/2000636/module/streamFeed.js?e=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7d444f5e9e4af6d781e97880bdf689d841aef88f7f0e0de4420b7e3aac8ceeda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, LGA, HHN, Europe1
x-timer: S1647278216.359193,VS0,VE584
accept-ranges: bytes
x-served-by: cache-lga13621-LGA, cache-hhn4073-HHN
vary: Accept-Encoding, User-Agent
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
x-cache-hits: 0, 0
x-traceid: 28d067f4b008252c9334ec1588045b99
content-encoding: gzip
content-length: 24571
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK widgetGlobalEvent Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 86ms
86ms Fetch
application/json 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=7e7a0fe5817b04dd63c54ad8dfad4028&pvId=a4843b0245fee5ad778d78d8b8b55e77&sid=6155583&pid=34839&idx=1&wId=102&pad=0&org=0&tm=2229&eT=3&cnsnt=no_consent&wRV=2000636&pVis=0&lsd=-1&eIdx=0&oo=true&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:56 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: b7f2e65d660e7cf4a29bbcb61c64d67c
Content-Length: 4
Expires: 0

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 104ms
104ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1647278215455&dn=TC&iso=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FDED 42 B
64 B 35ms
35ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssU-23q0Wi-YHnQvPqzOo-H1yj4zKHSEhuakNlohJUkpWYHnC5xIkR1MtbzBAt4FLGx3O1iY3yiRsEjvZLNrOqTEFDNtBSbR410NTOjzWy6oY1-MI9FWg&sai=AMfl-YR8qTLzlLXrvP2n86mi7yhV1BVU-BSy382c7T0hEvYfYu27Cme4Il_XYrjVmaj6of3pFRL6OQhgpk3VQPkN_USHXP-Q0tuQBe4oT-kWgSvlUHsC5iZ6ibI7VP5c&sig=Cg0ArKJSzGe5gMh332hHEAE&cid=CAASJeRoNacT3WHco9FZFWTWyptOgs_AB0E6iOkzlPi49odtc9_V8kg&id=lidar2&mcvt=1033&p=415,272,1015,432&mtos=1033,1033,1033,1033,1033&tos=1033,0,0,0,0&v=20220309&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=308638017&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1647278214246&rpt=1118&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2393 0
20 B 31ms
30ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1tqKhngvYvIw0t3v9Q_Qk5OwCwAAAAA4AeAEAg&bg=!W1ilWBzNAAb7UztL-1M7ACkAdvg8WlaFPjx8VlE8_AyePqeWfZwq_KVPcWNkVruUqZN4RQmoPOYJswIAAAKfUgAAAAJoAQeZAzkM4yYm8zTvuvPASkJ1lYuET6tGmsM8LIqjmUwAz5G-N3S_u6duX_HWkgYFUB1jnnZFeAePZ0eGiG6OCBfcF_MNOUJsFuzIYsMAGrO7hC6T8Ke9kl9EvOMe93M6qMsHtMRDsB-Z4pBv6vW9mcOIS1_EdEOgApneofHnHSyJBIGsE6-2IamRRlWdqNwkWgz5bJrvT4ewGnq5OBjJ34M49GMlm42mG5ogJ01P1gqRLJM2INjL1MhzcUpJC-pJxyfcyvnaAmWubvA7YIHXntfalg4hXJ6YlkKPZBc11_igXdMohtHSrw8HWMlQ1x4s02XiELmqd87Uxrwh2if31oZGatV6erGOwkFgNS0OrGoj4zzDAi8HrHbIcbpW3gGl2dxogcKzUwmlnX4Ifa9-FxwjK1teea81nL0R4vESPPqlF54sN2AZzbfDrETiQQAOrg6jH9cFg5GWivWxcaLV9EdrmuuLKXBjp1jUSDsXOhNEP9yPGr7TXVIshPCfnEXEzpcBEsv6F5SA1z9X5NYRtav5HUvUIptZ9ER4oGF6C3qdD3PSiFNtzyjEUSWVx6jlk8DFSuAzsV0_05g3SO_zI3D3l0yF0gD_alI8KjD3oRVZiWedjqcc_wBYfDU0rFde01SttHzFi0lQaw3JhU9jOzgAP2xic4XVR03GkCh3cLCOOH7E1DzNTpy7KvzG7_TJ19lWa8VV--uwRxKH2K_t0CLaFyvHMHmiKy6KEJRSDeA_vsPJ61ycZuVUAp4UEI_QBHTBHP9oVnG0ZYyaOfdUFaba7Xp_5GZ6VEy17gVNQdEt-QOEyLkqIdTg9B-z7phi0AXgxZ9mkJRZ0QUJjQiA0gcQ-z3A6881yNgefA8cm6e52c2SSQFxgJKsMb7ZerqoYrVHvq5xF2BntrhvNNx1U7C-dN4jQH2DP53lrKPmLXeR5SbUqI0WcakLK5oSpz2aSguqVPW8tKisqPiJI2AJ3hTbsBo3rmC6wslgUL02MuiCFNAX03f8Lf-HkaZl0TwaHPmG0tT1rWmByXX66pY2y5u1zG4YDQBqnrR9Vje4NKkcDZExQDnCp2gYWfkKC_olGTcWhMr_gDzJheVJ1mw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 571D 0
20 B 33ms
33ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3lK_hXgvYpewPPe17_UP_bqQmA4AAAAAOAHgBAI&bg=!EBOlE1fNAAb7UztL-1M7ACkAdvg8WnDkra_eX94OqOGQ-kiSQQDP0_4cJTf-snjFvutmnYdvUuUEsgIAAAL9UgAAAAJoAQeZAxuwA-fp9ldWe58FvN2u5tsDT1X7S8Uj6XAa4RnwK086HdYZ4f3JGv7RSQjhnFV9oaFOcFDZeDl6YAzToSyZQZdg5eauwams-GQsospqOG5dhcMVEwplUos-Zf1oDfEy8AzrjMQDg0mMFE_ma02-TDT1pw6IWCbQUZb31vFQThpmd15CxZyYpgdV65zipMbX7kC0QfzhY5UP1ToWVspy363bUFovz3fLWN5VoAWS19lTbp6q8HyQYEIoXycu7T2LenuO06twt0WiJwFsLa4lYDB9GUGdSTG8jUeJ7eE_b_tyh39dRP9rg4NxSgnNB8GszXcVJMce_wnKUUQhavIpcUIqPI3TWSXHPL_r9IuHWf1vjNZ__uiOms0NO_e9z3fhH1K6Px2wDgWpvcOBKLhCs6631rfzBl__jVgbsI_ZjOapghtUFsWkpxFa_ROsN3UsPburjfkLElMJ22sH0R9grAhBtr-U0CVy1V-SQokNWqvQpF4FBw18obdQiLN7b22Oh0mgmGscufhOqD6s653vno2mr0hshj1PU2wM-MT1xyq2Iie-pFTs74mXeIhOQC6TNlTJRQDGyEPRD8sNsAeYhjvSYvvh5UV4HJo-_w4QFXx-wRb_XMnux_Ax9gD4hV8RDkWQLwmriHKlpxV7Yqf1XFty2Cdqt1if3bv8lYzwEyw2AjJr47vE2cFMyi-VL7bQWbTgxdlPIelk9YKGGUl68UP84Z1h6FDeoKV1OPGS8W9x1UK_U5pOXt6jeVli4J3IOQPVxu4bptjUNg-F3V_jLi9mQOI1C28N5BxDaQPDGcS-EhopFgsiS3nQNj3qpdMRwox6VQZhsf9iCC19vMgF1yTm7_Q7Uyyt_iLSTIpjtL3teMGfibE_2rs17gtf2sBK-L4PVcmlSa6nWVC6yAmNu-7CmH5cRtQwd-S9cKSJjXe9CIQ6Oi2eEyaeSqK73HTW53t1Qi1Q4BAwb2hPZ-PwBcNo_jM29WHOrsNk8yuhuYWddHpsXptUni4nU8cvMLGvPJJUDNqQn0cQI4aRAZvcQArJYmhQKvq6h_MO9p4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0115 0
20 B 32ms
31ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BzaZWhngvYp6NHPmLjuwP3oua-AUAAAAAOAHgBAI&bg=!_P-l_7vNAAb7UztL-1M7ACkAdvg8WqScyxcXVDtzdO0uDwTFcacCKv1pb0anY4aszHQ1aDJeYlafhgIAAAHVUgAAAAJoAQeZA3aabr5je8n7pAqheFzgR3S5Z0x9TLtYO8o0btTx78pTemDbou5Wb3wJC6Hjs6QkSMPHqpegVV8yQSuHgM93hf6R4HqzyA7uRSpPEQekMEERVgjPobvVY1NiwKqo2TWfBLMDGbbctqXYRdShGViYBlBVbajs-P2cvqzPksZcz59Oe_0j5k6QuEWOtMKyibl-5I-ZKsALfMqKzUUI0-FIrR2l54uJ4hGTO2hMhr_gbgq2n9KtgufRvfe7QCkFVZWxmYd9X7gngB9zqN9i-qveKfLk7FmylpTOiIxT-_6hIQ_WnvVYhQIBi5WafpXfj_9UkmbsiuZr_jsWdtM4J4H_jmd4WCQJYzHhd0TwGmJobmfbUhIn1FtPAcVLAX7q1n4otzmRg1Apy02FUxw9ZcVgI_HHi7ee9V0lgA9kKwL1ET0Bi1XpZos7OWRaLNj8wUA4dc7G_eYy9oUdrVQqIStZj9tcpcpGYgVnGe_aU9Y6PbcJ9AyphOa_KkFajdXsDerOp02mC5KWgcS0KrCgUnfRvthdRerK0-UAQd6mouvxlfmyj-h5_asi4pFb7FAkUv121gdd8H6x5UFMnYc00ydGwQX_Yf0CcbLsvEVxpMzWGZmzpHgxvaRpbrcUu28B6V2nP4tuVaJFFsMBwFZJ6230yMapcDuD0hm6AJBeD2tvGW-q2u5ZMCDzHCNYUev7Pf7qd1tnOVPc0iP62Z5_B-mPLYEovXkq_vVwCDd7HuomTXPge7R_CT8Nspm7zSnGr6wc7DOtX5inQ_Q5KpcxwI4KdTveHFwIDrSHuqDH3OzmYy7uA__VwpDxbc7X8AYfHaBzog4swRDFePmoU7VnFq4LdXu_ur1ZlbBsqxgWoxFQHYYiZtJgVh1ciW0lCiZSgC_VRVToeqL0gH97sD7mbDIDHuYt9HRkg33R-mZZcQ1MIrtx1mlCr2tXvGpPiOY9NrADF9hWtvqCoL6n4X5_g9FE0XOUzyYj2-wrqj2FMwWKc0zUR4Eg9uo9sHXRVfuTlr0TrSV_u-BT1R8QMbgsrobp4OvCC9X8URg4Yzeppxze_oVk_TocIU1Q-6cMPJrYNUsqKNtm4L7kOnyFeKFmxhZkt3lmUyU0Wls-elqnUM94RKiY7RsnZPyi55c9Ibpnm6zL82D2julu1wHyj6_i45TgtVxQUfW8v__c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 107ms
107ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1647278215455&dn=TC&iso=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2D77 0
20 B 32ms
31ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Br6JshngvYqSuHIva3gPxm7qgCAAAAAA4AeAEAg&bg=!a2ilaCzNAAb7UztL-1M7ACkAdvg8WmWFOB_KIQNYaUz6RomdRl3RGXvBaRUzcSdCeZ3zYpYQ9Hr4kgIAAAHQUgAAAAJoAQcKACgM96py_RTGW0cQjPC2TvpMTTjNC3uwYVqfOHRwhVjQJ22LtLGVBXgOmQMwV5zn09JaQ22VwDjBgSjI-IR6KCyDJ_1eL-LkFE44S6HncP0bKQygFDL6UNIDDET0mz6gLDVqfNGv4wtZaA9fn4zWUu67SP_ynJ0KRt6J--ZHxhVnLIeHfU9ZsZU4oGG4vzU0z_6dGQQA2j7XhYx4WekCuC240LkY-9AVuVsWbRRd6FfXnU1gdradmdmMZ_vVndOjS3SfmlA9s62IjIgZMdQg-J081wgi1UylUP4ktLlbGGCtxbXZnIq4qv0nQjwyh6XLQhFlCmbIOUl1HdRn6wgS2EdRJKrEEExHFYGqKEPyMLE3xHDhtXDEy-xOygAei2rV5_6Atv_2qxiKGNNVsl2EGK0geQwY8NUT4fD38T_KV2_aFgWMZNBqjeDjAUO8DfzJExrt2daJ_OAAbo_A-yRyJLBScG-NeeSpgJVWtp2TrrKsC2-AF9E6K7k0PSCx0dw02TKNNumu__26CVOmU-dnlST5_cotAJHW3FB_oTaeJbDxNCmqNq_KgwNA_zyrWQoFacIU1G9CnF-03_heK4CobpQBF5xrYfFQCcUjJqeTDfwZH0PGqnPGCvauipIstu17zH9-Cxy_x9Y1T9MwQP2w1BDyMzk5czO7OAtcVz8IQJgLGvxaZF9OGOYp1GY8bUlUuw7tndK40R8SBL-fXC5B0g-tpFEmOHMrC5D9P_LtVSTFzognFIqsIKIda2Ocf6I1wQUfmMLqR0YaSkHyHU-mjR-eD98BXwVlaVJIXToaECSQ0FYzYXk6WO9oDDWb2i0YyEcGJIo4ZN9BJW1SmdZ9MPjoUMdKUDtbRNygBEHjyGkX2FJD3GrbJ-ZUUAzlCfSuR12aXK4d2wFBasPTJNF6gwOyEr8ihIKoXvjN9TNhWPzbE0qFDIIBtWi69yWCGB8Vy0HV5gaSX7BL20eLfauuyDx9L93tOfaMcSn2cWWbpWpnJb4kR0wFXuY2NnitJyjReybtm7codemzDIU1mE7bPRRmwmsIfwHkSgiX3YC0OGZwKiNHQFU1Ex2E_ti7q-O81CyOaGZDWagDUmaDtlJrDBCSnPUx5PLLMkJPFZVPpbbJnSqq3cBWm1YT_suE

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 104ms
104ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1647278215455&dn=TC&iso=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 30ms
30ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030901&jk=1938207847620433&bg=!EBOlE1fNAAb7UztL-1M7ACkAdvg8WiK_hdd-uqWlfi1UjCHB-5iqdSMSKThq1tYA-7BWiX3LqjnMYQIAAAJKUgAAAAloAQcKAI1qoIgmkDakU7qJnU-ElmP0sPKm5S_svK0jka_Jdw7u_Fa9KYTFgayeAHovDSl24s_--JxHB7QASwDO0nxr995NblE3FxWfmJyjw7qeKuvZlYULY9PsSfY-1Y9S8TdsZWgUWTUvBF0aDE5LwIpLgJbBw5JWz6CtfK39DnPQIMRtFE8myqoGwRzu4-pleYqZAtN8WVJhq62crJ_UbuzC9k2QBst26pcv-8OWhMb-bvWnPzdenu5zVkFEQ-3RB9FCAToyDChatRQX93KQs49d_IoLooAQtiEVu8_KCQO4R9RQ8u_yPRQXzCLIiWHIRQLo40QvLbhT4jYXZ3y8ZcIa1hHJ8pqGwNe-4bXpvyOHGt2DiljwCYf-NMYJx-StV8_q02mfQSHwefsRVeq1ngpRlnFV0ccNlGv0fT7ROJ8F1AKs05z2eyY-Up9Wyutp3eiWZGCOGHN9b4NPyLbIHUVq23aUbPGKvOQgqexW_4DPn1WjRpI81Cf22T8dUlbkVk5KYIPrTq_2ArNCd2vEnk5e4GpoKIZX0Db4Tr51FUL0MgX6GyvGseEAeKeoi5Or9LXqIyGvKA6ychuUZFj95Xf5r36yzgKoVMuSijKhtEN3gvDTkyyNaTdqStlW-DK-S6JEK74U_CpOVi4SOphvholnGBZpVEf59Wbducd4LuY71mtPsE7eeR0Gq7LMOJ7Wtnq7GiAyebxD-t6hU3Bhsf9eQJCw4z_kyUtlRrs8ndpwfsW-1ZTYQHVHfGKtHyL32Jo5Yn-ygMevF6k-qgcjweD0uracuFPaPEOW8xsro3SxKtVxUhksCzE1iJ-iI8yOZdqrd7wQTA1u8JMXCCj6E_-lu8jIiSCWK_ycXxB15Mt0Z4EnoRRYlO6zT_NzcrNbLL-it-55CXunizbDqwISP8lZFZW9QUayVtTpW23bT7SwNmQ4_NEzjHCG2F_WhHJFncdJthAkReO9AxloYqoIcG57p35Ufa_8vKh6H6UT2YqW3qYCjYy82z69wFBUITbFblRyrEX7wNyliUJuUoazeoPenmcTSlo8WOuy6gURo-amO-ZkQgUO4UWVMLOtI2GhPbCFTI9CzB20mdI_d-IOpXCVW1q7w4D0Q6spmiTNFvheTJJj13Pkp8pKHDmDcb1mnwE6YfTijJM

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 17:16:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 104ms
104ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!a9etg89wet&lm=0&ts=1647278215455&dn=TC&iso=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 singleAnimationOnFeed.js Show response
widgets.outbrain.com/nanoWidget/2000636/module/ 503 B
667 B 20ms
19ms Script
application/x-javascript 72.247.225.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/2000636/module/singleAnimationOnFeed.js?e=1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4b42ee80488279923ea5542d128ea4df0a864c326b603d43a6dd496a7ec6bb11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:56 GMT
content-encoding: gzip
last-modified: Mon, 14 Mar 2022 11:44:56 GMT
server: AkamaiNetStorage
etag: "bfcb75bacc214bf6c2f59d0681e3768b:1647264073.516968"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 338
expires: Mon, 14 Mar 2022 21:16:56 GMT

GET
H/1.1 200
OK l Show response
mcdp-nydc1.outbrain.com/ 2 B
292 B 92ms
91ms Fetch
text/plain 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-nydc1.outbrain.com/l?token=f2afb0e28625939a70fe8c8391e68eac_34839_1647278216707&tm=2787&eT=0&widgetWidth=537&widgetHeight=467&widgetX=452&widgetY=1935&wRV=2000636&pVis=1&lsd=-1&eIdx=&cnsnt=no_consent&ccpa=1---&rtt=621&oo=true&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Mon, 14 Mar 2022 17:16:57 GMT
content-encoding: gzip
X-TraceId: b45e606db5d0bd3074bbe76f9f4a1de6
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H/1.1 200
OK l Show response
mcdp-nydc1.outbrain.com/ 2 B
292 B 91ms
90ms Fetch
text/plain 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-nydc1.outbrain.com/l?token=db2537686a3ac2537d8ba40ba942bcc0_34839_1647278216538&tm=2794&eT=0&widgetWidth=537&widgetHeight=278&widgetX=452&widgetY=2417&wRV=2000636&pVis=1&lsd=-1&eIdx=&cnsnt=no_consent&ccpa=1---&rtt=621&oo=true&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Mon, 14 Mar 2022 17:16:57 GMT
content-encoding: gzip
X-TraceId: 66bc338a46f192b0e21384d1077fc5c6
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H/1.1 200
OK l Show response
mcdp-nydc1.outbrain.com/ 2 B
292 B 183ms
93ms Fetch
text/plain 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-nydc1.outbrain.com/l?token=ba61a967d52199245b99d45651549447_34839_1647278216884&tm=2796&eT=0&widgetWidth=537&widgetHeight=504&widgetX=452&widgetY=2710&wRV=2000636&pVis=1&lsd=-1&eIdx=&cnsnt=no_consent&ccpa=1---&rtt=621&oo=true&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Mon, 14 Mar 2022 17:16:57 GMT
content-encoding: gzip
X-TraceId: 117ca33e4dd9f7b89545c2360d21e8ef
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H2 200 get Show response
mv.outbrain.com/Multivac/api/ 19 KB
7 KB 251ms
251ms Script
text/javascript 151.101.114.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mv.outbrain.com/Multivac/api/get?url=undefined&settings=true&recs=true&widgetJSId=SB_1&key=NANOWDGT01&version=2000636&apv=true&sig=TGe0GbmS&format=html&rand=74083&pdobuid=-1&osLang=en-US&va=true&et=true&cmpStat=1&ccpa=1---&ccpaStat=1&scrW=1600&scrH=1200&t=YTQ4NDNiMDI0NWZlZTVhZDc3OGQ3OGQ4YjhiNTVlNzc=&winW=1600&winH=1200&adblck=false&abwl=false&secured=true&feedIdx=1&lastIdx=4&lastCardIdx=0&fAB=no_abtest&clss=L%2FSMjhDdkq7XwX%2BRwWeeizz0Ydzc0WEdP6334x%2FOJxQitEi5kHeHLaqgoPbXhWpXc2OZ8fqqxSTEYG4z&dpr=1&cw=160&darkMode=false&activeTab=true&ogn=https%3A%2F%2Fwww.hawtcelebs.com%2F
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/2000636/module/streamFeed.js?e=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1e0791ef46a4575157dfe9943ddfa83b86c8f12afc39cd22e4832953c2e76ad3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, LGA, HHN, Europe1
x-timer: S1647278217.989975,VS0,VE243
accept-ranges: bytes
x-served-by: cache-lga21967-LGA, cache-hhn4073-HHN
vary: Accept-Encoding, User-Agent
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
x-cache-hits: 0, 0
x-traceid: 7d2f69af5cf8908ede153279b00ef168
content-encoding: gzip
content-length: 6934
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 eyJpdSI6IjUzMjZlNWNjYzQ1YTNkMzcxYjRlYWM0ZjdjMzdiZGFiZjM0NjFiZWQwN2Q2NTFiN2I3MDQ1ZDliOWJjODlhNGQiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 80 KB
80 KB 29ms
22ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjUzMjZlNWNjYzQ1YTNkMzcxYjRlYWM0ZjdjMzdiZGFiZjM0NjFiZWQwN2Q2NTFiN2I3MDQ1ZDliOWJjODlhNGQiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 24adb439b0f28b7b970b43659eadb1098d67bdc104bd290a7afbf9ca2ee6ac0a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=1053234
last-modified: Wed, 07 Apr 2021 17:10:23 GMT
x-traceid: 21f2c6e9c33078c91720d02451dbc95c
timing-allow-origin: *
content-length: 81970
content-type: image/webp

GET
H2 200 eyJpdSI6ImM2MWE0YzlkNDYwMmYxYTdmNzA3MjZhNmFmMzQ3OTE5ODdiMjJmNDg4Mzg3ZjBlNGNhNzRkNDZhYWY0ZmRjOWMiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 63 KB
64 KB 32ms
25ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImM2MWE0YzlkNDYwMmYxYTdmNzA3MjZhNmFmMzQ3OTE5ODdiMjJmNDg4Mzg3ZjBlNGNhNzRkNDZhYWY0ZmRjOWMiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5e1a182118d081aff2c2bf7ca06d3efd9e452e0a7cdf29807149c07e179be3e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=1401461
last-modified: Wed, 02 Mar 2022 09:26:47 GMT
x-traceid: e0231dc109ba7f7c79413e72e0b8a15d
timing-allow-origin: *
content-length: 64948
content-type: image/webp

GET
H2 200 eyJpdSI6IjU1MWI4OTU5Y2Q2ODA1YTRjYjNlYWVkODU2ZjYwMWU0ZTA1NTE0ODYwZWRhMGZiM2E3OWRmYTE2MmUzNWQ5Y2YiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 60 KB
61 KB 35ms
29ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjU1MWI4OTU5Y2Q2ODA1YTRjYjNlYWVkODU2ZjYwMWU0ZTA1NTE0ODYwZWRhMGZiM2E3OWRmYTE2MmUzNWQ5Y2YiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 94456b37baff6add06fda371cb8246ee8c56797b1f2fba7ab93fb152f617477c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=2076044
last-modified: Mon, 17 Jan 2022 19:33:35 GMT
x-traceid: 0b98ed4d22e28a748516a35aa12e5f19
timing-allow-origin: *
content-length: 61898
content-type: image/webp

GET
H2 200 eyJpdSI6Ijg0Y2UwYWI5NmY2OWQ0Yjg2MWJiZWU1YzEyNDMyZjYwNjdhYTY0YThlMzg2ZjVmNDliZjVkZjQxODE0ZWQyMmUiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 36 KB
36 KB 39ms
32ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6Ijg0Y2UwYWI5NmY2OWQ0Yjg2MWJiZWU1YzEyNDMyZjYwNjdhYTY0YThlMzg2ZjVmNDliZjVkZjQxODE0ZWQyMmUiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d1c53b6225a090086638d7d7f92c55374ec9ca4952c10dc6007d56c1a7b2a329

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=352669
last-modified: Mon, 17 Jan 2022 19:40:39 GMT
x-traceid: 82801836f7a325fc0f3d61ceb0721b3d
timing-allow-origin: *
content-length: 36860
content-type: image/webp

GET
H2 200 eyJpdSI6ImVhODhjMGNmYzJlYWQyNjNiZDQ0MWZlM2EwMjM1YTliNDhlYmU1Y2FjY2U0NTZlMjE3NjcwNjdkYjQ4YWE2MzAiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 23 KB
23 KB 47ms
40ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImVhODhjMGNmYzJlYWQyNjNiZDQ0MWZlM2EwMjM1YTliNDhlYmU1Y2FjY2U0NTZlMjE3NjcwNjdkYjQ4YWE2MzAiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 748f6dbc5a2d9cacb2a44b7b7f9e859ba7d6f90228ab28faa8202cded1e441c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=343116
last-modified: Mon, 17 Jan 2022 19:04:25 GMT
x-traceid: 9fd906ce49de5bec287763b3169d8dee
timing-allow-origin: *
content-length: 23086
content-type: image/webp

GET
H2 200 eyJpdSI6ImVkMzM4YTU2NWE4MzE3N2M3YjFmZDY0ZWZiY2E5MTIxODBkZmU0YTMzYjMxNWFjZThkZGU1NDdkZWJiOTBjN2EiLCJ3IjoxMDksImgiOjEwOSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 12 KB
12 KB 47ms
41ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImVkMzM4YTU2NWE4MzE3N2M3YjFmZDY0ZWZiY2E5MTIxODBkZmU0YTMzYjMxNWFjZThkZGU1NDdkZWJiOTBjN2EiLCJ3IjoxMDksImgiOjEwOSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6798e315e5467cd95e8a59837beba825dd5ef10db0378c2cdcb6257d209c5c21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=2283434
last-modified: Tue, 04 Jan 2022 15:26:18 GMT
x-traceid: 1dc5a02dbab96192e7bea5d9870f9a72
timing-allow-origin: *
content-length: 12408
content-type: image/webp

GET
H2 200 eyJpdSI6IjBkYWIwZDVkZGIyMzBmZWFlZTI2MjMwZmMzMWJhNDUwYjMxYzRkZWI5MDFmY2Y2ODljMGQxOGYyZWE5Mzg5YzEiLCJ3IjoxMDksImgiOjEwOSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 4 KB
4 KB 48ms
42ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjBkYWIwZDVkZGIyMzBmZWFlZTI2MjMwZmMzMWJhNDUwYjMxYzRkZWI5MDFmY2Y2ODljMGQxOGYyZWE5Mzg5YzEiLCJ3IjoxMDksImgiOjEwOSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 828aa352982fffb369228a035fe40f4623eef83ca4e5eaae6c23396da3ae9569

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=28915
last-modified: Mon, 17 Jan 2022 15:57:59 GMT
x-traceid: ca83283d936ba2d1f3c3e1df20ab2735
timing-allow-origin: *
content-length: 4306
content-type: image/webp

GET
H2 200 eyJpdSI6IjQ1YjMwNWVlYzU2Yjc1OGYxMDEyMjNlN2M5MTBkN2FiMGIxYTNjZDA0YzQ3ZGEzN2FmN2RkMGI1N2M5Nzk1MjgiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 33 KB
34 KB 46ms
43ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjQ1YjMwNWVlYzU2Yjc1OGYxMDEyMjNlN2M5MTBkN2FiMGIxYTNjZDA0YzQ3ZGEzN2FmN2RkMGI1N2M5Nzk1MjgiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: cd31322c05222cfccb893f37743a28cc59d2719de472f23dec7f7ff39d9bce94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=436697
last-modified: Tue, 28 Sep 2021 12:48:48 GMT
x-traceid: e660f9ca4e9415d4ba36dac8a9b0e909
timing-allow-origin: *
content-length: 34132
content-type: image/webp

GET
H2 200 eyJpdSI6IjI2NDc3ZGUyMWM0OTdkNWZlYTVmZTMyNjhhYmVhYTE1YzIzYzE5MTdhODZhODljYTFlYmM2N2E3M2U4ZDgwNzAiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 52 KB
53 KB 46ms
44ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjI2NDc3ZGUyMWM0OTdkNWZlYTVmZTMyNjhhYmVhYTE1YzIzYzE5MTdhODZhODljYTFlYmM2N2E3M2U4ZDgwNzAiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b75ec258347ba7b30d793ebf28bca27c101e3f657ea121496d752e7410de50b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=1225471
last-modified: Mon, 28 Feb 2022 09:37:00 GMT
x-traceid: 31988bc219a165e21ce12be61c069e90
timing-allow-origin: *
content-length: 53744
content-type: image/webp

GET
H2 200 eyJpdSI6IjNiYmNhZTdhMDI3YjQ1ZDgxNzczMGJlOTMyZTVhMmZlYTczNWU3MDE3NmUwYzUyOWMzYjAwZTMzMjQ5NzQ4YWQiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 22 KB
22 KB 46ms
45ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjNiYmNhZTdhMDI3YjQ1ZDgxNzczMGJlOTMyZTVhMmZlYTczNWU3MDE3NmUwYzUyOWMzYjAwZTMzMjQ5NzQ4YWQiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 37c09362a8d0069f2d7a345364491aa69c36005e6ef8cd27457b63d3250393b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=909784
last-modified: Fri, 25 Jun 2021 07:53:12 GMT
x-traceid: 1aa4832e3d8f04df4517f66200f9803c
timing-allow-origin: *
content-length: 22786
content-type: image/webp

GET
H2 200 eyJpdSI6ImRjZGIwNWZhYjEyYTNjYzViN2UyNWU5ZjQ5MDk0MWRkODRiZDI4YzZjYmUwYmI3NmQwNzgwMjRiN2JmNDVmN2MiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 35 KB
35 KB 46ms
45ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImRjZGIwNWZhYjEyYTNjYzViN2UyNWU5ZjQ5MDk0MWRkODRiZDI4YzZjYmUwYmI3NmQwNzgwMjRiN2JmNDVmN2MiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 890152ed42ff1692eec41047de26e222c87f0f2c9eb81a9ca160ec0e67307b24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=945817
last-modified: Sun, 28 Feb 2021 04:49:33 GMT
x-traceid: 79875cabc7c47935cb51312445f312ef
timing-allow-origin: *
content-length: 35602
content-type: image/webp

GET
H2 200 eyJpdSI6ImRlNWViYzllNTMxODY4NGRkZDkzNTQwYjFkZmU2NWUyZjgzN2NiYzIxMzA0ZTg3YTRjYTU2Y2U5N2Q4NDU5MjAiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 14 KB
14 KB 47ms
45ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImRlNWViYzllNTMxODY4NGRkZDkzNTQwYjFkZmU2NWUyZjgzN2NiYzIxMzA0ZTg3YTRjYTU2Y2U5N2Q4NDU5MjAiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 95d0c9d48ebe6dd293a8a4e81ea7783de252f6ed650c6d671337035a49a609d9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=2107772
last-modified: Thu, 10 Mar 2022 14:43:38 GMT
x-traceid: 32a4d93bed01b533f39837f2493dacfd
timing-allow-origin: *
content-length: 14544
content-type: image/webp

GET
H/1.1 200
OK l Show response
mcdp-nydc1.outbrain.com/ 2 B
292 B 92ms
91ms Fetch
text/plain 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-nydc1.outbrain.com/l?token=4f3a56e94bb2fe3c72630ef2405ed28a_34839_1647278217170&tm=3062&eT=0&widgetWidth=160&widgetHeight=198&widgetX=272&widgetY=1060&wRV=2000636&pVis=1&lsd=-1&eIdx=&cnsnt=no_consent&ccpa=1---&rtt=255&oo=true&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Mon, 14 Mar 2022 17:16:57 GMT
content-encoding: gzip
X-TraceId: 6833f40abc1dd20eb2443bba8306db5f
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H2 200 eyJpdSI6IjM5MWYxZjdmOWY0NDNkYWRjZmIyOWMzMjRkMjQ4ODllODQyN2QxYTg0MmM2NzMyMTkyYzRkNDQ2Y2UzMTM0MzAiLCJ3IjoxMDksImgiOjEwOSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 7 KB
7 KB 32ms
32ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjM5MWYxZjdmOWY0NDNkYWRjZmIyOWMzMjRkMjQ4ODllODQyN2QxYTg0MmM2NzMyMTkyYzRkNDQ2Y2UzMTM0MzAiLCJ3IjoxMDksImgiOjEwOSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 896c56e97a8025718fdd522311093c9c012b099512b2df342e32bb2c9bfe4675

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=1846065
last-modified: Mon, 31 Jan 2022 16:13:57 GMT
x-traceid: eda27298e7a5ebf3348b11484e126297
timing-allow-origin: *
content-length: 6902
content-type: image/webp

GET
H2 200 eyJpdSI6IjA5M2YwMDI1ODkyZWIyOTU3ZDA2NDQ1N2IyMjkyZmJiODExMzkxMTZjMDI5YTMyY2MyNjEyNDAxMDRjNDk3ZGYiLCJ3IjoxMDksImgiOjEwOSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 7 KB
7 KB 31ms
31ms Image
image/webp 104.107.161.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjA5M2YwMDI1ODkyZWIyOTU3ZDA2NDQ1N2IyMjkyZmJiODExMzkxMTZjMDI5YTMyY2MyNjEyNDAxMDRjNDk3ZGYiLCJ3IjoxMDksImgiOjEwOSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.205 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6eda4e0eb6871a7cd0c9f55262aff826a2833a448ced5777c261b19b40e8b87a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:16:57 GMT
cache-control: max-age=2122702
last-modified: Fri, 14 Jan 2022 13:16:47 GMT
x-traceid: 4a02d3adacc42f3d1def13b09c8bc395
timing-allow-origin: *
content-length: 7108
content-type: image/webp

GET
H/1.1 200
OK widgetGlobalEvent Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 91ms
91ms Fetch
application/json 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=4f3a56e94bb2fe3c72630ef2405ed28a&pvId=a4843b0245fee5ad778d78d8b8b55e77&sid=6155583&pid=34839&idx=5&wId=1995&pad=2&org=0&tm=3087&eT=3&cnsnt=no_consent&wRV=2000636&pVis=1&lsd=-1&eIdx=1&oo=true&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:57 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: bbe6a790023bbe04aeee42f510f1a2ba
Content-Length: 4
Expires: 0

GET
H3 200 charter.woff2
s0.2mdn.net/sadbundle/8472981474830724725/ Frame 05C9 53 KB
53 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8472981474830724725/charter.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd81384f187e42628894eed4bb384acd8209a3980c45c3ab285ac154f28bf9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8472981474830724725/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 15:29:36 GMT
x-content-type-options: nosniff
age: 6441
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54205
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:18:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 15:29:36 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 05C9 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 20:07:55 GMT
x-content-type-options: nosniff
age: 508142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Mar 2023 20:07:55 GMT

POST
H/1.1 200
OK log-viewability
log.outbrainimg.com/api/loggerBatch/ 4 B
325 B 348ms
86ms Ping
application/json 64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/api/loggerBatch/log-viewability
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer: https://www.hawtcelebs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 17:16:59 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 15808c5d47446051ccd99d164d8b1370
Content-Length: 4
Expires: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
364 B 52ms
51ms XHR
application/javascript 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=hawtcelebs.com_native_multi_native_under_related&e=ufp&dsReferer=aHR0cHM6Ly93d3cuaGF3dGNlbGVicy5jb20v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v14.1.1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hawtcelebs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nf-request-id: 01FN1KST5034BXX96TPH6J4N1J
date: Mon, 14 Mar 2022 17:17:00 GMT
cf-cache-status: HIT
age: 2199019
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "1e7512eab4ec94e546e05bc6561a8453-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 6ebea90c3f7023af-ZRH

Verdicts & Comments Add Verdict or Comment

160 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
live.demand.supply/	1970-01-20 19:05:50	Name: demandSupplyTi Value: 089ae12c-dd6d-4d0b-9be0-b8a928dcf704
.udmserve.net/	1970-01-20 10:20:14	Name: dt Value: 0254BE79-2328-3B42-9B70-AC56EC94AC58
.adnxs.com/	1970-01-20 03:44:14	Name: uuid2 Value: 3472600796129444925
.pubmatic.com/	1970-01-20 01:36:04	Name: KTPCACOOKIE Value: YES
www.hawtcelebs.com/	1970-01-20 02:17:50	Name: udmsrc Value: %7B%7D
.pubmatic.com/	1970-01-20 03:44:14	Name: KADUSERCOOKIE Value: DAAE9D44-C119-429E-9A46-16C045761FB7
.quantserve.com/	1970-01-20 11:04:52	Name: mc Value: 622f7885-bc828-1f0c5-cc37e
.hawtcelebs.com/	1970-01-20 10:59:07	Name: __qca Value: P0-2103239629-1647278213761
.pubmatic.com/	1970-01-20 03:44:14	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-20 01:36:04	Name: pi Value: 156505:3
.udmserve.net/	1970-01-20 03:44:14	Name: apnid Value: 3472600796129444925
.doubleclick.net/	1970-01-20 10:56:14	Name: IDE Value: AHWqTUkZTxJo01CD9qqBqaQswuIMrjZKTB1WqKFXz1UiZ3JCmLiiv-kdEd-v5w-UpTs
.technoratimedia.com/	1970-01-21 21:22:38	Name: tads_uid Value: GDPR
.hawtcelebs.com/	1970-01-20 10:56:14	Name: __gads Value: ID=d2d7a67de5f87c40:T=1647278213:S=ALNI_MY2QFQpu_cVrH0UVauUgQd-IJ8Wew
.udmserve.net/	1970-01-20 03:44:14	Name: pmid Value: DAAE9D44-C119-429E-9A46-16C045761FB7
www.hawtcelebs.com/	1970-01-20 10:20:14	Name: HstCfa1890596 Value: 1647278214373
www.hawtcelebs.com/	1970-01-20 10:20:14	Name: HstCla1890596 Value: 1647278214373
www.hawtcelebs.com/	1970-01-20 10:20:14	Name: HstCmu1890596 Value: 1647278214373
www.hawtcelebs.com/	1970-01-20 10:20:14	Name: HstPn1890596 Value: 1
www.hawtcelebs.com/	1970-01-20 10:20:14	Name: HstPt1890596 Value: 1
www.hawtcelebs.com/	1970-01-20 10:20:14	Name: HstCnv1890596 Value: 1
www.hawtcelebs.com/	1970-01-20 10:20:14	Name: HstCns1890596 Value: 1
.hawtcelebs.com/	1970-01-20 19:05:50	Name: _ga Value: GA1.2.2123515482.1647278213
.hawtcelebs.com/	1970-01-20 01:36:04	Name: _gid Value: GA1.2.1313498691.1647278214
.hawtcelebs.com/	1970-01-20 01:34:38	Name: _gat_gtag_UA_10995097_8 Value: 1
.casalemedia.com/	1970-01-20 03:44:14	Name: CMPS Value: 3236
.spotxchange.com/	1970-01-20 10:20:18	Name: audience Value: 8be607de-a3ba-11ec-946d-1dbc55590206
.casalemedia.com/	1970-01-20 10:20:14	Name: CMID Value: Yi94htiYWvIqpHdq4z.wIAAA
.adnxs.com/	1970-01-20 03:44:14	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hc!ppC<F!@wnfH8K6pQK`!5=E<L5?%K56(Ed0mcD$$`-4_k5/0%11+W:yAjT3FmQL'b%nugO%v4VB%no!D85dl
.pubmatic.com/	1970-01-20 03:44:14	Name: KRTBCOOKIE_80 Value: 22987-CAESEAsqrBJCAsYTMZZXoyWb6Ds&KRTB&16514-CAESEAsqrBJCAsYTMZZXoyWb6Ds&KRTB&23025-CAESEAsqrBJCAsYTMZZXoyWb6Ds
.pubmatic.com/	1970-01-20 02:17:50	Name: PugT Value: 1647278215
.casalemedia.com/	1970-01-20 03:44:14	Name: CMPRO Value: 1147
.casalemedia.com/	1970-01-20 01:36:04	Name: CMST Value: Yi94h2IveIcA
.bidswitch.net/	1970-01-20 10:20:14	Name: tuuid Value: 180084ab-c94d-4fa8-8c13-4cc971278b94
.bidswitch.net/	1970-01-20 10:20:14	Name: c Value: 1647278215
.bidswitch.net/	1970-01-20 10:20:14	Name: tuuid_lu Value: 1647278215
.casalemedia.com/	1970-01-20 10:20:14	Name: CMRUM3 Value: 2d622f78872760CAESEGZ8ZbX7lUg-B4zhwgPdZ7U
.simpli.fi/	1970-01-20 10:21:40	Name: suid Value: 665070C465D24970A99603A500FDBDBB
.pubmatic.com/	1970-01-20 03:44:14	Name: SyncRTB3 Value: 1648425600%3A220_21_13
.pubmatic.com/	1970-01-20 03:44:14	Name: chkChromeAb67Sec Value: 4
m.exactag.com/	1970-01-20 03:44:14	Name: exactag_new_gk Value: 28b62b3a541e49e2ad51560dc4b2c84b%7c13.05.2022+17%3a16%3a55
m.exactag.com/	1970-01-20 05:53:50	Name: exactag_new_uk Value: 835d74dd3cdb4aafb76a7aa583c67a8d%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 1eb4eb7f768645078b427626
.adsby.bidtheatre.com/	1970-01-20 01:44:43	Name: __kuid Value: 037c4cdc-9c07-4b82-b34b-a6c7fdd40595.416492215
.lijit.com/	1970-01-20 10:20:14	Name: ljt_reader Value: 767f2a675cb08c014a686a9d
ads.avct.cloud/	1970-01-20 10:20:14	Name: uuid Value: 48f563e6-53e8-4d25-b160-251ae0556a86
fksnk.com/	1970-01-20 01:44:43	Name: AWSALBCORS Value: g59gYN3V0bkO2b5YUnvKFz1u1Ts0qMpjGEoN9+qUJDZ77LMwRUWvbVb3FU51Qzs6gchQQeh6DGfskXtKpD1oC/XsbUOvthDrSC2U5/GyGPsyg87s+ZC1ooPBLqS4
.fksnk.com/	1970-01-20 03:44:14	Name: f_001 Value: 8C6A367AEABB98B2
.fksnk.com/	1970-01-20 01:36:04	Name: g_001 Value: 1
.adform.net/	1970-01-20 02:19:16	Name: C Value: 1
.udmserve.net/	1970-01-20 10:20:14	Name: udmts Value: 1647278215.0
.adform.net/	1970-01-20 03:01:02	Name: uid Value: 5007245427941761215
.o2online.de/	1970-01-20 01:44:43	Name: webShopPV Value: ?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=26952494_4307561_327349371_165456137_-0&ref=26952494_4307561_327349371_165456137_-0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12eb984e57f6965d1bf8b862dbadea89.safeframe.googlesyndication.com
ads.avct.cloud
ads.eu.criteo.com
ads.yahoo.com
adservice.google.com
adservice.google.de
ap.lijit.com
api.demand.supply
assets.vlitag.com
audit-tcfv2.quantcast.mgr.consensu.org
bid.underdog.media
c1.adform.net
cat.nl.eu.criteo.com
cc.adingo.jp
cdn.jsdelivr.net
cdn.tynt.com
cm.g.doubleclick.net
csm.eu.criteo.net
dclk-match.dotomi.com
de.tynt.com
dsum-sec.casalemedia.com
fksnk.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
ic.tynt.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
images.outbrainimg.com
imasdk.googleapis.com
live.demand.supply
log.outbrainimg.com
m.exactag.com
match.adsby.bidtheatre.com
mcdp-nydc1.outbrain.com
mv.outbrain.com
ob.cheqzone.com
obs.cheqzone.com
odb.outbrain.com
onetag-sys.com
pagead2.googlesyndication.com
pix.eu.criteo.net
pixel.quantserve.com
pixel.rubiconproject.com
portal.o2online.de
quantcast.mgr.consensu.org
rtb.nl.eu.criteo.com
rtb2-useast.e-volution.ai
rules.quantcount.com
s.ad.smaato.net
s0.2mdn.net
s10.histats.com
s4.histats.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
services.vlitag.com
ssp.adriver.ru
static.criteo.net
stats.g.doubleclick.net
sync.search.spotxchange.com
sync.teads.tv
sync.technoratimedia.com
t.dtscout.com
tag.vlitag.com
tcheck.outbrainimg.com
test.quantcast.mgr.consensu.org
tpc.googlesyndication.com
udmserve.net
um.simpli.fi
us-u.openx.net
waust.at
whos.amung.us
widget-pixels.outbrain.com
widgets.outbrain.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.hawtcelebs.com
x.bidswitch.net
104.107.161.205
104.111.242.245
104.18.29.199
132.226.41.106
142.250.181.226
142.250.185.194
142.250.185.226
151.101.114.132
158.69.139.238
169.50.137.184
174.137.133.49
178.250.0.139
178.250.2.148
178.250.2.150
178.62.202.251
185.64.190.80
185.94.180.126
198.27.80.143
198.47.127.18
198.47.127.20
2600:1f18:e8a:cd04:9b88:a313:d24d:af44
2600:9000:223f:5600:1b:5138:8a40:93a1
2600:9000:2240:dc00:9:46dc:4700:93a1
2600:9000:2251:ce00:5:c4ab:c3c0:93a1
2600:9000:225e:3000:3:a4cd:8380:93a1
2600:9000:2490:fc00:6:44e3:f8c0:93a1
2606:4700:10::6816:3bc7
2606:4700:10::ac43:15e3
2606:4700:20::681a:407
2606:4700::6810:5514
2606:4700::6810:8516
2606:4700::6810:8616
2620:116:800d:21:ee05:6a01:4b41:8c89
2a00:1288:80:807::2
2a00:1450:4001:800::2002
2a00:1450:4001:808::2001
2a00:1450:4001:808::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2003
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:828::2006
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2008
2a00:1450:400c:c0c::9a
2a02:2638:1::11
2a02:2638:1::2
2a02:2638:1::3
2a02:fa8:8806:13::1400
2a06:98c1:3121::7
3.124.66.16
3.69.18.111
34.243.37.252
34.98.64.218
37.157.4.29
37.252.172.249
37.252.172.38
46.105.201.240
51.75.86.98
52.222.236.42
52.54.192.111
54.150.24.141
64.202.112.127
67.202.105.32
67.202.105.33
67.202.114.214
68.71.249.118
69.173.144.165
72.247.225.215
72.247.225.98
72.251.249.14
81.222.128.215
82.113.101.132
85.14.248.72
022f36ac2e753f933db16a6fb9d2df41cc8d6f6d6d4ee62e2ae9a914d83f6b7f
02469fc816049ef247701cee7e19a89cb929bda93d3d43e6ef4a13260fd495c3
043a67f768fc7eadd84edcca6dc5ae899a1a9a327890cde538b2959be6678cc2
04aaf6970b0998ae69ba77009cbb996e69a775898cfe7aca555a4bcb172183b0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0965b428ce26477449f65a680a07a85aa8fe82db035a5279a239045d134bac29
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bc868abaa8d8b2b2a71b474d429899524cb291130769ccb0b634b7af54554fd
0bc9ace48eb717941b32664235b64d9131d8d6f72a606820b0285c2310c3c351
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1201be5a0a663d69d61f230bbe9648b4be392962edc83c1858b94d2bd400929b
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14df882bf9ebb7bbecae0400a2289a5846c17ba3366db6c77ad38dabd72ecb82
16821a5f257e2cb2fde65a0108ffb16a01a4dc4d9861ae2be981f60b9040cd54
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
19a1f2599bb28ef11e677c6b1d1bf77104079a36c8145e12bf1505bef317a24a
19f4d52a15ded151b47d6c19d9db3f87916caa6cbf3fcf6576a7dea08817303b
1a82a928280d1469d86bc38bd56d4cecc9d5548b5b27e8e4629b6fa0dc7c18bf
1e0791ef46a4575157dfe9943ddfa83b86c8f12afc39cd22e4832953c2e76ad3
1e26791594019a8cabe268812e0ed999e23c460aed496cae1dd7edb412c19109
1e8f4b4c370d7d4efbe0f4c932304e610f67324e62fb2c24721b36e76152903d
1ed2420d6fbb5f860c190caccbce59e16fdd9723ed181948e44e6d92e4d5b9f4
21eff19ed2607ebca7cf6f0fc296942553b766c7baaf8fc90da2cd2f3799a907
22627315dd9e5cc05b40fa8bd4b3b714f0c7185988b898b3443c77a2d5216bcd
229cb9fff285c234e313eb40bbc7b0a8ce695f967495d3022850d59a7e89709c
2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62
24adb439b0f28b7b970b43659eadb1098d67bdc104bd290a7afbf9ca2ee6ac0a
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26f4a60ddc9dd208083fe38c46311cc6edc4f398baed850a936a88a54cd35d51
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
295e968cfad54dc2aada52be23019005be614deeb9e8dec11fe7cf3e1e8df620
29cfa712fcd0f7e472e19568665037c245593ac9cdbb36de7cdef4c7d7e29483
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
2caf57b9d0ff5a46b6eba19cde8b61ae0f173ba207ec476797542166f6768b4d
2ceb5ca7a999a6a7dd2e7a27780ca38cc81a17de6bdc4f860e8900b70074bbbc
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2f28abe358edbac612a26d0c71639459a2c85b22ed214cfaa068191ac729c94b
31370f14534e5bb78d3da68b6cf0e72369feea1bd68aaeac1b61d07094aa1deb
31bf822302ba5c241966cbdf23c8e904c3fc8c4cf20758032774b8ffe8e1d69a
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32ed95b190974ab3c06dcbfe84decbe46ba5bf9ef759aaad201b053d06342d9e
32fc25fc3861f0d68b3ee4fa9c3392b7d19dca2989a27205785b48a0e657dd17
33fa9e7b90076d8f13fbbdd27c5900b6ee3a7da8d9bad7b75fce9a47b788b7b3
34138fbb6be3ff1527d04773cae34642f446371838e51dff7bcfdc78cc54ca6d
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
35fee54d1936ef02f161aeb36334a12a8dafdf581b4f59567f273d6f53092ea4
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37bd89d0776acdb8565abd79559d140909e68570f7d74a6f0141d21aed4122f4
37c09362a8d0069f2d7a345364491aa69c36005e6ef8cd27457b63d3250393b0
384a5ff160bd30d6d7d80739751e55d0f88a72717a4aafba99df22e615689801
384f455bbab388611081940c9b6bd93705cfa3e4bc0cf34065d4f002f9e2f430
39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f
3a682ad13e1535e4077c573179247c072d7891ad507c73b7466163562f6c2fa8
3c95abcc3b3b083dba8c06e98b890c137477b47fc38da3f2146f712877f4af29
3f2e1c6049cf73f2e45c75fad592406182f1ca64bce0e8e5a056e92c2d27b639
41876d517897272182ffa12931385d089e2d1d494b6b19724d60e72c6422d36d
421f9d4dd949f42a877bdb43dc005cf24707a5ed61a0d7e42036e7af263e9452
45fe766308841d0d4a2068ef014d83df899ef6623f6bb4bde509431657b1c707
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
47a15f59d0ec2f3cfa862815fe589541eaf2e3d23c417e33f28f3cc6fdfa18df
4b42ee80488279923ea5542d128ea4df0a864c326b603d43a6dd496a7ec6bb11
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f40bfcb86e662268fcef40a7b35d08441b17c7481fbea4fc75893c9b9cdf26a
4faefb5ac2e4d761b02b536f9c38308ba852f5f2b7b077e2a35f0666c6b94a9c
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506720cdcd6b5cd5bad9c5cd12adefdd3254846c3b8e6ad0dcbac784860bd61d
53db131d222652dc58a0b6f8167862a8f29f65834c01a23f9521e1faf72a6ea2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55ed920d444210fbe713cf81e8d6a615cd96d1b950b0704752209568e5754b30
55f61bcf955513c5548d9a8b9706a3054865159e8ae0cc3a6371f8f384d3f325
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56f1fd8da94af5c149466e93ec701b778ac56dba606008b476a3262c7af9e511
57b7f2b2bcdd983268775ebc6ee71d208510b285d79dd058f2717248079c59d1
583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485
59f93c8637fa1e41eb70ab270cc6a5dff7887d9ab040daec1a8fba1e3edc4cd5
5c777431c1470110a5fb07d70b3472b1f15e264a9d3b78e516b9684da1e7ad94
5d59625b6564d07e0b7bb8808f2273a0f930a1cbbe622ad9b4eb911abdb56ef5
5db53bf6a77148dae0aece6b6512e4a6bf94603af72e449a0f23ed03e8b96ff3
5e1a182118d081aff2c2bf7ca06d3efd9e452e0a7cdf29807149c07e179be3e7
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6798e315e5467cd95e8a59837beba825dd5ef10db0378c2cdcb6257d209c5c21
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6a0a35de1f74ffa2e7e7d335f45c2a8b0a796d8c416f24ade692b79009371b97
6d2a70ac6774543b2f5c45f314cb6c481ce6eb6b61e7b356162ee615761f2b83
6e21934b978c8a01ee949238c3be51b93e0ab62d60022e755bb1dab81e69ddf4
6eda4e0eb6871a7cd0c9f55262aff826a2833a448ced5777c261b19b40e8b87a
6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4
704b1e01c786a922c34a248e8b7f706defd603b2aa670c29f35db35bcdfa07e4
713982e547fb01c423cc5c2e960731c46de7dc33baea85f767494ad98d9fdd1c
73ea31af396c26a18892b288114707f25519e0eeba32c76fdb8d036e93c3505e
747e8f5454d77ac3ee2339c3490cb7b805d59d7fedd4cc0682ae6ed9c33b7d25
748f6dbc5a2d9cacb2a44b7b7f9e859ba7d6f90228ab28faa8202cded1e441c6
76cd560ded78b8012e2b4069ac054ce7431680a557737e41ee34b386f23a2b90
78f36bda3a4395e14ab32d8efa5c6987e2c4f425d5e96cd3896c70813e95dfc2
7d444f5e9e4af6d781e97880bdf689d841aef88f7f0e0de4420b7e3aac8ceeda
8050f05c230d74be333b63cef230e786094e9100f55fa19c6c0831e95870768d
80afa7e71baab4b9dca2c54f30f742c205e90c12a24aa844d1e5ccb0b3db1bbd
828aa352982fffb369228a035fe40f4623eef83ca4e5eaae6c23396da3ae9569
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85a62f1cff3a62e192b07126c95e8405b45c0e552d5dae1450ad0f9573c60a82
890152ed42ff1692eec41047de26e222c87f0f2c9eb81a9ca160ec0e67307b24
896c56e97a8025718fdd522311093c9c012b099512b2df342e32bb2c9bfe4675
8a2a95a3a1132f723ce3e0491f8ffff068d48e038449074b52494e552e894996
8b4a58e49cb01da41a3e8be16f5f596e428ec3f4f2aedabe1349854e321e3872
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
8d068daf46712687480a046598f397fe91181edda9334a2b5d7e7246868f643d
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f682f4500ba4e738bf891340b24777adb08e7e825f6db0aa17fc16bd611a929
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
94352a6e25c025d9f314e5feccb7f304bba6ebe148011dec463b534ccf7c4535
94456b37baff6add06fda371cb8246ee8c56797b1f2fba7ab93fb152f617477c
947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769
952bb6ca890af4caa9109cc91e851b49246ac2c837ec2c5841982af89d8be734
95d0c9d48ebe6dd293a8a4e81ea7783de252f6ed650c6d671337035a49a609d9
96339e3a735d41f96df61dce38edd4a92a1ef9346d5165906dacb1d7530cc5d6
9779c524d3f8c4fc7c12f9a073da6a2db5b254cb2a87bfc7c3458f6b4ba5dfd6
984f89207e64531c33ff70321fa69ff082242b8678ca44fe0c2fd30eec16af76
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99102e527161666787f96e02feaaf9416de6b06d3fcea9635c500ef4662d238b
99ebebeb5e1c550e15f728d9f90b704923df50ff24caf956faac335925c1870a
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b7469d8fba6e9d71beec83d90b3a7658aa4b61a2d4e6cdb36fa0b89f8de11af
9c8a71b9d4b571e9133a9e2cc61c54e37af1cee1682b6e3c861be9d43c88405b
9ed01a61804ca2a4efbc0112199e0c28b0ba6ec3473834126b67324a1fbbbd16
9eff5e6e431b11a17340ba67dfada687a3d5bab7d4ee7d1544c785afd20d19c4
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a26e594ef8b3ce2a31c958abca2d48efa43b3db24c241a05152e52c9b91bc73a
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a394feee7ed832e18bae6defa43f71963b391d431af27c6a6c28f75d7d04b827
a40dcd59c23d9ed6f0fbaeefeb57c78543b487ad93c49f5f74b89dd85b0ea278
a425b9e3eb75fe6dfb48037147206c3630b09fed6ae2eb9ce7b9c05e679f3bf0
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6bdf620e64f6f9481b0b273e6365a133ce173c2feb8839cfb99542f0f7f518e
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9308f9bbca4c65ed4fae9d112470ddd0f81a8db9c5938f069a7ea2aa755ad97
ad2bcaea7c91044b59c85100395580a111665d8f90690cfa743e25ba6bd2e9f1
af0d6570462dee3c3937e8694b2ee98ea78313219976105080e94680c29769ad
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
afeb627e84652f882d1e4b597dc74fbb2a3eaec53947319774903915ebfd8250
b0b4164a334505449ed233c85aca0354eda0ebbff127577051582e1fdbba1099
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3
b38af3a465240f759fee9ed2a935c0eeed55b79482711ff665b5f317a2006159
b4ff06bfa155fcf94266bfae176a3f159c19105c1599349f2d3ec6e1aad9b306
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b652b4cef4b3130412794af75ccb6a995ff4a5b2bdabfd9efe6a93935c73c73d
b6a093826b73a379089307af130ef0e0d8c200d7f2bd44669cca3fbc90759bfc
b6a6a2a20d15f226fa342d50ff201e59035a50acea6134177bdb9361c767e399
b75ec258347ba7b30d793ebf28bca27c101e3f657ea121496d752e7410de50b5
b8341f341848ee9eec71870d976b0895ef1084190c2e0b0349d2ba1c9b9ef64e
bb8005b1fa58acf575732c502d741d96bcc2b14d8ce308ef1f210c5042ea9d50
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bc3909ca4f2103905d31fd63d0267030dd9a393733bf71855fc0466421007862
bd81384f187e42628894eed4bb384acd8209a3980c45c3ab285ac154f28bf9a0
bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309
bee4c3ddceefb6558b86e3d6bbe40326f6d67e1b0b535eb6949d570e7630d82d
bf4cc93e59a3972ebddf92594d0d5298a0c1cefbbe1b8938e6d5a323bce5835a
c0372c58d2c88c2c3829721f2efa381e47d42bd26588518d8b3b511e3054ea07
c10c8422a6970a549363496d223f4b4802c14346bab793afb114623d7c67405b
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c3c89d5295be3c6415416b83a9e4c0fc67a790e55713ddc3f2d0c07185779acf
c4e7fa6666f37d359f2b3be8611dacc6148f93efcdc93631f3e78c4d4043e005
c6c9c2aebd745bd405d845f066bf294d297148da915b3d9055f46a9e8a2e33e3
c6df1f67ffd26978bcacb3a3445a713ad2e3bf4992eba3081ad16b64a64e2e43
c726d0d53be662a7b59d01180ac241cb688580b841731f169b3b3f9146de4a0c
c883acee4fa837d684ea9eb2e6f16a885ad56dd659464c9369ffa2f3a0c56210
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
ca119b79988ac6bd9e8c041503404c18ef72615c0303279618a2fbe9a078d946
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb7b7e31cd0bc4f5cfc2c8745e4b1876ebb137dbe6881eb952b1dfc5a5b3cb54
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd31322c05222cfccb893f37743a28cc59d2719de472f23dec7f7ff39d9bce94
cd8f881ad9704d2cce4bc833d75ebdb71383bcdce25c4a7ead4dea3b38cb21c5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d112ea122dd38422c354c2db709c195c123b6ad5978ecddfb62286ee4f90851f
d1a94cec495c993b0d2e7284e13837caf46c03cfd1285c35fc36dbe74a6287d8
d1c53b6225a090086638d7d7f92c55374ec9ca4952c10dc6007d56c1a7b2a329
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d7022340dcbdd29b10402d45b550b8ba8f68fe674c2bf8b5102ae9ef1831d54e
d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e
d8a2a6bf52cfc77f0dffafd7595fbf538342f311d9c57e1d234257be549d9f11
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0cd5c3994b640a71d99b45cbf7c0c671169c48f9a54875e02c7053999309887
e2e26de46c161fa44ac4e7cd7627a67a7a33fc58172478cc6d741171ab387cf5
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e7f91f15c294c0b5602aa75a6546b25bb250f299134292893e3c56f0d5549d39
e805da0c487baac66bb05ed077ca1f52b159691be64b5ebf8f2cf2db0197dd24
e9fc1444b589f6bce31440a89d61ad2d08bedebf9692bc1623ac7e570a035d7c
eba88ef6b1f09543b0b3f34bc3c1d401da36d590354cd7728e2aae4d3c1abc91
ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74
ed093634499f63e6d0bafb2f80befd9f9ba6a350c8b379220c12033becd8ab10
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0591fb3e6d150c5efb50a9dba2ec03cc894d45b71e89d86a119532efb139cd6
f1261b7cce0eafa940b0681c494a52abb9a9a246262a3ca7b5acf2ab56bde6a6
f1346360729e77380edf8f17fa421b76452289ae1b5f4be290b19c4d204e9587
f1dcbcadccd8600a11e8792ba1be97c8d7f30a7f0c12e28f845ce8d2257e269c
f277c079321a2a5a99e98128dc40b36b269f9fadef95ab8a7614a8388881c491
f4582972325e917d60aa7888fdecbe35e223344ab4c01de5f330750cdf6eed9e
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f7492476dfa60f0146889b13e37c67fd1a70e42e6ddb017c0c08e25148fd8985
f94a0b25ed421e6643ca8ae21ccd63cf5630e8db8a3b64f63a669936d068c427
fb8ae618006941b6b9f90f644b3fffa993586c2ceb817a5fab715a0a7b543c47
fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b
ff09b029f6db35c2ed61a61f8651ca6d1752f1ed164ec057b4e7afad8f365eaa

www.hawtcelebs.com Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

407 Requests

90 %HTTPS

44 %IPv6

53 Domains

85 Subdomains

67 IPs

13 Countries

6854 kBTransfer

12945 kBSize

53 Cookies

28 Outgoing links

Page URL History

Redirected requests

407 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.hawtcelebs.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

407
Requests

90 %
HTTPS

44 %
IPv6

53
Domains

85
Subdomains

67
IPs

13
Countries

6854 kB
Transfer

12945 kB
Size

53
Cookies

407 HTTP transactions
7 data transactions