isecosmetic.com Open in urlscan Pro
2606:4700:3036::ac43:9f20 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://isecosmetic.com/wiki/Internet_Systems_Consortium
Submission: On December 30 via manual (December 30th 2021, 3:33:38 am UTC) from TH — Scanned from DE

Summary HTTP 285 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 48 IPs in 10 countries across 34 domains to perform 285 HTTP transactions. The main IP is 2606:4700:3036::ac43:9f20, located in United States and belongs to CLOUDFLARENET, US. The main domain is isecosmetic.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 7th 2021. Valid for: a year.

This is the only time isecosmetic.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2606:4700:303... 2606:4700:3036::ac43:9f20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	51.15.15.73 51.15.15.73	12876 (Online SAS) (Online SAS)
1	2600:9000:231... 2600:9000:2315:e600:6:b871:4f00:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:215... 2600:9000:2156:a800:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2620:0:862:ed... 2620:0:862:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
3	2620:0:862:ed... 2620:0:862:ed1a::1	14907 (WIKIMEDIA) (WIKIMEDIA)
23	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1 1	2a02:6ea0:c70... 2a02:6ea0:c700::4	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2606:4700:303... 2606:4700:3035::ac43:ce26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	212.77.99.29 212.77.99.29	12827 (WIRTUALNA...) (WIRTUALNAPOLSKA GDANSK)
15	37.252.173.22 37.252.173.22	29990 (ASN-APPNEX) (ASN-APPNEX)
7	147.75.61.140 147.75.61.140	54825 (PACKET) (PACKET)
7	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
4	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
16	137.74.127.184 137.74.127.184	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1 27	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1 7	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:401... 2a00:1450:4010:c01::5e	15169 (GOOGLE) (GOOGLE)
2 24	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:15::a	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:69::a	15169 (GOOGLE) (GOOGLE)
5	185.29.134.245 185.29.134.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
3	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	138.201.63.149 138.201.63.149	24940 (HETZNER-AS) (HETZNER-AS)
2	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2a00:1450:400... 2a00:1450:400c:c09::8b	15169 (GOOGLE) (GOOGLE)
5	138.201.84.244 138.201.84.244	24940 (HETZNER-AS) (HETZNER-AS)
5	37.157.2.235 37.157.2.235	198622 (ADFORM) (ADFORM)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
15	37.157.6.235 37.157.6.235	198622 (ADFORM) (ADFORM)
1	54.36.108.3 54.36.108.3	16276 (OVH) (OVH)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
4	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
4	212.77.98.32 212.77.98.32	12827 (WIRTUALNA...) (WIRTUALNAPOLSKA GDANSK)
2	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	185.29.134.248 185.29.134.248	() ()
285	48

5 2606:4700:3036::ac43:9f20 (United States)

ASN13335 (CLOUDFLARENET, US)

isecosmetic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.15.15.73 (Haarlem, Netherlands)

ASN12876 (Online SAS, FR)
PTR: 51-15-15-73.rev.poneytelecom.eu

fastred.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:e600:6:b871:4f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2156:a800:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:0:862:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:0:862:ed1a::1 (United States)

ASN14907 (WIKIMEDIA, US)

en.wikipedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::4 (Frankfurt am Main, Germany) 1 redirects

ASN60068 (CDN77 ^_^, GB)

cdn.veedmo-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::ac43:ce26 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.veedmo-storage-2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 212.77.99.29 (Poland)

ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL)
PTR: ssp.wp.pl

ssp.wp.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 37.252.173.22 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 147.75.61.140 (Ashburn, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 137.74.127.184 (France)

ASN16276 (OVH, FR)

ares.veedmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4010:c01::5e (Lappeenranta, Finland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:15::a (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

rr5---sn-4g5lzner.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:69::a (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

rr5---sn-4g5ednse.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.29.134.245 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.201.63.149 (Hockenheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.149.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400c:c09::8b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

s.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.84.244 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.244.84.201.138.clients.your-server.de

hal900026.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.2.235 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 37.157.6.235 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.36.108.3 (France)

ASN16276 (OVH, FR)
PTR: ns3112796.ip-54-36-108.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.232.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 212.77.98.32 (Poland)

ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL)
PTR: wifi32.ras.wp.pl

std.wpcdn.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (None, )

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	googlesyndication.com 1 redirects pagead2.googlesyndication.com 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com tpc.googlesyndication.com	323 KB
44	doubleclick.net 2 redirects securepubads.g.doubleclick.net pubads.g.doubleclick.net googleads.g.doubleclick.net	255 KB
20	adform.net track.adform.net s1.adform.net	161 KB
19	adnxs.com ib.adnxs.com acdn.adnxs.com	111 KB
16	veedmo.com ares.veedmo.com
15	ampproject.org cdn.ampproject.org	306 KB
12	google.com 1 redirects adservice.google.com www.google.com	2 KB
11	gstatic.com fonts.gstatic.com csi.gstatic.com www.gstatic.com	101 KB
11	wp.pl ssp.wp.pl	2 KB
8	mathtag.com tags.mathtag.com pixel.mathtag.com sync.mathtag.com	7 KB
8	googleapis.com ajax.googleapis.com imasdk.googleapis.com fonts.googleapis.com	352 KB
7	redintelligence.net hal9000.redintelligence.net hal900026.redintelligence.net hal900021.redintelligence.net Failed	10 KB
7	creativecdn.com prebid-eu.creativecdn.com	1 KB
7	a-mo.net prebid.a-mo.net	2 KB
6	optad360.io cmp.optad360.io get.optad360.io	199 KB
5	youtube.com s.youtube.com
5	googlevideo.com 2 redirects rr5---sn-4g5lzner.googlevideo.com rr5---sn-4g5ednse.googlevideo.com	4 MB
5	isecosmetic.com isecosmetic.com	64 KB
4	wpcdn.pl std.wpcdn.pl	128 KB
4	criteo.com 1 redirects gum.criteo.com mug.criteo.com	1 KB
4	google.de adservice.google.de	904 B
3	googletagservices.com www.googletagservices.com	110 KB
3	wikipedia.org en.wikipedia.org	10 KB
2	googleadservices.com www.googleadservices.com
2	4dex.io script.4dex.io	23 KB
2	yadro.ru 1 redirects counter.yadro.ru	1 KB
2	wikimedia.org upload.wikimedia.org	22 KB
1	adsrvr.org match.adsrvr.org	543 B
1	contentspread.net cdn.contentspread.net	1 KB
1	2mdn.net s0.2mdn.net	17 KB
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	veedmo-storage-2.com cdn.veedmo-storage-2.com	295 KB
1	veedmo-static.com 1 redirects cdn.veedmo-static.com	621 B
1	fastred.biz fastred.biz	20 KB
285	34

	Domain	Requested by
27	tpc.googlesyndication.com	1 redirects securepubads.g.doubleclick.net tpc.googlesyndication.com isecosmetic.com cdn.ampproject.org imasdk.googleapis.com 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
21	googleads.g.doubleclick.net	2 redirects
20	pagead2.googlesyndication.com	securepubads.g.doubleclick.net srcdoc tpc.googlesyndication.com www.googletagservices.com
16	ares.veedmo.com	cdn.veedmo-static.com
15	s1.adform.net	track.adform.net s1.adform.net isecosmetic.com
15	cdn.ampproject.org	securepubads.g.doubleclick.net
15	ib.adnxs.com	get.optad360.io acdn.adnxs.com
15	securepubads.g.doubleclick.net	get.optad360.io securepubads.g.doubleclick.net isecosmetic.com
11	ssp.wp.pl	get.optad360.io
8	pubads.g.doubleclick.net	imasdk.googleapis.com
7	www.google.com	1 redirects tpc.googlesyndication.com isecosmetic.com 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
7	prebid-eu.creativecdn.com	get.optad360.io
7	prebid.a-mo.net	get.optad360.io
5	track.adform.net	hal900026.redintelligence.net s1.adform.net
5	hal900026.redintelligence.net	hal9000.redintelligence.net hal900026.redintelligence.net
5	s.youtube.com
5	tags.mathtag.com	633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com tags.mathtag.com
5	csi.gstatic.com	imasdk.googleapis.com
5	fonts.gstatic.com	fonts.googleapis.com
5	adservice.google.com	imasdk.googleapis.com securepubads.g.doubleclick.net
5	get.optad360.io	isecosmetic.com get.optad360.io
5	isecosmetic.com	isecosmetic.com
4	std.wpcdn.pl	ssp.wp.pl
4	acdn.adnxs.com	get.optad360.io
4	rr5---sn-4g5ednse.googlevideo.com	1 redirects
4	adservice.google.de	securepubads.g.doubleclick.net
4	633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	imasdk.googleapis.com	cdn.veedmo-static.com imasdk.googleapis.com
3	www.googletagservices.com	633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
3	fonts.googleapis.com	securepubads.g.doubleclick.net 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
3	en.wikipedia.org	isecosmetic.com
2	www.googleadservices.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	pixel.mathtag.com	tags.mathtag.com
2	hal9000.redintelligence.net	isecosmetic.com
2	script.4dex.io	get.optad360.io script.4dex.io
2	counter.yadro.ru	1 redirects isecosmetic.com
2	upload.wikimedia.org	isecosmetic.com
1	sync.mathtag.com	tags.mathtag.com
1	match.adsrvr.org	get.optad360.io
1	cdn.contentspread.net	hal900026.redintelligence.net
1	www.gstatic.com	633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
1	rr5---sn-4g5lzner.googlevideo.com	1 redirects
1	s0.2mdn.net	imasdk.googleapis.com
1	cdn.jsdelivr.net	get.optad360.io
1	cdn.veedmo-storage-2.com
1	cdn.veedmo-static.com	1 redirects
1	cmp.optad360.io	isecosmetic.com
1	fastred.biz	isecosmetic.com
1	ajax.googleapis.com	isecosmetic.com
0	hal900021.redintelligence.net Failed	hal9000.redintelligence.net
285	52

This site contains links to these domains. Also see Links.

Domain
www.optad360.com
en.wikipedia.org
www.isc.org
veedmo.com
www.farsightsecurity.com
ru.isecosmetic.com
ar.isecosmetic.com
cs.isecosmetic.com
de.isecosmetic.com
fa.isecosmetic.com
fr.isecosmetic.com
he.isecosmetic.com
hi.isecosmetic.com
hr.isecosmetic.com
ja.isecosmetic.com
ko.isecosmetic.com
tr.isecosmetic.com
vi.isecosmetic.com
creativecommons.org
foundation.wikimedia.org
www.wikimediafoundation.org
en.m.wikipedia.org
www.mediawiki.org
wikimediafoundation.org

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-07` - `2022-09-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
pushstatus.biz R3	`2021-11-14` - `2022-02-12`	3 months	crt.sh
*.optad360.io Amazon	`2021-11-17` - `2022-12-15`	a year	crt.sh
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-10-19` - `2022-11-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.wp.pl RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-05` - `2022-03-14`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.a-mo.net R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
ares.veedmo.com R3	`2021-12-08` - `2022-03-08`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
redintelligence.net R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
contentspread.net R3	`2021-12-03` - `2022-03-03`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-03-11` - `2022-02-07`	a year	crt.sh
*.wpcdn.pl RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-14` - `2022-05-15`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-11-30` - `2022-02-08`	2 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh

This page contains 24 frames:

Primary Page: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Frame ID: D4D06566528E6AB48D96CADF1ED8BF3F
Requests: 92 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 79ACDE0BCB25D2A2CDC0A15E9188453F
Requests: 51 HTTP requests in this frame

Frame: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8812EA05B1DE9C5086381A0050ED84FA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 421AF7F1CE739F45D91EEFF545DCDEC9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0C3E56F6D42D45F4867EA099755E0562
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 035FFD5B49931FCDA213F0BD4AD59ACB
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: A7E113DC8390E18B9BDD59EBD44F64A8
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: FBAC18F66CA150A17BE7034C41EF35AB
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: D18075284C8A09CBDD542343FAADA67F
Requests: 3 HTTP requests in this frame

Frame: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E433F4BB22DAEBD368C42E330CDBAF86
Requests: 15 HTTP requests in this frame

Frame: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a
Frame ID: E242CD40C5858074E383EFAB3770AD51
Requests: 14 HTTP requests in this frame

Frame: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FB80DD01733843C43083556CF02B2F19
Requests: 14 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/169192/10676349/10676349.js?ADFassetID=10676349&bv=516
Frame ID: 592F8D0B59C407B6D243101E72EEC1B9
Requests: 13 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: C2ABBF803689AA1DB134940268C93C08
Requests: 3 HTTP requests in this frame

Frame: https://ssp.wp.pl/bidder/usersync?tcf=2
Frame ID: E1F364F1613FBF90650AF3B19A146FCF
Requests: 2 HTTP requests in this frame

Frame: https://ssp.wp.pl/bidder/usersync?tcf=2
Frame ID: 00A0239DEB7CDB3C9E90D78D97D8EC76
Requests: 2 HTTP requests in this frame

Frame: https://ssp.wp.pl/bidder/usersync?tcf=2
Frame ID: D8CB41B62F9393507F42CE4248979CC5
Requests: 2 HTTP requests in this frame

Frame: https://ssp.wp.pl/bidder/usersync?tcf=2
Frame ID: 90DADE85B28022013A5B574A8A896BF5
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 99EDF78F5371253EEA544B256CDAB469
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9D476DA087D7FB8008A79664D273DEEE
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 44FAC687B2EBA74CA2AC09A1B2B0F80F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: EDFA8AD0C63296C169966E14BD16CCC7
Requests: 3 HTTP requests in this frame

Frame: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CBE431AAA1E340823B406C290243ADBD
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: 54CCDCDDF54F2373845B2CB18B20B143
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Internet Systems Consortium - Internal sin - WikipediaPowered by Veedmo

Page URL History Show full URLs

https://isecosmetic.com/wiki/Internet_Systems_Consortium Page URL
https://isecosmetic.com/wiki/Internet_Systems_Consortium Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

285
Requests

95 %
HTTPS

57 %
IPv6

34
Domains

52
Subdomains

48
IPs

10
Countries

6950 kB
Transfer

14779 kB
Size

21
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://www.optad360.com/en/?utm_medium=AdsInfo&utm_source=isecosmetic.com
Title: Ads by optAd360

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/File:Internet_Systems_Consortium_logo.png

Search URL Search Domain Scan URL

URL: https://www.isc.org/
Title: www .isc .org

Search URL Search Domain Scan URL

URL: https://veedmo.com/?utm_source=video_player_contextmenu&utm_medium=referral&utm_campaign=isecosmetic.com
Title: Powered byVeedmo

Search URL Search Domain Scan URL

URL: https://veedmo.com/?utm_source=video_player_branding&utm_medium=referral&utm_campaign=isecosmetic.com
Title: Powered by Veedmo

Search URL Search Domain Scan URL

URL: https://www.farsightsecurity.com/
Title: Farsight Security, Inc.

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/File:Internet_Hosts_Count_log.svg

Search URL Search Domain Scan URL

URL: https://www.isc.org/survey/
Title: Internet Domain Survey

Search URL Search Domain Scan URL

URL: https://ru.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: Русский

Search URL Search Domain Scan URL

URL: https://ar.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: العربية

Search URL Search Domain Scan URL

URL: https://cs.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: cs

Search URL Search Domain Scan URL

URL: https://de.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://fa.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: فارسی

Search URL Search Domain Scan URL

URL: https://fr.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: Français

Search URL Search Domain Scan URL

URL: https://he.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: עברית

Search URL Search Domain Scan URL

URL: https://hi.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: हिन्दी

Search URL Search Domain Scan URL

URL: https://hr.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: Hrvatski

Search URL Search Domain Scan URL

URL: https://ja.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: 日本語

Search URL Search Domain Scan URL

URL: https://ko.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: 한국어

Search URL Search Domain Scan URL

URL: https://tr.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: Türkçe

Search URL Search Domain Scan URL

URL: https://vi.isecosmetic.com/wiki/Internet_Systems_Consortium
Title: Vi

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Wikipedia:Text_of_Creative_Commons_Attribution-ShareAlike_3.0_Unported_License
Title: ใบอนุญาตครีเอทีฟคอมมอนส์แบบแสดงที่มา - อนุญาตแบบเดียวกัน

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by-sa/3.0/

Search URL Search Domain Scan URL

URL: https://foundation.wikimedia.org/wiki/Terms_of_Use
Title: เงื่อนไขการใช้งาน

Search URL Search Domain Scan URL

URL: https://foundation.wikimedia.org/wiki/Privacy_policy
Title: นโยบายความเป็นส่วนตัว

Search URL Search Domain Scan URL

URL: https://www.wikimediafoundation.org/
Title: Wikimedia Foundation, Inc.

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Wikipedia:Contact_us
Title: ติดต่อ Wikipedia

Search URL Search Domain Scan URL

URL: https://en.m.wikipedia.org/w/index.php?title=Ibaqa_Beki&mobileaction=toggle_view_mobile
Title: มุมมองมือถือ

Search URL Search Domain Scan URL

URL: https://www.mediawiki.org/wiki/Special:MyLanguage/How_to_contribute
Title: นักพัฒนา

Search URL Search Domain Scan URL

URL: https://foundation.wikimedia.org/wiki/Cookie_statement
Title: คำสั่งคุกกี้

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Internet_Systems_Consortium
Title: "Internet_Systems_Consortium"

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/w/index.php?title=Internet_Systems_Consortium&action=history
Title: Authors

Search URL Search Domain Scan URL

URL: https://wikimediafoundation.org/

Search URL Search Domain Scan URL

URL: https://www.mediawiki.org/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://isecosmetic.com/wiki/Internet_Systems_Consortium Page URL
https://isecosmetic.com/wiki/Internet_Systems_Consortium Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://counter.yadro.ru/hit?rhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;s1600*1200*24;uhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;hInternet%20Systems%20Consortium%20-%20Internal%20sin%20-%20Wikipedia;0.5723464405528369 HTTP 302
https://counter.yadro.ru/hit?q;rhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;s1600*1200*24;uhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;hInternet%20Systems%20Consortium%20-%20Internal%20sin%20-%20Wikipedia;0.5723464405528369

Request Chain 17

https://cdn.veedmo-static.com/cdn/player/v2/current.js HTTP 301
https://cdn.veedmo-storage-2.com/cdn/player/v3/current.js?v=14

Request Chain 87

https://rr5---sn-4g5lzner.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYeKnEZmox_APovmZiAQ&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&mh=4T&mm=31&mn=sn-4g5lzner&ms=au&mv=m&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.952&lmt=1638081469401369&mt=1640834929&txp=5432432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAMefAwu6ojvRxtDb6-UhLPp2CwhVgtOuAciN8Bn1AeOjAiEAzWoxnCZIrg3wl6A6Yi1OAAuEbRe7CjK3hPj7bGdmqzo=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgKDjJkZyYH7tv7p-CG2l04DYO7nLNh86Ej76KCy1D6ikCIQDa2ZSySC8vPxrkFH5QRqqo7tLrLZGyk1lErX6rj8SmyA==&cpn=dNSKbz8IM2jVyw07 HTTP 302
https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYeKnEZmox_APovmZiAQ&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.952&lmt=1638081469401369&txp=5432432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAMefAwu6ojvRxtDb6-UhLPp2CwhVgtOuAciN8Bn1AeOjAiEAzWoxnCZIrg3wl6A6Yi1OAAuEbRe7CjK3hPj7bGdmqzo=&cpn=dNSKbz8IM2jVyw07&redirect_counter=1&rm=sn-4g5ekr76&req_id=14cf97594d4236e2&cms_redirect=yes&ipbypass=yes&mh=4T&mip=2a0f:9441:5:0:e5::1&mm=31&mn=sn-4g5ednse&ms=au&mt=1640834954&mv=m&mvi=5&pl=48&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgbCxooXmn4ywUEaaYZQsv9X7QiKT8p7uABQc_YeBlB-QCIF7UDEWc_gLxGC_umKA4RpIovPgRekOXqDlXpWo66UpA

Request Chain 102

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 121

https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYcTUKa2I6dsPlPew2A4&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&mh=4T&mm=31&mn=sn-4g5ednse&ms=au&mv=m&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.952&lmt=1638081469401369&mt=1640834929&txp=5432432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgQgl3l8DrfsmTPLnl6U_Os4nMz7M8rYFA0uogCVtIxd8CIQC2EaUzmToelHQ-81ltR5sZukaUs6_BSJkiJ_Z4PQgQ1Q==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAKDuntf7z_aU9xRjzbQzlhtX9iuT3wyuxc3jBm_dM0xqAiBThceF2FUgjOIEUD1596LIN5LRYbb8rUofUjPyagIm-w==&cpn=AtPVi5uyoCDB_Ot9 HTTP 302
https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYcTUKa2I6dsPlPew2A4&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.952&lmt=1638081469401369&txp=5432432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgQgl3l8DrfsmTPLnl6U_Os4nMz7M8rYFA0uogCVtIxd8CIQC2EaUzmToelHQ-81ltR5sZukaUs6_BSJkiJ_Z4PQgQ1Q==&cpn=AtPVi5uyoCDB_Ot9&redirect_counter=1&rm=sn-4g5e6s76&req_id=a2c177ff50dc36e2&cms_redirect=yes&ipbypass=yes&mh=4T&mip=2a0f:9441:5:0:e5::1&mm=31&mn=sn-4g5ednse&ms=au&mt=1640834954&mv=m&mvi=5&pl=48&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAK_EjwWHSvnWHtXT09mJ7id99ElOkVM5s6Nn0KTNPMnaAiEA_OWwg28OCBhBdXuWmn-FIutFJ7xXjukERp2gSWi-_so%3D

Request Chain 154

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL HTTP 301
https://tpc.googlesyndication.com/simgad/4091503581208051288

Request Chain 182

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fisecosmetic.com%2F&domain=isecosmetic.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=E5qlRHxIT3hRd0tkUW9qNlh5N08vdEo2Q3E2OUNXUU4xNEpYZFFwNDFBZnoraXA3TDdZQXRmR1RMUWcxOGVqN1JBaWRHUUF2MVdSWWlCWEVkcXNlMmJ2dEVqSFFXcU5SK3J2Y1UzMFVUU2E2WHlRcUw4ZDJLTU9BWk1HcnBBeGtTU2RNUWpNZktTU2xBcTBwdlRvTmdVMm1iTnNiT3QvWjdBTHhtcGtrdGhUN2dQampPaUlybFJ5aGRZaWVCMS80bHp6blh4TDNJejVKdEI4eGVrVmJhQ0NRMzgyb2ZMQUhicDhhdUJxNGZTZS90blNVPXw&cppv=2

Request Chain 210

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CCewDdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHbEJ6EOIgJpnyg6ACgOYCwHICwHQCw64DAHYEwzQFQHiFgIIAYAXAQ&num=1&sig=AOD64_2eX7wFD-lH_DVB3xg-CWX2ldzBkg&client=ca-pub-2382012522979108&adurl=https://totalbattle.com/en/lp/city9alike2_webgl_dark_po_2/3%3Fowr%3DIL%26frt%3DDisplay%26crt%3Dv3CGI0083zenCDLNGZ%26typ%3DNU%26cnt%3DTIER2-LL%26int%3Dvideo%26adgp%3Dads%26prtr%3DGoogle%26cq_src%3Dgoogle_ads%26cq_cmp%3D15413678065%26cq_term%3D%26cq_plac%3Disecosmetic.com%26cq_net%3Dvp%26cq_plt%3Dgp%26ad_id%3D565170044319&ctype=110&label=video_10s_engaged_view&ad_mt=10190&acvw=sv%3D914%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26p0%3D1082,49,1182,226%26p1%3D1082,49,1182,226%26p2%3D1082,49,1182,226%26tos%3D10245,0,0,0,0%26mtos%3D10245,10245,10245,10245,10245%26amtos%3D0,0,0,0,0%26mtos1%3D4246,0,0%26mtos2%3D3999,0,0%26mcvt%3D10245%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10245%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2235%26pst%3D417%26dur%3D15882%26vmtime%3D10189%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26cs%3D16782099%26c%3D1%26c0%3D1%26c1%3D1%26c2%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D2000,2000,2000,2000,2000%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D11257%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10245%26ss0%3D0%26ss1%3D0%26ss2%3D0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1640835188470 HTTP 302
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdDsCdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAHABW6gBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHZoJO2h0dHBzOi8vdG90YWxiYXR0bGUuY29tL2VuL2xwL2NpdHk5YWxpa2UyX3dlYmdsX2RhcmtfcG9fMi8zsQnoQ4iAmmfKDoAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggBgBcB&num=1&client=ca-pub-2382012522979108&ctype=110&label=video_10s_engaged_view&ad_mt=10190&acvw=sv%3D914%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26p0%3D1082,49,1182,226%26p1%3D1082,49,1182,226%26p2%3D1082,49,1182,226%26tos%3D10245,0,0,0,0%26mtos%3D10245,10245,10245,10245,10245%26amtos%3D0,0,0,0,0%26mtos1%3D4246,0,0%26mtos2%3D3999,0,0%26mcvt%3D10245%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10245%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2235%26pst%3D417%26dur%3D15882%26vmtime%3D10189%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26cs%3D16782099%26c%3D1%26c0%3D1%26c1%3D1%26c2%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D2000,2000,2000,2000,2000%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D11257%26pngs%3D9s,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10245%26ss0%3D0%26ss1%3D0%26ss2%3D0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1640835188470&cid=CAQSKQCNIrLMoLVYoiSbJLtc_A6S4xKPAS7ZEccVQekeUCs0-wCtaoWGaOps&dblrd=1&val=ChAyMjBmNGRlYzExY2QwMDM5EPTQtI4GGgjxyTG5RHoxiiABKAE&sig=AOD64_2qFfn-yPzmrmwE4WBrqliiVN5SWw&adurl=https://totalbattle.com/en/lp/city9alike2_webgl_dark_po_2/3%3Fowr%3DIL%26frt%3DDisplay%26crt%3Dv3CGI0083zenCDLNGZ%26typ%3DNU%26cnt%3DTIER2-LL%26int%3Dvideo%26adgp%3Dads%26prtr%3DGoogle%26cq_src%3Dgoogle_ads%26cq_cmp%3D15413678065%26cq_term%3D%26cq_plac%3Disecosmetic.com%26cq_net%3Dvp%26cq_plt%3Dgp%26ad_id%3D565170044319

Request Chain 214

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CCewDdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHbEJ6EOIgJpnyg6ACgOYCwHICwHQCw64DAHYEwzQFQHiFgIIAYAXAQ&num=1&sig=AOD64_2eX7wFD-lH_DVB3xg-CWX2ldzBkg&client=ca-pub-2382012522979108&adurl=https://totalbattle.com/en/lp/city9alike2_webgl_dark_po_2/3%3Fowr%3DIL%26frt%3DDisplay%26crt%3Dv3CGI0083zenCDLNGZ%26typ%3DNU%26cnt%3DTIER2-LL%26int%3Dvideo%26adgp%3Dads%26prtr%3DGoogle%26cq_src%3Dgoogle_ads%26cq_cmp%3D15413678065%26cq_term%3D%26cq_plac%3Disecosmetic.com%26cq_net%3Dvp%26cq_plt%3Dgp%26ad_id%3D565170044319&label=video_engaged_view&ctype=110 HTTP 302
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdDsCdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAHABW6gBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHZoJO2h0dHBzOi8vdG90YWxiYXR0bGUuY29tL2VuL2xwL2NpdHk5YWxpa2UyX3dlYmdsX2RhcmtfcG9fMi8zsQnoQ4iAmmfKDoAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggBgBcB&num=1&client=ca-pub-2382012522979108&label=video_engaged_view&ctype=110&cid=CAQSKQCNIrLMxd8ePkHouV9vvpXFNKr5grzAHfYD6Uy9tYnd-fOPz6E_v_r1&dblrd=1&val=ChAyMjBmNGRlYzExY2QwMDM5EPTQtI4GGgjxyTG5RHoxiiABKAE&sig=AOD64_1A29o_J5XJeggmTgLT4z3STPP9eA&adurl=https://totalbattle.com/en/lp/city9alike2_webgl_dark_po_2/3%3Fowr%3DIL%26frt%3DDisplay%26crt%3Dv3CGI0083zenCDLNGZ%26typ%3DNU%26cnt%3DTIER2-LL%26int%3Dvideo%26adgp%3Dads%26prtr%3DGoogle%26cq_src%3Dgoogle_ads%26cq_cmp%3D15413678065%26cq_term%3D%26cq_plac%3Disecosmetic.com%26cq_net%3Dvp%26cq_plt%3Dgp%26ad_id%3D565170044319

285 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Internet_Systems_Consortium Show response
isecosmetic.com/wiki/ 103 B
649 B 57ms
37ms Document
text/html 2606:4700:3036::ac43:9f20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9f20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3bc21797de283ed8a184b7a12e07566eb539d3f2ca06ffce1c9939d438c5eea6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 30 Dec 2021 03:33:06 GMT
content-type: text/html
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBTQLVxoRSSrcUcewxhqXTPsaMmyS%2FBSC%2BKpvdbUOjJ77AWCudsXu2VUGNILDCDkxW95pXM9qI0nXo02g6AGjS76rcxVmAkJsbGCSVuHJWJ1JEiJGkX15TLZe9v1U0LX%2Fn%2F2FDD0wINdhsTUX8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c58346e8e2a4de8-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 Primary Request Internet_Systems_Consortium Show response
isecosmetic.com/wiki/ 29 KB
12 KB 37ms
36ms Document
text/html 2606:4700:3036::ac43:9f20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9f20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebd5d51d90cc683e170eb87030c137f32ccd7b393a86acacbcb9e19a38c8d966

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-type: text/html; charset=utf-8
link: <https://papayasaigoncentralhotel.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="vi",<https://ictreports.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://gebiao-medical.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://cdmschool.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="th",<https://zcore.info/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="cs",<https://skiamericacanada.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="de",<https://calpallargues.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="es",<https://bit-pac.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="fa",<https://festivalofpoetstheater.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="fr",<https://mitvedicsciences.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ko",<https://themiamicard.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ko",<https://delarfreight.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="hi",<https://sungrandcity-bds.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="vi",<https://pcapone.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://ciclomenstrual.info/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://rubberhosechina.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="vi",<https://smihawaii.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="de",<https://bravocreativeagency.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="es",<https://entradaspucela.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="es",<https://sertuerner.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="de",<https://elaheweb.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="fa",<https://rakshitestates.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ar",<https://dailymuktoshokal.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="hi",<https://braininjar.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="fr",<https://thailandrehabreviews.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="th",<https://gomasr.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ar",<https://mythuatthangloiloc.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="vi",<https://tiempodefutsal.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="de",<https://faza-sna.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ru",<https://wordofwayne.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="cs",<https://amorgos-plori.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="cs",<https://riders-alpedhuez.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="fr",<https://paramitalighting.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://guiagyn.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://keishin-ug.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://yonedamaki.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://perthchurchofchrist.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ko",<https://manheimerformayor.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="fr",<https://les-passagers-aix.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="fr",<https://poliklinikadraskovic.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="th",<https://isecosmetic.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="th",<https://teacupsandbcups.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ko",<https://djanimateurfinistere.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://wikide2.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="de",<https://wikide.de/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="de",<https://produkt-test-blog.de/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="de",<https://kaukustic.de/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="de",<https://net-wiki.de/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="de",<https://wikipeluangusaha.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="he",<https://wikipaytren.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="cs",<https://wiki-family.com/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ja",<https://test12.ru:8085/wiki/Internet_Systems_Consortium>; rel="alternate"; hreflang="ru"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uTrzMQkiLVExUAwYglHh7H2uYaqUzvduM63kerSHlPO7gXXsRQlukXVSiVzdY4YoQVI6mYnnp39SSscDoStO0MxTVFIK%2Bwn%2Feq056UNwx%2BbEKGea3cUWpzT85AqGqoM6BwwQ%2Fp5BBxlt71VqtMQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c58346eee864de8-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 main.css
isecosmetic.com/css/ 84 KB
17 KB 19ms
19ms Stylesheet
text/css 2606:4700:3036::ac43:9f20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://isecosmetic.com/css/main.css
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:9f20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 732dad845d38401ffd6f812b344aefc05faac6291219c981000789d02bd9ab4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/wiki/Internet_Systems_Consortium
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Nov 2020 04:23:22 GMT
server: cloudflare
age: 359
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=umYcIeTrNRPDLKBAxBEqJ5FgFgOK5CfVfCC%2BMFZiouQQD0dS1KRx1w%2FxPFhHTKdVc6SqCPjBywubniYh2ZwOkVd%2BalPTnHWCrfWjHKz%2FB7yuHGgVzvHTPn5S10QLxBEEv637IjLci%2FHKetyfSLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c58346f39a45c32-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 85 KB
30 KB 50ms
7ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:01:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30306
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Dec 2022 22:01:18 GMT

GET
H2 200 / Show response
fastred.biz/ 20 KB
20 KB 75ms
26ms Script
application/javascript 51.15.15.73
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL

https://fastred.biz/?re=mvqwcm3ggy5ha3ddf43tkobu

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.15.15.73 Haarlem, Netherlands, ASN12876 (Online SAS, FR),

Reverse DNS

51-15-15-73.rev.poneytelecom.eu

Software

nginx /

Resource Hash

cb7553aa982d5250338c33229e7663b6c75e1aa36c000f2cfd8fe52747dbacde

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 03:32:29 GMT
server: nginx
content-security-policy: img-src https: data:; upgrade-insecure-requests
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=UTF-8

GET
H2 200 15199851-6836-457a-9ec7-2d1f710119a0.min.js Show response
cmp.optad360.io/items/ 497 B
831 B 102ms
46ms Script
application/javascript 2600:9000:2315:e600:6:b871:4f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.optad360.io/items/15199851-6836-457a-9ec7-2d1f710119a0.min.js
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:e600:6:b871:4f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 02:45:17 GMT
via: 1.1 672ccfdef8d96b8bfc26646386cb4488.cloudfront.net (CloudFront)
last-modified: Mon, 12 Apr 2021 08:54:56 GMT
server: AmazonS3
age: 2871
etag: "7acdc116a0830ba0aef5e087010246ba"
x-cache: Error from cloudfront
content-type: application/javascript
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 497
x-amz-cf-id: 1Hg1AsI8SF_6XsDxA9gRe3H0nsOrurnayjM_aFD4E_Sa2pX6nirx3A==

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/3aaca509-8b6b-4e7d-8e8b-2590d56460da/ 265 KB
57 KB 65ms
12ms Script
application/javascript 2600:9000:2156:a800:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/3aaca509-8b6b-4e7d-8e8b-2590d56460da/plugin.min.js
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:a800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c3e4d2500a800e6fdb5052aa7b6d5eb7cde55651831bed6f44cdde3ef6d494a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 02:37:02 GMT
content-encoding: gzip
last-modified: Mon, 27 Dec 2021 11:37:35 GMT
server: AmazonS3
age: 3366
etag: W/"a05818b3c2dfae83624a71f0efa99346"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: AKIHvgXTnqbKzakq7XYQ0T1Q6cnfLAJp2fBiN6TRu2qQBTjDmctOLQ==

GET
H3 200 wikipedia.png
isecosmetic.com/css/ 32 KB
33 KB 14ms
14ms Image
image/png 2606:4700:3036::ac43:9f20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://isecosmetic.com/css/wikipedia.png
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:9f20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3715c225e5ed1fb3a24aafa9436b6ea36aac9ef46414a9b7aaa7b288c4379077

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/wiki/Internet_Systems_Consortium
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 359
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 32726
last-modified: Fri, 06 Nov 2020 12:44:32 GMT
server: cloudflare
etag: 1b6c38a4f5e06294aa0d4373ed208652
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4qdyST6Y%2BIZcVNgO7%2FkwOM8hBxaHPiv1ie2NNXuoPDSAPd15KUKHJqj39FbWbDqx%2BUMJHX3%2BIJo7QDK%2BkUaI1z98rVvbI9rtvWbDceoC5o4CHY8RR%2BHtvZeRzUmSbO5IyrKuw4Q7oPJI9lATiXw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6c58346faa475c32-FRA

GET
H2 200 200px-Internet_Systems_Consortium_logo.png
upload.wikimedia.org/wikipedia/en/thumb/4/47/Internet_Systems_Consortium_logo.png/ 7 KB
8 KB 61ms
15ms Image
image/png 2620:0:862:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/en/thumb/4/47/Internet_Systems_Consortium_logo.png/200px-Internet_Systems_Consortium_logo.png

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/8.0.8 /

Resource Hash

3c61d645a6a75efd17b9c6889d99e2e63a3296c4a057809590622b1ae9234469

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 20:44:49 GMT
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 24498
x-cache-status: hit-local
x-cache: cp3063 hit, cp3065 miss
server-timing: cache;desc="hit-local", host;desc="cp3065"
content-length: 7613
x-client-ip: 2a0f:9441:5:0:e5::1
last-modified: Sat, 26 Sep 2020 11:31:00 GMT
server: ATS/8.0.8
etag: 55f447b382548028843e56ebdab9a889
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
permissions-policy: interest-cohort=()
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 300px-Internet_Hosts_Count_log.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Internet_Hosts_Count_log.svg/ 13 KB
14 KB 179ms
134ms Image
image/png 2620:0:862:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Internet_Hosts_Count_log.svg/300px-Internet_Hosts_Count_log.svg.png

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/8.0.8 /

Resource Hash

ae2bd2403ae920b407f625753234bee13dee6faf9cab1a88076e72ff09e7c58d

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 0
x-cache-status: miss
x-cache: cp3065 miss, cp3065 miss
server-timing: cache;desc="miss", host;desc="cp3065"
content-length: 13085
x-client-ip: 2a0f:9441:5:0:e5::1
last-modified: Fri, 15 Mar 2019 19:09:40 GMT
server: ATS/8.0.8
etag: c986fd7a0a42d041d642546dcd177703
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
permissions-policy: interest-cohort=()
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 email-decode.min.js Show response
isecosmetic.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3036::ac43:9f20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://isecosmetic.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::ac43:9f20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/wiki/Internet_Systems_Consortium
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 26 Dec 2021 13:15:20 GMT
server: cloudflare
etag: W/"61c86ae8-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pZwCfno5ewU6ATQtzayO3LCHW%2FDX2K1nAxeTDTGV2NhrGGqJXgb06BI4uJBOwuR9c2Dl5HeJmq5EfJJnPgfPOeKan3SnPEKvWnkAQ%2FsDuGjtNU1WoprqmtSHGzTcr5KyG4ssPsP2XqcjED5KUSI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c58346f59d35c32-FRA
vary: Accept-Encoding
expires: Sat, 01 Jan 2022 03:33:07 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?rhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;s1600*1200*24;uhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;hInternet%20Systems%20Consortium%2...
https://counter.yadro.ru/hit?q;rhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;s1600*1200*24;uhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;hInternet%20Systems%20Consortium...

43 B
528 B

45ms
45ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;rhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;s1600*1200*24;uhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;hInternet%20Systems%20Consortium%20-%20Internal%20sin%20-%20Wikipedia;0.5723464405528369

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

HTTP/1.1

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:19 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 29 Dec 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:19 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit?q;rhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;s1600*1200*24;uhttps%3A//isecosmetic.com/wiki/Internet_Systems_Consortium;hInternet%20Systems%20Consortium%20-%20Internal%20sin%20-%20Wikipedia;0.5723464405528369
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Tue, 29 Dec 2020 21:00:00 GMT

GET
H2 200 wikipedia-wordmark-en.svg
en.wikipedia.org/static/images/mobile/copyright/ 13 KB
5 KB 70ms
19ms Image
image/svg+xml 2620:0:862:ed1a::1
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://en.wikipedia.org/static/images/mobile/copyright/wikipedia-wordmark-en.svg

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::1 , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/8.0.8 /

Resource Hash

981a1871d0eca08fb5f3ed20197583cb8bad958567a102a3a52711f6650d46c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:09:37 GMT
content-encoding: gzip
vary: Accept-Encoding
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 30209
x-cache-status: hit-front
x-cache: cp3064 hit, cp3052 hit/1290839
server-timing: cache;desc="hit-front", host;desc="cp3052"
content-length: 4298
x-client-ip: 2a0f:9441:5:0:e5::1
last-modified: Mon, 20 Apr 2020 23:14:40 GMT
server: ATS/8.0.8
etag: W/"357b-5a3c110489394"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
permissions-policy: interest-cohort=()
accept-ranges: bytes
expires: Thu, 29 Dec 2022 15:52:33 GMT

GET
H2 200 wikimedia-button.png
en.wikipedia.org/static/images/footer/ 2 KB
2 KB 21ms
19ms Image
image/png 2620:0:862:ed1a::1
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://en.wikipedia.org/static/images/footer/wikimedia-button.png

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::1 , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/8.0.8 /

Resource Hash

47ecd5179d3181e8b8c00c404741692a81e251680eeb7da8f0accdfe49759672

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 14:00:35 GMT
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 48752
x-cache-status: hit-front
x-cache: cp3052 hit, cp3052 hit/504642
server-timing: cache;desc="hit-front", host;desc="cp3052"
content-length: 2360
x-client-ip: 2a0f:9441:5:0:e5::1
last-modified: Tue, 28 Jul 2020 11:34:07 GMT
server: ATS/8.0.8
etag: "938-5ab7ed12f4a89"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
permissions-policy: interest-cohort=()
accept-ranges: bytes
expires: Wed, 28 Dec 2022 14:48:33 GMT

GET
H2 200 poweredby_mediawiki_88x31.png
en.wikipedia.org/static/images/footer/ 2 KB
2 KB 20ms
19ms Image
image/png 2620:0:862:ed1a::1
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://en.wikipedia.org/static/images/footer/poweredby_mediawiki_88x31.png

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::1 , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/8.0.8 /

Resource Hash

309dcb99d4c39340ca3e8683a484f68f1bb8f0e07eb2237ab09829964b29276e

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 20:47:31 GMT
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 24335
x-cache-status: hit-front
x-cache: cp3060 hit, cp3052 hit/153596
server-timing: cache;desc="hit-front", host;desc="cp3052"
content-length: 2205
x-client-ip: 2a0f:9441:5:0:e5::1
last-modified: Wed, 31 Mar 2021 22:57:58 GMT
server: ATS/8.0.8
etag: "89d-5bedd0bcaede2"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
permissions-policy: interest-cohort=()
accept-ranges: bytes
expires: Wed, 28 Dec 2022 20:51:21 GMT

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8545f789d157443e285020e59d3ede5a7725a9ab6d03ebaa996ef57914d1685c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 52ms
24ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/3aaca509-8b6b-4e7d-8e8b-2590d56460da/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1086 / 342 of 1000 / last-modified: 1639397097"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26912
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 30 Dec 2021 03:33:07 GMT

GET
H2 200 prebid5.14.0.js Show response
get.optad360.io/sf/ 460 KB
142 KB 8ms
8ms Script
application/javascript 2600:9000:2156:a800:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/prebid5.14.0.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/3aaca509-8b6b-4e7d-8e8b-2590d56460da/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:a800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 06 Nov 2021 16:54:12 GMT
content-encoding: gzip
last-modified: Thu, 23 Sep 2021 07:59:54 GMT
server: AmazonS3
age: 4617536
etag: W/"6dd0a13bde35d2daa452bba998871016"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 3qADVLniQAyP-Vb9eVnruLyDKsdz7_tZoef2ijpEThSTLlcP_XuzgQ==

GET
H2

200

current.js Show response
cdn.veedmo-storage-2.com/cdn/player/v3/
Redirect Chain

https://cdn.veedmo-static.com/cdn/player/v2/current.js
https://cdn.veedmo-storage-2.com/cdn/player/v3/current.js?v=14

878 KB
295 KB

55ms
30ms

Script
application/javascript

2606:4700:3035::ac43:ce26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.veedmo-storage-2.com/cdn/player/v3/current.js?v=14
Protocol: H2
Server: 2606:4700:3035::ac43:ce26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4841bc08084ca302010ea5c1c849c8bd43a71f894c4f5d430b2d8ae3805ce056

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17787
cf-polished: origSize=899579
x-iplb-instance: 39399
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 27 Dec 2021 18:04:27 GMT
server: cloudflare
x-iplb-request-id: A29E58FE:66B6_894A7FB8:0050_61CCE2F8_4CA8372:2A036
etag: W/"61ca002b-db9fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gqu0Y7H%2BPsbcMijsdAQ3PNxfEDvnPhcli%2ByFVdMhoTK3JCpzhv%2ByHuKe6dW%2FKwhTKlGUYQFr4yT4DA%2FZD%2BJm5elvrmUsw%2FGH9uHGJzoBl9S%2F1R%2Bbw0krM8QzcTn9q1wSuInTk1pZpk7hmF2%2FcUYeofxxf4FT0Gw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
expires: Thu, 30 Dec 2021 04:36:40 GMT
cache-control: max-age=21600
access-control-allow-credentials: true
cf-ray: 6c583471afbe4333-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
cf-bgj: minify

Redirect headers

x-77-pop: frankfurtDE
date: Thu, 30 Dec 2021 03:33:07 GMT
x-iplb-instance: 39398
x-77-cache: HIT
x-cache: HIT
x-age: 2954
alt-svc: quic="195.181.175.53:443"; ma=2592000; v="44,43,39"
content-length: 178
x-77-nzt: AcO1rzV/SXD/igsAAA==
x-accel-expires: @1640839433
server: CDN77-Turbo
x-iplb-request-id: C3B5AF37:8A0A_894A7FB8:01BB_61CD1CE9_4D5AC38:4B55
x-77-nzt-ray: kDrnoR18hvA=
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html
location: https://cdn.veedmo-storage-2.com/cdn/player/v3/current.js?v=14
cache-control: public, max-age=600, s-maxage=7200
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 30ms
13ms XHR
application/json 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20211230

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e464945c8fbe2d4e4c6ffa4521bfe712189c765442dd62aa39eea5d0ac2a456

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1915
x-jsd-version: 1.0.1206
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19164-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"698-A2u0q2lSln0umI6SawSrm/P+zQw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6c5834716cfb4e4a-FRA

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
938 B 42ms
17ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2046626
x-amz-request-id: tx002dec70dafe483ba85bc-0061adedd1
x-amz-id-2: tx002dec70dafe483ba85bc-0061adedd1
last-modified: Mon, 06 Dec 2021 11:00:36 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1LvPd3LL57jZaA54MdC5pbleDgyCzcyek8k4sfRDD0Q13%2FZGb3LpeN3iyGSsdif4ylp7YUX66%2F6zTWAtnWa8U76Jged9QyROgGfDvvy1ALYDd%2Bnx6sbW8aC6SjZ1Ghqdv9hfMog90AgHTMpj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1638788436623244
cf-ray: 6c583471780d6997-FRA

POST
H2 204 / Show response
ssp.wp.pl/bidder/ 0
17 B 108ms
34ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?cs=true&bdver=5.0&pbver=5.14.0&inver=0
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
access-control-allow-credentials: true
server: nginx
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
vary: Origin
accept-ch-lifetime: 604800

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 10 KB
5 KB 110ms
87ms XHR
application/json 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

de3594db2833ba89ab7bf35cf35488ad5321c24aa8817fdae2ff247527edbdcb

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 03:33:07 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: cc1ab04f-df0e-4f82-8540-f141bac0a5aa
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
346 B 293ms
94ms XHR
text/plain 147.75.61.140
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 1
vary: origin, Accept-Encoding

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
177 B 53ms
13ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 / Show response
ssp.wp.pl/bidder/ 0
173 B 103ms
33ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?cs=true&bdver=5.0&pbver=5.14.0&inver=0
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
access-control-allow-credentials: true
server: nginx
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
vary: Origin
accept-ch-lifetime: 604800

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 10 KB
5 KB 109ms
90ms XHR
application/json 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b045287a016be2002049a4ca393e13d9de9855e64de840ec716da106fbea296e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 03:33:07 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: dc2dc8c0-49b3-481c-94ca-4647d6a5c808
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
202 B 290ms
95ms XHR
text/plain 147.75.61.140
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 1
vary: origin, Accept-Encoding

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
177 B 51ms
14ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
177 B 48ms
14ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
206 B 478ms
285ms XHR
text/plain 147.75.61.140
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 186
vary: origin, Accept-Encoding

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 12 KB
6 KB 99ms
84ms XHR
application/json 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

5cf6caa7c9b811beacfb31b4862949e0b7d690ab1bdcf3c6e9707c7a05116436

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 03:33:07 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 19cb59d7-a073-4c00-8198-8594bcfc0111
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 / Show response
ssp.wp.pl/bidder/ 0
17 B 98ms
34ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?cs=true&bdver=5.0&pbver=5.14.0&inver=0
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
access-control-allow-credentials: true
server: nginx
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
vary: Origin
accept-ch-lifetime: 604800

POST
H2 204 / Show response
ssp.wp.pl/bidder/ 0
17 B 98ms
35ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?cs=true&bdver=5.0&pbver=5.14.0&inver=0
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
access-control-allow-credentials: true
server: nginx
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
vary: Origin
accept-ch-lifetime: 604800

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 10 KB
5 KB 105ms
92ms XHR
application/json 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

5df467e8d8bf55ac51b4f3503fcae6249047cd76872196635655ece8c8916477

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 03:33:07 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 14fc29a9-eb49-4559-b661-10dfeede91ce
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
202 B 284ms
95ms XHR
text/plain 147.75.61.140
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 1
vary: origin, Accept-Encoding

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
177 B 45ms
14ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:07 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H3 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 32ms
18ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 30 Dec 2021 03:33:07 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 72 B
97 B 30ms
16ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=isecosmetic.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

1b9a43101803a1f2fa8e9c14a3d0e432a3357a915b6438fb689360374b34ff5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72
x-xss-protection: 0
expires: Thu, 30 Dec 2021 03:33:07 GMT

GET
H2 200 adagio.js Show response
script.4dex.io/ 71 KB
23 KB 30ms
16ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb04b94656de1350a1fe252e640d692b44f9501188d48c01884d6962bea38913

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 226339
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx8ba26e70bd89411e9aeb7-0061c9a58a
x-amz-id-2: tx8ba26e70bd89411e9aeb7-0061c9a58a
last-modified: Mon, 06 Dec 2021 11:00:35 GMT
server: cloudflare
etag: W/"d56fadf5a52703aee9982c415a17065a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QTBTNPqUvk%2BxlL1KRc4LgSP1INCEs7paMYHOuuI%2F%2BsOKbMQIwWvffXNAxrq486NEQ8ULTzKZJvUjFq4SV%2BZ529RZNSczFKGHur9bdgrFqE93YMJeRI4xKmXd7mYqhHEmb%2BKkVW2zxP%2FVEdAg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1638788435319991
cf-ray: 6c583471ac376921-FRA
access-control-allow-headers: Authorization

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 375 KB
124 KB 55ms
14ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cdn.veedmo-static.com
URL: https://cdn.veedmo-static.com/cdn/player/v2/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126523
x-xss-protection: 0
expires: Thu, 30 Dec 2021 03:33:07 GMT

OPTIONS
H/1.1 204
No Content s
ares.veedmo.com/o/ Frame 0
0 190ms
77ms Preflight 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://isecosmetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 30 Dec 2021 03:33:07 GMT
Content-Length: 0
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains max-age=15768000
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: https://isecosmetic.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2873_4D6EF46:2A037
X-IPLB-Instance: 39399

POST
H/1.1 200
OK s
ares.veedmo.com/o/ 2 B
0 73ms
70ms Fetch
text/html 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Requested by

Host: cdn.veedmo-static.com
URL: https://cdn.veedmo-static.com/cdn/player/v2/current.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Dec 2021 03:33:07 GMT
X-Content-Type-Options: nosniff
X-IPLB-Instance: 39399
X-DNS-Prefetch-Control: off
Vary: Origin
Content-Length: 2
X-XSS-Protection: 1; mode=block
Server: nginx/1.18.0 (Ubuntu)
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2873_4D6EF4B:2A037
X-Frame-Options: SAMEORIGIN
ETag: W/"2-eoX0dku9ba8cNUXvu/DyeabcC+s"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains, max-age=15768000
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store

GET
H2 206 bio_diversity_protects_life.mp4
get.optad360.io/video/ 64 KB
0 8ms
8ms Media
video/mp4 2600:9000:2156:a800:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/video/bio_diversity_protects_life.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:a800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://isecosmetic.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 06 Oct 2021 07:25:19 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 10:40:36 GMT
server: AmazonS3
age: 7330069
etag: "0538cd08a593387db670eee4176f6e26"
x-cache: Hit from cloudfront
content-type: video/mp4
Content-Range: bytes 0-4054554/4054555
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
Content-Length: 4054555
x-amz-cf-id: oH2shVFVxokqyVrWLadcGvU-hDTE2_g10K7M4PA-sw2z_Zc9jTdRlw==

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Referer
Origin: https://isecosmetic.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 79AC 598 KB
194 KB 23ms
8ms Document
text/html 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Wed, 29 Dec 2021 05:10:28 GMT
expires: Thu, 29 Dec 2022 05:10:28 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 80559
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 81ms
55ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 03:33:07 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 56ms
30ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=isecosmetic.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 48 KB
12 KB 466ms
466ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=604139616722378&correlator=1355502784111301&output=ldjh&impl=fif&eid=44752541%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=121764058%3A22654470044%2Cisecosmetic.com%2Cisecosmetic.com_o3b_display_am_o3b_S1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C336x280%7C360x300&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x250%26hb_pb_appnexus%3D0.05%26hb_adid_appnexus%3D34cc64ea03c4e29%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.05%26hb_adid%3D34cc64ea03c4e29%26hb_bidder%3Dappnexus&cookie_enabled=1&bc=31&abxe=1&lmt=1640835187&dt=1640835187754&dlt=1640835187059&idt=452&frm=20&biw=1600&bih=1200&oid=2&adxs=640&adys=1318&adks=4023956002&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=1196167228.1640835188&ga_sid=1640835188&ga_hid=560614065&ga_fc=false&fws=644&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

0e54a084222055cc47f4a8c385b5abd8a06a70fb55587d75ad762e1e9a201d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11923
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://isecosmetic.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 60ms
19ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

222d5fb2a34e188d9881a19d925052ce150ec96ce81bf316b36000a6a8ca8bfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8472
x-xss-protection: 0

GET
H2 200 container.html Show response
633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8812 6 KB
4 KB 117ms
44ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 30 Dec 2021 03:33:07 GMT
expires: Fri, 30 Dec 2022 03:33:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
12 KB 722ms
722ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=604139616722378&correlator=1355502784111301&output=ldjh&impl=fif&eid=44752541%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=121764058%3A22654470044%2Cisecosmetic.com%2Cisecosmetic.com_o3b_display_am_o3b_ATF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1000x100%7C970x250%7C970x300%7C970x90%7C750x300%7C750x200%7C750x100%7C728x90%7C700x300%7C700x200%7C700x100%7C640x90%7C640x180%7C580x400&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.04%26hb_adid_appnexus%3D36acc735db1c45a%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.04%26hb_adid%3D36acc735db1c45a%26hb_bidder%3Dappnexus&cookie_enabled=1&bc=31&abxe=1&lmt=1640835187&dt=1640835187774&dlt=1640835187059&idt=452&frm=20&biw=1600&bih=1200&oid=2&adxs=300&adys=131&adks=1093461533&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=1000x0&ga_vid=1196167228.1640835188&ga_sid=1640835188&ga_hid=560614065&ga_fc=false&fws=644&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

622097ac49b5868e4dff2f1f3090dfa8a10ba37465954e147314e0c4c3cf0271

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11894
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://isecosmetic.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 962ms
960ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=604139616722378&correlator=1355502784111301&output=ldjh&impl=fif&eid=44752541%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=121764058%3A22654470044%2Cisecosmetic.com%2Cisecosmetic.com_o3b_display_sf_o3b&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.04%26hb_adid_appnexus%3D358d2ddd8d24d4c%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.04%26hb_adid%3D358d2ddd8d24d4c%26hb_bidder%3Dappnexus&cookie_enabled=1&bc=31&abxe=1&lmt=1640835187&dt=1640835187785&dlt=1640835187059&idt=452&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=1200&adks=902498057&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=728x-1&ga_vid=1196167228.1640835188&ga_sid=1640835188&ga_hid=560614065&ga_fc=false&fws=644&ohw=1600&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

493637dea9987a10083bec71cf32d360a31dcb6eb38c8110638e1fab30be1a9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10287
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://isecosmetic.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 421A 37 KB
13 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 02:58:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2084
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 03:58:23 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 54ms
27ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Thu, 30 Dec 2021 03:33:07 GMT

GET
H2 206 bio_diversity_protects_life.mp4
get.optad360.io/video/ 64 KB
0 11ms
9ms Media
video/mp4 2600:9000:2156:a800:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/video/bio_diversity_protects_life.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:a800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://isecosmetic.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=65536-

Response headers

date: Tue, 18 May 2021 16:33:52 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 10:40:36 GMT
server: AmazonS3
age: 19479556
etag: "0538cd08a593387db670eee4176f6e26"
x-cache: Hit from cloudfront
content-type: video/mp4
Content-Range: bytes 65536-4054554/4054555
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
Content-Length: 3989019
x-amz-cf-id: b7FGmyKC9FGjHdXepsU7jaSsdrL0Uww4-nIlRT529cGbB0LoceFAHA==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
538 B 18ms
18ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=isecosmetic.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 36ms
17ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=isecosmetic.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 79 KB
23 KB 1263ms
1262ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=604139616722378&correlator=1355502784111301&output=ldjh&impl=fif&eid=44752541%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=121764058%3A22654470044%2Cisecosmetic.com%2Cisecosmetic.com_o3b_display_am_o3b_BTF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1000x100%7C970x250%7C970x300%7C970x90%7C750x300%7C750x200%7C750x100%7C728x90%7C700x300%7C700x200%7C700x100%7C640x90%7C640x180%7C580x400&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D3387db78032cfac%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D3387db78032cfac%26hb_bidder%3Dappnexus&cookie_enabled=1&bc=31&abxe=1&lmt=1640835187&dt=1640835187925&dlt=1640835187059&idt=452&frm=20&biw=1600&bih=1200&oid=2&adxs=300&adys=2484&adks=2767310681&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=1000x0&ga_vid=1196167228.1640835188&ga_sid=1640835188&ga_hid=560614065&ga_fc=false&fws=644&ohw=1600&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

2bef169bbdd472d68aa7d090b4604481a286f222a0552801bb59d2e8650b4487

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23444
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://isecosmetic.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 79AC 17 KB
2 KB 73ms
73ms XHR
text/xml 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F121764058%2C22654470044%2Fisecosmetic.com%2Fisecosmetic.com_o3b_instream_veedmo_o3b&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&description_url=https%3A%2F%2Fisecosmetic.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vmap1&unviewed_position_start=1&env=vp&nofb=1&vpa=auto&osd=2&frm=0&vis=1&sdr=1&is_amp=0&ad_rule=1&allcues=15000%2C30000&vid_d=92&vpmute=0&sdkv=h.3.493.0&hl=en&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=44d&adk=2931021707&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&media_url=https%3A%2F%2Fget.optad360.io%2Fvideo%2Fbio_diversity_protects_life.mp4&sid=FA345639-68C5-4DAE-95F3-B4186BE6894B&nel=1&eid=44750604%2C44750822%2C44752657&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&dt=1640835187933&cookie_enabled=1&correlator=4227452929683429&scor=2435778199414097&ged=ve4_td1_tt0_pd1_la1000_er1073.49.1225.349_vi0.0.1200.1600_vp84_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

885ab49b1a6e155bc3827777a8982f932765d86f6cd913322cea9b5807c207b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1217
x-xss-protection: 0
google-lineitem-id: 0
pragma: no-cache
server: cafe
google-creative-id: 0
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0C3E 13 KB
5 KB 24ms
7ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Wed, 29 Dec 2021 23:03:35 GMT
expires: Thu, 29 Dec 2022 23:03:35 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 16172
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 035F 783 B
1 KB 37ms
16ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

71c2c7c95dd715806dfe44bc55020548bf46a9493f95408206617ed4e30d3d7d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-acFiGGo2sARFK/jNic3Hug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 30 Dec 2021 03:33:07 GMT
date: Thu, 30 Dec 2021 03:33:07 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-acFiGGo2sARFK/jNic3Hug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C3E 35 KB
13 KB 41ms
16ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 19:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Dec 2022 19:52:30 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 035F 0
0 44ms
31ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=604139616722378&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 79AC 70 KB
14 KB 304ms
303ms XHR
text/xml 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?slotname=%2F121764058%2Fisecosmetic.com%2Fisecosmetic.com_o3b_instream_veedmo_o3b&sz=400x300&ciu_szs&cust_params&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&unviewed_position_start=1&output=xml_vast4&env=vp&gdfp_req=1&ad_rule=0&video_url_to_fetch=https%3A%2F%2Fisecosmetic.com&useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.93%20Safari%2F537.36%2Cgzip(gfe)&vad_type=linear&vpos=preroll&pod=1&ppos=1&min_ad_duration=0&max_ad_duration=3600000&vrid=1267815&sid=FA345639-68C5-4DAE-95F3-B4186BE6894B&adk=2931021707&cookie_enabled=1&correlator=4227452929683429&dt=1640835188024&ged=ve4_td1_tt0_pd1_la1000_er1073.49.1173.226_vi0.0.1200.1600_vp100_ts0_eb24171&is_amp=0&npa=false&omid_p=Google1%2Fh.3.493.0&osd=2&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&scor=2435778199414097&sdk_apis=2%2C7%2C8&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&vis=1&u_so=l&eid=44750604%2C44750822%2C44752657&hl=en&frm=0&allcues=15000%2C30000&media_url=https%3A%2F%2Fget.optad360.io%2Fvideo%2Fbio_diversity_protects_life.mp4&mpt=videojs-ima&mpv=1.11.0&sdki=44d&sdkv=h.3.493.0&sdr=1&vid_d=92&vpa=auto&vpmute=0&nel=1&cnc=22654470044&nofb=true&kfa=0&tfcd=0&ctv=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

8b4f6b760aaa4e512a23b22942601658649f04dce75f38351a11be9794e2b65c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14622
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=604139616722378&bg=!LS6lLmrNAAZKWFskSlg7ACkAdvg8Wpns8EHzP03ZW9kQw3ntJ1HEltSTmExo3h7cXDGpDoopyoidnwIAAABMUgAAAAZoAQeZAqdC-nT1_YhvJlbmFIoandiGjSu1r6j9scep9wFcMd3n757QD-vii5-erJO_CajefUfTmruYHAx6a2OYCEl58ZgT1TQIHAd2gzEudfCyuFO-S6Va5h91SrOe8dRxtd_X_LYfl6DCob-CdX5AVQ5r_40qNH0hrb2CeHKLVkO18NDNsP4i7UAsgkkrtBpnDGGQgazS6JSs4w8FRMWMiXwHmnLHYfeTQE1qZhk8hDHy-2UWVX9-XRjYuNwnCmzNi1aPUbiRUzWAYOLMtNp9KX7WqxTgVSg_gk6vMabJ2NkhnD-2RfrYclWBPUBS8n6S_LES7Bo_y016sWwY_OiQc6Jg8LfvTT6ph1JTw1zlc7LI7OBM2VDyik-xVzvgH5m4pNCoUX6bxLlWLEZF5dWhLsMxFQyWKo96a2ljTkUwmbtMKhcr5070dMNPAgz4cZoxdHfsvXRqDyVXstcDSrHcac_UF-lTri8EpbVDr-gT3ScWvspXd8p70Q2rx3B2WTBcA4sMeTsPIZbmtjxs87u_GPpZ58P7EciiEWnC2t8vHnqGDbT7IAZ-NEYz5rnu-IiuY0mk1La4YPBAMT4g3TAh8U-djLY32LkzpZQlmISRjQyj_0SN-BMnHdT78r-iJtC9qWdmsiTHfgCG3DcIp3i0Vk2opjW_aIPkIgiHrCT-fehwuGHunErfBOpUlNS7nRzl1XIl_E25JwabJB-PrL4VkAOEILCUFZTuB7AJf-JoiwvsQdsNtOjzvKtOK-qwTWOqJqiTX7bS3LY6iS30hUIQdnKKVRAKZOo39qR6qsujIDLE9X5kPEhnebX7gvLxGv-TuRwjU7OONsAmK1_U5NIUz4M0otb5giCii5fvxHITOhfSjOA-kUkhTNO6LSIY0z_60mn1ucoXy14g0cn6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame A7E1 189 KB
55 KB 37ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame A7E1 13 KB
5 KB 46ms
16ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame A7E1 89 KB
28 KB 47ms
16ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame A7E1 5 KB
2 KB 50ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame A7E1 40 KB
13 KB 51ms
21ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A7E1 4 KB
1 KB 37ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76f754050e2c29ed1ee0e170536af6dfb5b48721068bc9fe786633289b024272

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 02:09:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 03:33:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 03:33:08 GMT

GET
H3 200 th.png
tpc.googlesyndication.com/pagead/images/abg/ Frame A7E1 3 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/th.png

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cad58f215d074424bf4b9310a814d9ea51931235a3afe31ee2e69c58e8f75bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 18:21:39 GMT
x-content-type-options: nosniff
server: cafe
age: 33089
etag: 12800268860518071124
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3306
x-xss-protection: 0
expires: Thu, 30 Dec 2021 18:21:39 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame A7E1 344 B
368 B 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 16:59:05 GMT
x-content-type-options: nosniff
server: cafe
age: 38043
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Thu, 30 Dec 2021 16:59:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A7E1 0
0 30ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR8Eot5wAwIYXwZBaW3_bbugWHlT_K6jhUpo2bbWZcm_rH3J856wH7DKo816VCF37Pyjv1Z0PApa64JeTZSGXUmBa1ZYw
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A7E1 0
0 51ms
50ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLSB8cyjNYdLSMY_-3wOe7rMInP6JzmbgtcvzqA_0kMj7mgIQASCqgMMiYJWKiY6wB6ABxbmu4APIAQngAgCoAwHIAwqqBIwCT9DpdLoETL2cOK78Wv485NFyDIkDhzNB4y5cBOvsV2nyNcPZh9Di_aPKaFdPnPF0xARwsEv2ia7m-dxeOKlhCexpzS4V5A2_mHRhQ740SkE-2qF_1cMJu_4Uh5-9G-7ofSbIUSS9aEokvDRNlluG5F_XD4WQ2mYAlyr8l7NTmQM8fYSe3S6dEb-AjEYEDmgHuyVwacC0wNYLOfeAMykyiaRhy9VwnTenzgt0vThjYqyEo6BzC2Wp4ReaoFrbnSm1MrjXz7R-hUMreVXsoEiLtxFsvMAKu_8m0D6z4O6tIMhcnsNO6GbGp28t9jmZoFEIf7fVO_l81Dj9WFSjEMXHhT1vj46YQ5nzfV1YjMAEo935lu8D4AQBkgUECAQYAZIFBAgFGASgBi6AB6zVrLIBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQoooN0ggJCIjhgBAQARgdgAoDyAsB2BMN0BUBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=Afkj60tJQ4Y&uach_m=[UACH]&template_id=484&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3599569736862559161/ Frame A7E1 21 KB
21 KB 10ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3599569736862559161/downsize_200k_v1?w=400&h=209

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86e22993fb9eefb8b86a9514b0eea64237e066343129b11d2bdd3ad9fd54b9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 12:54:46 GMT
x-content-type-options: nosniff
age: 52702
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21904
x-xss-protection: 0
last-modified: Fri, 19 Nov 2021 14:03:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 12:54:46 GMT

GET
DATA 200
OK truncated
/ Frame A7E1 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A7E1 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b8dbf934234bae6d5494d7d4e3be47fbc5b9a38677dba0c99e42eb8edb79a56

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame A7E1 15 KB
16 KB 28ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://isecosmetic.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 17:58:32 GMT
x-content-type-options: nosniff
age: 34476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 17:58:32 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame A7E1 15 KB
15 KB 29ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://isecosmetic.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 482000
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:39:48 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 79AC 0
327 B 126ms
42ms Ping
image/gif 2a00:1450:4010:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kxsewluq&c=2726634552823&slotId=1363317276411.5&qqid=CPmZlLTLivUCFUpW4AodrHkNxQ&gqid=dCjNYc-HAv6ix_AP4_yDoAU&fb=ima_html5-lima&sdkv=h.3.493.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&ghmsh_eids=44750604%2C44750822%2C44752657&met.4=ghmsh_s.kxsewm8u~ghmsh_s.kxsewm8v&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=dNSKbz8IM2jVyw07
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4010:c01::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 79AC 453 B
478 B 8ms
7ms Image
image/png 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-2382012522979108

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:17:08 GMT
x-content-type-options: nosniff
age: 960
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Dec 2021 04:07:08 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
536 B 41ms
18ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CCewDdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHbEJ6EOIgJpnyg6ACgOYCwHICwHQCw64DAHYEwzQFQHiFgIIAYAXAQ&sigh=AdSM-kpWM6I&label=show_ad&acvw=&sdkv=h.3.493.0&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUh0QDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25QABgB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame 79AC 0
0 43ms
42ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=C9n7wdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEJ2mFqgIAdIICQiA4YAQEAEYHYAKA8gLAcITBhjnt6CVA9gTDNAVAeIWAggBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=F7ALQRXmGgM&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&vt=10&sdkv=h.3.493.0&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUh0QDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25QABgB
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 79AC 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 204 csi
csi.gstatic.com/ 0
45 B 72ms
42ms Ping
image/gif 2a00:1450:4010:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&top=1&puid=1~kxsewloy&c=2726634552823&slotId=1363317276411.5&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4010:c01::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 79AC 0
20 B 39ms
38ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=start&format=TRUEVIEW&lid=143&sdkv=h.3.493.0&e=44750604%2C44750822%2C44752657&id=ima_html5&c=2452837210116983&domain=isecosmetic.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

206
Partial Content

videoplayback
rr5---sn-4g5ednse.googlevideo.com/
Redirect Chain

https://rr5---sn-4g5lzner.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYeKnEZmox_APovmZiAQ&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&mh=4T&mm=31&mn=sn-4g5...
https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYeKnEZmox_APovmZiAQ&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&cti...

2 MB
2 MB

131ms
67ms

Media
video/mp4

2a00:1450:4001:69::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYeKnEZmox_APovmZiAQ&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.952&lmt=1638081469401369&txp=5432432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAMefAwu6ojvRxtDb6-UhLPp2CwhVgtOuAciN8Bn1AeOjAiEAzWoxnCZIrg3wl6A6Yi1OAAuEbRe7CjK3hPj7bGdmqzo=&cpn=dNSKbz8IM2jVyw07&redirect_counter=1&rm=sn-4g5ekr76&req_id=14cf97594d4236e2&cms_redirect=yes&ipbypass=yes&mh=4T&mip=2a0f:9441:5:0:e5::1&mm=31&mn=sn-4g5ednse&ms=au&mt=1640834954&mv=m&mvi=5&pl=48&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgbCxooXmn4ywUEaaYZQsv9X7QiKT8p7uABQc_YeBlB-QCIF7UDEWc_gLxGC_umKA4RpIovPgRekOXqDlXpWo66UpA

Protocol

HTTP/1.1

Server

2a00:1450:4001:69::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

078414f10a56e5f7d1cbf10bdf9f4bd8c9c399d3b6b44402445b0355af22670c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:08 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 28 Nov 2021 06:37:49 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-2262578/2262579
Cache-Control: private, max-age=28500
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2262579
Expires: Thu, 30 Dec 2021 03:33:08 GMT

Redirect headers

Date: Thu, 30 Dec 2021 03:33:08 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/html
Location: https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYeKnEZmox_APovmZiAQ&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.952&lmt=1638081469401369&txp=5432432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAMefAwu6ojvRxtDb6-UhLPp2CwhVgtOuAciN8Bn1AeOjAiEAzWoxnCZIrg3wl6A6Yi1OAAuEbRe7CjK3hPj7bGdmqzo=&cpn=dNSKbz8IM2jVyw07&redirect_counter=1&rm=sn-4g5ekr76&req_id=14cf97594d4236e2&cms_redirect=yes&ipbypass=yes&mh=4T&mip=2a0f:9441:5:0:e5::1&mm=31&mn=sn-4g5ednse&ms=au&mt=1640834954&mv=m&mvi=5&pl=48&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgbCxooXmn4ywUEaaYZQsv9X7QiKT8p7uABQc_YeBlB-QCIF7UDEWc_gLxGC_umKA4RpIovPgRekOXqDlXpWo66UpA
Cache-Control: private, max-age=900
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Content-Length: 0
Expires: Thu, 30 Dec 2021 03:33:08 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 79AC 70 KB
14 KB 246ms
246ms XHR
text/xml 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?slotname=%2F121764058%2Fisecosmetic.com%2Fisecosmetic.com_o3b_instream_veedmo_o3b&sz=400x300&ciu_szs&cust_params&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&unviewed_position_start=1&output=xml_vast4&env=vp&gdfp_req=1&ad_rule=0&video_url_to_fetch=https%3A%2F%2Fisecosmetic.com&useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.93%20Safari%2F537.36%2Cgzip(gfe)&vad_type=linear&vpos=preroll&pod=1&ppos=2&lip=true&min_ad_duration=0&max_ad_duration=3600000&vrid=1267815&sid=FA345639-68C5-4DAE-95F3-B4186BE6894B&adk=2931021707&cookie_enabled=1&correlator=4227452929683429&dt=1640835188473&ged=ve4_td1_tt0_pd1_la1000_er1073.49.1173.226_vi0.0.1200.1600_vp100_ts0_eb24171&is_amp=0&npa=false&omid_p=Google1%2Fh.3.493.0&osd=2&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&scor=2435778199414097&sdk_apis=2%2C7%2C8&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&vis=1&u_so=l&eid=44750604%2C44750822%2C44752657&hl=en&frm=0&allcues=15000%2C30000&media_url=https%3A%2F%2Fget.optad360.io%2Fvideo%2Fbio_diversity_protects_life.mp4&mpt=videojs-ima&mpv=1.11.0&sdki=44d&sdkv=h.3.493.0&sdr=1&vid_d=92&vpa=auto&vpmute=0&nel=1&cnc=22654470044&nofb=true&kfa=0&tfcd=0&ctv=0&cookie=ID%3D0e897a1801400a32%3AT%3D1640835188%3AS%3DALNI_MZ0l4v7cp6Vn39_mf0D5kfhfaGLbw

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

23e78a4b8f590067a0906a71d65d2cbe116b8b4682a6a641e086ffcef8c55e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14676
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame FBAC 189 KB
54 KB 25ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame FBAC 13 KB
5 KB 33ms
18ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame FBAC 89 KB
28 KB 34ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame FBAC 5 KB
2 KB 35ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame FBAC 40 KB
13 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame FBAC 3 KB
579 B 30ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 01:47:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 03:33:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 03:33:08 GMT

GET
H3 200 th.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FBAC 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/th.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cad58f215d074424bf4b9310a814d9ea51931235a3afe31ee2e69c58e8f75bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 18:21:39 GMT
x-content-type-options: nosniff
server: cafe
age: 33089
etag: 12800268860518071124
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3306
x-xss-protection: 0
expires: Thu, 30 Dec 2021 18:21:39 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FBAC 344 B
368 B 7ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 16:59:05 GMT
x-content-type-options: nosniff
server: cafe
age: 38043
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Thu, 30 Dec 2021 16:59:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FBAC 0
0 14ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS-ovstv1URP9nxyy4ODTS3oCzdmyeq52kRVwfPBiY__ExwzJLDZIA6tjZj_r5ABLcrNK8mHVX5I_h5HYiXK5CU4qtzNA
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FBAC 0
0 47ms
47ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CmNPtdCjNYeTIDNL03wPZ95v4DdnP2vVgnbmEloUNwI23ARABIKqAwyJglYqJjrAHoAHYncW9AsgBAakC7Pr2byYOsz7gAgCoAwHIAwqqBLwCT9DDNyrMQpaU4w85jxElU2CHvZQHCOPkfnMWV-BlThDckqjfoa7ce7e8crs17CNwesuEGvdFxWzfyoiRzphyBubkjmrtnG0AoRA_YRoMI7wJro9kpt-h-CNXG1mTYKBHYWK4Xn5o6F9FQVDbF-KnDXqk_7Y9yJc3ASQRbRrGZoOkT3WvcyPZc64DGf8Qhrl6DnWk4ALoHH3-0dK2SMmBRNyjq9jHp51jur_m4_Qbr3RdZe-hK9NPcKoFCjPkVl778JN2aAl4-p3s2Ai2sdUDZukbHFrm5wXWWGtwpJWU3nk0wLI4CeB4gnNDn1scbk8NEgwba_9gOOZDCVa_m3Td2Q0QpLE1qhWn3_3BWGkR1bIU_TGjZBUVAe9B52f2TJWQ01KBOcjvbIK1r2ENEn1i0W1P0DAMqtEKY3Qkn8AEn8uRi6sD4AQBkgUECAQYAZIFBAgFGASgBlGAB5DiusIBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQoKMT0ggJCIjhgBAQARgdgAoDyAsB2BMN0BUBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=NDYndhPR4I0&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame FBAC 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ddb2bac1c0cfcbe9d7ab0a96070cc2581f1de8c1d570b392b409c36775be7880

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame FBAC 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://isecosmetic.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:17:51 GMT
x-content-type-options: nosniff
age: 483317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:17:51 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame FBAC 21 KB
21 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://isecosmetic.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 18:21:26 GMT
x-content-type-options: nosniff
age: 205902
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 27 Dec 2022 18:21:26 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame FBAC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

53ms
39ms

Image
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H3
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 th.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FBAC 3 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/th.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cad58f215d074424bf4b9310a814d9ea51931235a3afe31ee2e69c58e8f75bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 18:21:39 GMT
x-content-type-options: nosniff
server: cafe
age: 33089
etag: 12800268860518071124
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3306
x-xss-protection: 0
expires: Thu, 30 Dec 2021 18:21:39 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FBAC 344 B
368 B 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 16:59:05 GMT
x-content-type-options: nosniff
server: cafe
age: 38043
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Thu, 30 Dec 2021 16:59:05 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 18ms
18ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CCewDdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHbEJ6EOIgJpnyg6ACgOYCwHICwHQCw64DAHYEwzQFQHiFgIIAYAXAQ&sigh=AdSM-kpWM6I&label=video_ad_loaded&acvw=&sdkv=h.3.493.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25InQJQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Oy6hyfNY.js Show response
tpc.googlesyndication.com/sodar/ Frame 79AC 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:14:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 483547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15406
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 24 Dec 2022 13:14:01 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame 79AC 0
0 49ms
48ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=C9n7wdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEJ2mFqgIAdIICQiA4YAQEAEYHYAKA8gLAcITBhjnt6CVA9gTDNAVAeIWAggBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=F7ALQRXmGgM&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&sdkv=h.3.493.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 18ms
18ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cul_UdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=Wi5NUM6emfg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=vast_creativeview&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D15882%26vmtime%3D-1%26is%3D275%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1019%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1640835188470&sdkv=h.3.493.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25InQJQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 79AC 42 B
64 B 45ms
44ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsswvq9jUG5spweCNbeTSCZhclHCYgUXv3yk7O1vFsMnAra4UjN8CHDdE4HK-V3J_mQc_WHelF0YUcifQ3L4AmGgD6l1cAEqb30zqppsGtIE5T_qQNaTNLm7J3wBhlgXib8Q4A6RXMLvEvAG&sai=AMfl-YQ86eiB8NtJVUT7MJeXv2x2bxLawmSwdw3NpioZDTPRdudLfAHGWHomIIXU0OpAhu2rP4qP_kRlQJP5GU0OEtPbBMTOcDT0e6SsIx6l0kjqx4ETW2O3rjc4Ozs&sig=Cg0ArKJSzCsgGsZK-aUyEAE&cid=CAASF-RoAKAG7EOBbFttE3HWpoXazaBGLBGW&id=lidarv&acvw=sv%3D914%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D15882%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1020%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1640835188470&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 20ms
20ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cul_UdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=Wi5NUM6emfg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=part2viewed&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D15882%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1022%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1640835188470&sdkv=h.3.493.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25InQJQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 79AC 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=showui&format=TRUEVIEW&lid=143&sdkv=h.3.493.0&e=44750604%2C44750822%2C44752657&id=ima_html5&c=2452837210116983&domain=isecosmetic.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 20ms
20ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cul_UdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=Wi5NUM6emfg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=admute&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D16,0,0,0,0%26mtos%3D16,16,16,16,16%26amtos%3D0,0,0,0,0%26mcvt%3D16%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D16%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D16%26pst%3D-1%26dur%3D15882%26vmtime%3D-1%26dvs%3D16%26dfvs%3D16%26dvpt%3D16%26is%3D275%26i0%3D275%26ic%3D4096%26cs%3D4370%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1027%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,16&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1640835188470&sdkv=h.3.493.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25InQJQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 204
No Content s
ares.veedmo.com/o/ Frame 0
0 68ms
67ms Preflight 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://isecosmetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 30 Dec 2021 03:33:08 GMT
Content-Length: 0
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains max-age=15768000
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: https://isecosmetic.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2873_4D6EF4F:2A037
X-IPLB-Instance: 39399

OPTIONS
H/1.1 204
No Content s
ares.veedmo.com/o/ Frame 0
0 138ms
70ms Preflight 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://isecosmetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 30 Dec 2021 03:33:08 GMT
Content-Length: 0
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains max-age=15768000
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: https://isecosmetic.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2874_4D6EF6B:2A037
X-IPLB-Instance: 39399

POST
H/1.1 200
OK s
ares.veedmo.com/o/ 2 B
0 80ms
72ms Fetch
text/html 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Requested by

Host: cdn.veedmo-static.com
URL: https://cdn.veedmo-static.com/cdn/player/v2/current.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Dec 2021 03:33:08 GMT
X-Content-Type-Options: nosniff
X-IPLB-Instance: 39398
X-DNS-Prefetch-Control: off
Vary: Origin
Content-Length: 2
X-XSS-Protection: 1; mode=block
Server: nginx/1.18.0 (Ubuntu)
X-IPLB-Request-ID: 5BC77649:BDAF_894A7FB8:01BB_61CD2874_4D768F0:4B55
X-Frame-Options: SAMEORIGIN
ETag: W/"2-eoX0dku9ba8cNUXvu/DyeabcC+s"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains, max-age=15768000
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store

POST
H/1.1 200
OK s
ares.veedmo.com/o/ 2 B
0 71ms
71ms Fetch
text/html 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Requested by

Host: cdn.veedmo-static.com
URL: https://cdn.veedmo-static.com/cdn/player/v2/current.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Dec 2021 03:33:08 GMT
X-Content-Type-Options: nosniff
X-IPLB-Instance: 39399
X-DNS-Prefetch-Control: off
Vary: Origin
Content-Length: 2
X-XSS-Protection: 1; mode=block
Server: nginx/1.18.0 (Ubuntu)
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2874_4D6EF6D:2A037
X-Frame-Options: SAMEORIGIN
ETag: W/"2-eoX0dku9ba8cNUXvu/DyeabcC+s"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains, max-age=15768000
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store

GET
H3 200 hhrtBw21.html Show response
tpc.googlesyndication.com/sodar/ Frame D180 23 KB
9 KB 7ms
7ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Fri, 24 Dec 2021 07:43:36 GMT
expires: Sat, 24 Dec 2022 07:43:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 503372
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 204 csi
csi.gstatic.com/ Frame 79AC 0
17 B 78ms
39ms Ping
image/gif 2a00:1450:4010:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kxsewm8z&c=2726634552823&slotId=1363317276411.5&qqid=CLrTr7TLivUCFZRf4Aod95ULMQ&gqid=dCjNYbjRHYiI-gb40o6ABw&fb=ima_html5-lima&sdkv=h.3.493.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&met.4=ghmsh_s.kxsewm90~vss_tr.io~ff.kxsewmhf~ghmsh_s.kxsewmif~ghmsh_s.kxsewmif&cpn=AtPVi5uyoCDB_Ot9
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c01::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 71ms
39ms Ping
image/gif 2a00:1450:4010:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&top=1&puid=2~kxsewmai&c=2726634552823&slotId=1363317276411.5&met.4=hvd_lc.kxsewmai~hvd_ad.kxsewmai~hvd_mad.kxsewmai~hvd_admu.kxsewmai~hvd_src.kxsewmai&ps=177x100
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c01::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 79AC 156 B
142 B 59ms
59ms XHR
text/xml 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?slotname=%2F121764058%2Fisecosmetic.com%2Fisecosmetic.com_o3b_instream_veedmo_o3b&sz=400x300&ciu_szs&cust_params&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&unviewed_position_start=1&output=xml_vast4&env=vp&gdfp_req=1&ad_rule=0&video_url_to_fetch=https%3A%2F%2Fisecosmetic.com&useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.93%20Safari%2F537.36%2Cgzip(gfe)&vad_type=linear&vpos=preroll&pod=1&bumper=after&min_ad_duration=0&max_ad_duration=10000&vrid=1267815&sb=1&sid=FA345639-68C5-4DAE-95F3-B4186BE6894B&adk=2931021707&cookie_enabled=1&correlator=4227452929683429&dt=1640835188740&ged=ve4_td2_tt1_pd2_la2000_er1082.49.1182.226_vi0.0.1200.1600_vp100_ts1_eb24171&is_amp=0&npa=false&omid_p=Google1%2Fh.3.493.0&osd=2&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&scor=2435778199414097&sdk_apis=2%2C7%2C8&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&vis=1&u_so=l&eid=44750604%2C44750822%2C44752657&hl=en&frm=0&allcues=15000%2C30000&media_url=https%3A%2F%2Fget.optad360.io%2Fvideo%2Fbio_diversity_protects_life.mp4&mpt=videojs-ima&mpv=1.11.0&sdki=44d&sdkv=h.3.493.0&sdr=1&vid_d=92&vpa=auto&vpmute=0&nel=1&cnc=22654470044&nofb=true&kfa=0&tfcd=0&ctv=0&cookie=ID%3D0e897a1801400a32%3AT%3D1640835188%3AS%3DALNI_MZ0l4v7cp6Vn39_mf0D5kfhfaGLbw

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

206

videoplayback
rr5---sn-4g5ednse.googlevideo.com/
Redirect Chain

https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYcTUKa2I6dsPlPew2A4&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&mh=4T&mm=31&mn=sn-4g5...
https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYcTUKa2I6dsPlPew2A4&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&cti...

163 KB
0

8ms
7ms

Media
video/mp4

2a00:1450:4001:69::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYcTUKa2I6dsPlPew2A4&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.952&lmt=1638081469401369&txp=5432432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgQgl3l8DrfsmTPLnl6U_Os4nMz7M8rYFA0uogCVtIxd8CIQC2EaUzmToelHQ-81ltR5sZukaUs6_BSJkiJ_Z4PQgQ1Q==&cpn=AtPVi5uyoCDB_Ot9&redirect_counter=1&rm=sn-4g5e6s76&req_id=a2c177ff50dc36e2&cms_redirect=yes&ipbypass=yes&mh=4T&mip=2a0f:9441:5:0:e5::1&mm=31&mn=sn-4g5ednse&ms=au&mt=1640834954&mv=m&mvi=5&pl=48&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAK_EjwWHSvnWHtXT09mJ7id99ElOkVM5s6Nn0KTNPMnaAiEA_OWwg28OCBhBdXuWmn-FIutFJ7xXjukERp2gSWi-_so%3D

Protocol

Server

2a00:1450:4001:69::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 28 Nov 2021 06:37:49 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-2262578/2262579
client-protocol: quic
cache-control: private, max-age=28500
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2262579
expires: Thu, 30 Dec 2021 03:33:08 GMT

Redirect headers

date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 May 2007 10:26:10 GMT
server: gvs 1.0
vary: Origin
content-type: text/html
location: https://rr5---sn-4g5ednse.googlevideo.com/videoplayback?expire=1640863988&ei=dCjNYcTUKa2I6dsPlPew2A4&ip=91.199.118.73&id=a594b74aa3bea3bc&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.952&lmt=1638081469401369&txp=5432432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgQgl3l8DrfsmTPLnl6U_Os4nMz7M8rYFA0uogCVtIxd8CIQC2EaUzmToelHQ-81ltR5sZukaUs6_BSJkiJ_Z4PQgQ1Q==&cpn=AtPVi5uyoCDB_Ot9&redirect_counter=1&rm=sn-4g5e6s76&req_id=a2c177ff50dc36e2&cms_redirect=yes&ipbypass=yes&mh=4T&mip=2a0f:9441:5:0:e5::1&mm=31&mn=sn-4g5ednse&ms=au&mt=1640834954&mv=m&mvi=5&pl=48&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAK_EjwWHSvnWHtXT09mJ7id99ElOkVM5s6Nn0KTNPMnaAiEA_OWwg28OCBhBdXuWmn-FIutFJ7xXjukERp2gSWi-_so%3D
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
content-length: 0
expires: Thu, 30 Dec 2021 03:33:08 GMT

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame D180 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 00:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 00:37:40 GMT

GET
H3 200 container.html Show response
633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E433 6 KB
3 KB 22ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 30 Dec 2021 03:33:07 GMT
expires: Fri, 30 Dec 2022 03:33:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E433 0
0 47ms
46ms Fetch
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CkpLTdCjNYcrMHIWk3wOE-JrAA8-HjptcwIbZgsYCwI23ARABIABglYqJjrAHggEXY2EtcHViLTU1MTIzOTA3MDUxMzc1MDfIAQngAgCoAwGqBM0CT9BoSkfz-PMm6DtcWo9hRM5hbXosM10GGQ9ah8Rj8nOlNL92c4KiiVUtbp51quZtleB3uOXKz2UHLyU25Lhmt2jz9skk4h6FFxtUMs6tqrqe5gTP-mAW40_4r_LzmUfx40Oz0-2Bv7IerZiRBXPcBDTMittvH8XwtUAHgNgaYLiGZUnf9aIiYLR-rNH_p10cQ0XBDEF7BHGwnW37tyqAPIp-e9SCLlXDT_YTBbus5MJpb0Fv_53YBfVBx9TezXXDfSKNLrRVqI52lpmNeyq0byLPnirvjeQS_-yXU7AX67qk1N2CQv-skUQeD96IkGgnBjR7YcNxGecy4YdEYA-LHvS8Jgh4v1TRHpvlnaY0sG_Oyh3WEj-Y-yiZxNgIGlVKwULx9RI9bKbpu7CsAljpNCRoyt1PQeAc1ohGUG6SrxtGRU7Qj9c8WHawPIoC4AQBgAb13dSe-q2Sm2CgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgBAQAYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi01NTEyMzkwNzA1MTM3NTA3GJLvIQ&sigh=WSFmEvfIEm8&uach_m=[UACH]&cid=CAQSPgCNIrLMHMyWSR7mT94UqIvmMYnmaFx9pLsIroNig7Uh7qCbkPi9HyYZuFjppwaSKyuNs1bLNh7YsYbEYMCzGAE&tpd=AGWhJmsSKYjymIIftMjZCZ7pKRnlN3x1_rg5vwllCNqHb8Fm-m4eAG59ceTqbW-o2hvhfb74eC3vdLqn-ROUE3U-_gqkWLmN3LGhhe07rQm-911HMg3Ewn7nxa5jLx4LUCzu02OXWZeTqtGyxZ2Jn6Q4hygWz-4WRnCLWoRuK_u2AjFmc9QgNhYdfhLGfBTn46UKyi7-_Wa7npBsE6pj_7UJjNYl2EL63bUwK6oe1i06c9FWkpSmu98_vBKdkbKbuEOasOfSzMO77iLZ04ABrl0ltM4ZAvKXklMN4l6q8btsN73AOT0CODD64YLVlKG6YHOoeaKk-rlJp8ytUDIrEKHGP5Gz_PIZaRAqiLFpk1YtOeuXgFgIz1NuEqjtOavB72B12FyambuUvxCvCb_gsjZxGAu2z0DrdaJGVN8_egRh2VnquYtOxmJfyicJWAUsplYtd4FV7q4yYvnHqbzOJZfwD_w5j54afMjZO-B6TsZ7mwIrBtwMjylIj6tfw2l84ZouY14z-n9AcVKKQ8-dECmXTxtRhlAjr0YFPJZID39HzilmljNG33KqX0PhMziPGQv0ZPap7BiXZIFhKkEegAYC6eqLzssrKFqqnkTnS9FOjZYtkUuOLhIg8XNKZBYoZYAWj813gfguk1VtX4ykwv7XB2VtPOsSlOeMxT0b5-X27Who96NBC_pC8YxnMH9ejfjPNdRuux2sBlA6Y3IURviNMrb-TnLjjT4d39tyJQjzXpGaOVlfzmYZdHARgTTCN2su0BQGuIHLpUQz-3CSk0tpHRXhO5iNFLqvuQoEBAOu_f2EbnLKGkeYLiU7inLbHkBj0a6sczugYSVZJeQMym-Yjg9CRTX0J5oFwYVqmPNfSqxUrnb3YmM7irycsikYD3bO6vUqFlyuS27AMkWchK0UrHpPOMbP56nHQxK4nERu293mmr-6a4uUlbjDW8faPQhIb8MDrcRxzFvoUX0N3YF9nFKqiVGaERU433aoZBALnM0xOOniAoSm4Rr2grh1U54EkluRFO67O088y7VLtYNBESP_r5fgnM71sUXNvHCLN8J8ierw8t_suOYG6uu1Q3plbcY9wyy0tmeAUtnYDAZf2Ck
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame E433 3 KB
2 KB 52ms
15ms Script
application/x-javascript 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpFd1pqQXhZbVl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyMzc0NjUwOTUxNjI1NDU5NTIvOTY5NjA0NS85OTY4MjAyLzQvMGlWYWx4TlNIYjdXM1l6U1lERXB1eVVVcjFzb19HLTVnWlIxT1lITnBUUS8xLzQvMC8wLzE3NDEzNzkvMTUzOTc5ODUyOC8yMjY1ODkvMTA0MTgwMi8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzYyMzc0NjUwOTUxNjI1NDU5NTIvYW1zLzAvOTY1NC81NS85OTkvMjU4LzkxLjE5OS4xMTguMC8wLjAwMC8xNjQwODM1MTg4LzE2NDA4NDc3ODgvNC9wdWItNTUxMjM5MDcwNTEzNzUwNy8/_P3xaBcVsZalB2vlr37apC1lJX0&nodeid=126&group=cdg&auctionid=6237465095162545952&shardkey=6237465095162545952&sid=9968202&cid=9696045&bp=a_cdhaeg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCugtOdCjNYcrMHIWk3wOE-JrAA8-HjptcwIbZgsYCwI23ARABIABglYqJjrAHggEXY2EtcHViLTU1MTIzOTA3MDUxMzc1MDfIAQngAgCoAwGqBNACT9BoSkfz-PMm6DtcWo9hRM5hbXosM10GGQ9ah8Rj8nOlNL92c4KiiVUtbp51quZtleB3uOXKz2UHLyU25Lhmt2jz9skk4h6FFxtUMs6tqrqe5gTP-mAW40_4r_LzmUfx40Oz0-2Bv7IerZiRBXPcBDTMittvH8XwtUAHgNgaYLiGZUnf9aIiYLR-rNH_p10cQ0XBDEF7BHGwnW37tyqAPIp-e9SCLlXDT_YTBbus5MJpb0Fv_53YBfVBx9TezXXDfSKNLrRVqI52lpmNeyq0byLPnirvjeQS_-yXU7AX67qk1N2CQv-skUQeD96IkGgnBjR7YcNxGecy4YdEYA-LHvS8Jgh4v1TRHpvlnaY0sG_Oyh3WEj-Y-yiZxNgIGlVKwULx9RI9bOTrmiIAvvzuuYAgYQUP7hABwoL6WkCKTqaGBeEqLskQQNgpgI2Pjq_04AQBgAb13dSe-q2Sm2CgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2wtnreMVPcqOMwIjB0O659ijeciQ%26client%3Dca-pub-5512390705137507%26adurl%3D
Requested by: Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.210.4 /
Resource Hash: 7bccc6e3eec4d6e13a9fd669de7660314722b313256f51b388b254538e9b2738

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:08 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1640835188
Last-Modified: Thu, 30 Dec 2021 03:33:08 GMT
Server: MMBD/3.210.4
x-mm-latency: 1 (0)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x95, cdg-bidder-x17
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Thu, 30 Dec 2021 03:33:07 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E433 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:27:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 03:27:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E433 119 KB
37 KB 40ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 03:33:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E433 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 02:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 02:52:55 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame E433 22 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 20:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23949
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 29 Dec 2022 20:53:59 GMT

GET
H/1.1 200
OK ygzg305hzfs2 Show response
hal9000.redintelligence.net/zone/ Frame E433 10 KB
4 KB 109ms
12ms Script
text/html 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ygzg305hzfs2?subid=&gdpr=1&gdpr_consent=li&rnd=6237465095162545952&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D6237465095162545952%26mt_id%3D9696045%26mt_adid%3D226589%26mt_sid%3D9968202%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_cid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCugtOdCjNYcrMHIWk3wOE-JrAA8-HjptcwIbZgsYCwI23ARABIABglYqJjrAHggEXY2EtcHViLTU1MTIzOTA3MDUxMzc1MDfIAQngAgCoAwGqBNACT9BoSkfz-PMm6DtcWo9hRM5hbXosM10GGQ9ah8Rj8nOlNL92c4KiiVUtbp51quZtleB3uOXKz2UHLyU25Lhmt2jz9skk4h6FFxtUMs6tqrqe5gTP-mAW40_4r_LzmUfx40Oz0-2Bv7IerZiRBXPcBDTMittvH8XwtUAHgNgaYLiGZUnf9aIiYLR-rNH_p10cQ0XBDEF7BHGwnW37tyqAPIp-e9SCLlXDT_YTBbus5MJpb0Fv_53YBfVBx9TezXXDfSKNLrRVqI52lpmNeyq0byLPnirvjeQS_-yXU7AX67qk1N2CQv-skUQeD96IkGgnBjR7YcNxGecy4YdEYA-LHvS8Jgh4v1TRHpvlnaY0sG_Oyh3WEj-Y-yiZxNgIGlVKwULx9RI9bOTrmiIAvvzuuYAgYQUP7hABwoL6WkCKTqaGBeEqLskQQNgpgI2Pjq_04AQBgAb13dSe-q2Sm2CgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_2wtnreMVPcqOMwIjB0O659ijeciQ%2526client%253Dca-pub-5512390705137507%2526adurl%253D%26redirect%3D
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 31c63fcedbb22beb433881cb17831235b9b347241bb3e3ec6823e16e20a28017

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:08 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3446
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame E433 49 B
329 B 41ms
15ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=6237465095162545952&node_id=126&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpFd1pqQXhZbVl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyMzc0NjUwOTUxNjI1NDU5NTIvOTY5NjA0NS85OTY4MjAyLzQvMGlWYWx4TlNIYjdXM1l6U1lERXB1eVVVcjFzb19HLTVnWlIxT1lITnBUUS8xLzQvMC8wLzE3NDEzNzkvMTUzOTc5ODUyOC8yMjY1ODkvMTA0MTgwMi8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzYyMzc0NjUwOTUxNjI1NDU5NTIvYW1zLzAvOTY1NC81NS85OTkvMjU4LzkxLjE5OS4xMTguMC8wLjAwMC8xNjQwODM1MTg4LzE2NDA4NDc3ODgvNC9wdWItNTUxMjM5MDcwNTEzNzUwNy8/_P3xaBcVsZalB2vlr37apC1lJX0&nodeid=126&group=cdg&auctionid=6237465095162545952&shardkey=6237465095162545952&sid=9968202&cid=9696045&bp=a_cdhaeg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCugtOdCjNYcrMHIWk3wOE-JrAA8-HjptcwIbZgsYCwI23ARABIABglYqJjrAHggEXY2EtcHViLTU1MTIzOTA3MDUxMzc1MDfIAQngAgCoAwGqBNACT9BoSkfz-PMm6DtcWo9hRM5hbXosM10GGQ9ah8Rj8nOlNL92c4KiiVUtbp51quZtleB3uOXKz2UHLyU25Lhmt2jz9skk4h6FFxtUMs6tqrqe5gTP-mAW40_4r_LzmUfx40Oz0-2Bv7IerZiRBXPcBDTMittvH8XwtUAHgNgaYLiGZUnf9aIiYLR-rNH_p10cQ0XBDEF7BHGwnW37tyqAPIp-e9SCLlXDT_YTBbus5MJpb0Fv_53YBfVBx9TezXXDfSKNLrRVqI52lpmNeyq0byLPnirvjeQS_-yXU7AX67qk1N2CQv-skUQeD96IkGgnBjR7YcNxGecy4YdEYA-LHvS8Jgh4v1TRHpvlnaY0sG_Oyh3WEj-Y-yiZxNgIGlVKwULx9RI9bOTrmiIAvvzuuYAgYQUP7hABwoL6WkCKTqaGBeEqLskQQNgpgI2Pjq_04AQBgAb13dSe-q2Sm2CgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2wtnreMVPcqOMwIjB0O659ijeciQ%26client%3Dca-pub-5512390705137507%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.210.4 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:08 GMT
Server: MMBD/3.210.4
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x80, cdg-bidder-x17
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 30 Dec 2021 03:33:07 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame E433 43 B
404 B 62ms
21ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=6237465095162545952&v3=1041802&v4=9968202&v5=9696045&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpFd1pqQXhZbVl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyMzc0NjUwOTUxNjI1NDU5NTIvOTY5NjA0NS85OTY4MjAyLzQvMGlWYWx4TlNIYjdXM1l6U1lERXB1eVVVcjFzb19HLTVnWlIxT1lITnBUUS8xLzQvMC8wLzE3NDEzNzkvMTUzOTc5ODUyOC8yMjY1ODkvMTA0MTgwMi8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzYyMzc0NjUwOTUxNjI1NDU5NTIvYW1zLzAvOTY1NC81NS85OTkvMjU4LzkxLjE5OS4xMTguMC8wLjAwMC8xNjQwODM1MTg4LzE2NDA4NDc3ODgvNC9wdWItNTUxMjM5MDcwNTEzNzUwNy8/_P3xaBcVsZalB2vlr37apC1lJX0&nodeid=126&group=cdg&auctionid=6237465095162545952&shardkey=6237465095162545952&sid=9968202&cid=9696045&bp=a_cdhaeg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCugtOdCjNYcrMHIWk3wOE-JrAA8-HjptcwIbZgsYCwI23ARABIABglYqJjrAHggEXY2EtcHViLTU1MTIzOTA3MDUxMzc1MDfIAQngAgCoAwGqBNACT9BoSkfz-PMm6DtcWo9hRM5hbXosM10GGQ9ah8Rj8nOlNL92c4KiiVUtbp51quZtleB3uOXKz2UHLyU25Lhmt2jz9skk4h6FFxtUMs6tqrqe5gTP-mAW40_4r_LzmUfx40Oz0-2Bv7IerZiRBXPcBDTMittvH8XwtUAHgNgaYLiGZUnf9aIiYLR-rNH_p10cQ0XBDEF7BHGwnW37tyqAPIp-e9SCLlXDT_YTBbus5MJpb0Fv_53YBfVBx9TezXXDfSKNLrRVqI52lpmNeyq0byLPnirvjeQS_-yXU7AX67qk1N2CQv-skUQeD96IkGgnBjR7YcNxGecy4YdEYA-LHvS8Jgh4v1TRHpvlnaY0sG_Oyh3WEj-Y-yiZxNgIGlVKwULx9RI9bOTrmiIAvvzuuYAgYQUP7hABwoL6WkCKTqaGBeEqLskQQNgpgI2Pjq_04AQBgAb13dSe-q2Sm2CgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2wtnreMVPcqOMwIjB0O659ijeciQ%26client%3Dca-pub-5512390705137507%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4133 baa842e master cdg-pixel-x6 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:08 GMT
Server: MT3 4133 baa842e master cdg-pixel-x6 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 03:33:07 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame E433 49 B
329 B 41ms
14ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=6237465095162545952&st=9968202&time=1640835188&nodeid=126
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpFd1pqQXhZbVl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyMzc0NjUwOTUxNjI1NDU5NTIvOTY5NjA0NS85OTY4MjAyLzQvMGlWYWx4TlNIYjdXM1l6U1lERXB1eVVVcjFzb19HLTVnWlIxT1lITnBUUS8xLzQvMC8wLzE3NDEzNzkvMTUzOTc5ODUyOC8yMjY1ODkvMTA0MTgwMi8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzYyMzc0NjUwOTUxNjI1NDU5NTIvYW1zLzAvOTY1NC81NS85OTkvMjU4LzkxLjE5OS4xMTguMC8wLjAwMC8xNjQwODM1MTg4LzE2NDA4NDc3ODgvNC9wdWItNTUxMjM5MDcwNTEzNzUwNy8/_P3xaBcVsZalB2vlr37apC1lJX0&nodeid=126&group=cdg&auctionid=6237465095162545952&shardkey=6237465095162545952&sid=9968202&cid=9696045&bp=a_cdhaeg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCugtOdCjNYcrMHIWk3wOE-JrAA8-HjptcwIbZgsYCwI23ARABIABglYqJjrAHggEXY2EtcHViLTU1MTIzOTA3MDUxMzc1MDfIAQngAgCoAwGqBNACT9BoSkfz-PMm6DtcWo9hRM5hbXosM10GGQ9ah8Rj8nOlNL92c4KiiVUtbp51quZtleB3uOXKz2UHLyU25Lhmt2jz9skk4h6FFxtUMs6tqrqe5gTP-mAW40_4r_LzmUfx40Oz0-2Bv7IerZiRBXPcBDTMittvH8XwtUAHgNgaYLiGZUnf9aIiYLR-rNH_p10cQ0XBDEF7BHGwnW37tyqAPIp-e9SCLlXDT_YTBbus5MJpb0Fv_53YBfVBx9TezXXDfSKNLrRVqI52lpmNeyq0byLPnirvjeQS_-yXU7AX67qk1N2CQv-skUQeD96IkGgnBjR7YcNxGecy4YdEYA-LHvS8Jgh4v1TRHpvlnaY0sG_Oyh3WEj-Y-yiZxNgIGlVKwULx9RI9bOTrmiIAvvzuuYAgYQUP7hABwoL6WkCKTqaGBeEqLskQQNgpgI2Pjq_04AQBgAb13dSe-q2Sm2CgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2wtnreMVPcqOMwIjB0O659ijeciQ%26client%3Dca-pub-5512390705137507%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.210.4 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:08 GMT
Server: MMBD/3.210.4
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x38, cdg-bidder-x17
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 30 Dec 2021 03:33:07 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D180 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.493.0&bgai=BTEvydCjNYfmPBMqsgQes87WoDAAAAAA4AboFEwjPkZK0y4r1AhV-0REIHWP-AFQ&bg=!19Sl1JDNAAZKWFskSlg7ACkAdvg8WtV89af2f98EfmbR6sZwgVJRQjOKptsRugzF0LmqUYdD_tVH3gIAAABfUgAAAAdoAQeZAoPqSOg2j3V-_ZZjvfvYLlB8LGL5rfej_xp0MWZzm9CzsAiIf_oZ_H20uvYA7bBgy6ZucY_F8AGH5vlil0Y4QA8H6M0oIPCEURrIifvoptTZ92imt3ipIQETYfAFCqAdJTSmOsjOKeRZ28pFYWhDnXksEc8fbEnBwBj0yMq-7fBx6cDB8KPoB-AuU62Uy4wwb_6n4sm6xn_YV1P4M9gbOQo-Q2R-JqcO0XCrqldh-beFSoirz3jzbFtDVjhW_MyIAQu03qZnlsrNLymTtd4OMgi5nNmY7_Cy70nT1I5Dj7c_7vl51tPKFYDxnfVHUik2R2i4rwXD7KhSO_jDqJAzP2okKWmORW7KSM2PtBPe_D_uefzdTfYZreln6dqqQkQpHNdZEtl1v8nzSBG0-oa5ycO1HMO4BtDDKC7doF9mArfypkNesf52RoBLzSFy6sGAwZlnefXNwR4wKacFPgV4SegKJFvIkFiGJRr2hX3KByDQUBq4vxm7LU1vCkG49WrOxCp1f0Xh9pDxSdxU6XmwokcE7W--8YpKi7TnFP5Fk3uTsdm2Ozh6UtZX4gU5V3St6OKfRpROXPqvfDyADzplJJ7q6oYMw6oVnzjhjp5aWQWXUZY_tJOjInndHkEYBYrwP-ctEvByujeWHiO7kUHIwhvs29d3q--HfhmoAr_VJiTrzCtIUdPAxR8O2HM-T9GWeRU0lJs92Wpdpvr7u2UuaOLA2LZT0F_5S7NjPxMgre9aiz2qQEIpMwJfdRejWQ-XXxKTsrjMyNwD6nb4BM9mnrwKWQirGUUOhBeUtAgjMe1wC3h0vooDCPfUAsCtjKi_y68ol4xjyRvGl3GTuLvBuxAV8UdN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 playback
s.youtube.com/api/stats/ Frame 79AC 0
0 75ms
15ms Image
text/html 2a00:1450:400c:c09::8b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/playback?ns=yt&fexp=44750604%2C44750822%2C44752657&el=adunit&cpn=dNSKbz8IM2jVyw07&docid=pZS3SqO-o7w&ver=2&cmt=0.189&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Fisecosmetic.com%2F&len=15.882&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=96.0.4664.93&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=14&rtn=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c09::8b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ Frame 79AC 0
17 B 38ms
38ms Ping
image/gif 2a00:1450:4010:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~kxsewmih&c=2726634552823&slotId=1363317276411.5&qqid=CLrTr7TLivUCFZRf4Aod95ULMQ&gqid=dCjNYbjRHYiI-gb40o6ABw&fb=ima_html5-lima&sdkv=h.3.493.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&met.4=ghmsh_s.kxsewmig~vss_pp.xd
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4010:c01::5e Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK request.php Show response
hal900026.redintelligence.net/ Frame E433 607 B
771 B 111ms
76ms Script
application/x-javascript 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request.php?zone=ygzg305hzfs2&nw=20&renderingType=javascript&namespace=c9c22c4426&subid=&uid=c4ba99948d03961f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D6237465095162545952%26mt_id%3D9696045%26mt_adid%3D226589%26mt_sid%3D9968202%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_cid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCugtOdCjNYcrMHIWk3wOE-JrAA8-HjptcwIbZgsYCwI23ARABIABglYqJjrAHggEXY2EtcHViLTU1MTIzOTA3MDUxMzc1MDfIAQngAgCoAwGqBNACT9BoSkfz-PMm6DtcWo9hRM5hbXosM10GGQ9ah8Rj8nOlNL92c4KiiVUtbp51quZtleB3uOXKz2UHLyU25Lhmt2jz9skk4h6FFxtUMs6tqrqe5gTP-mAW40_4r_LzmUfx40Oz0-2Bv7IerZiRBXPcBDTMittvH8XwtUAHgNgaYLiGZUnf9aIiYLR-rNH_p10cQ0XBDEF7BHGwnW37tyqAPIp-e9SCLlXDT_YTBbus5MJpb0Fv_53YBfVBx9TezXXDfSKNLrRVqI52lpmNeyq0byLPnirvjeQS_-yXU7AX67qk1N2CQv-skUQeD96IkGgnBjR7YcNxGecy4YdEYA-LHvS8Jgh4v1TRHpvlnaY0sG_Oyh3WEj-Y-yiZxNgIGlVKwULx9RI9bOTrmiIAvvzuuYAgYQUP7hABwoL6WkCKTqaGBeEqLskQQNgpgI2Pjq_04AQBgAb13dSe-q2Sm2CgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_2wtnreMVPcqOMwIjB0O659ijeciQ%2526client%253Dca-pub-5512390705137507%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2F633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=2067440587632&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/ygzg305hzfs2?subid=&gdpr=1&gdpr_consent=li&rnd=6237465095162545952&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D6237465095162545952%26mt_id%3D9696045%26mt_adid%3D226589%26mt_sid%3D9968202%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_cid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCugtOdCjNYcrMHIWk3wOE-JrAA8-HjptcwIbZgsYCwI23ARABIABglYqJjrAHggEXY2EtcHViLTU1MTIzOTA3MDUxMzc1MDfIAQngAgCoAwGqBNACT9BoSkfz-PMm6DtcWo9hRM5hbXosM10GGQ9ah8Rj8nOlNL92c4KiiVUtbp51quZtleB3uOXKz2UHLyU25Lhmt2jz9skk4h6FFxtUMs6tqrqe5gTP-mAW40_4r_LzmUfx40Oz0-2Bv7IerZiRBXPcBDTMittvH8XwtUAHgNgaYLiGZUnf9aIiYLR-rNH_p10cQ0XBDEF7BHGwnW37tyqAPIp-e9SCLlXDT_YTBbus5MJpb0Fv_53YBfVBx9TezXXDfSKNLrRVqI52lpmNeyq0byLPnirvjeQS_-yXU7AX67qk1N2CQv-skUQeD96IkGgnBjR7YcNxGecy4YdEYA-LHvS8Jgh4v1TRHpvlnaY0sG_Oyh3WEj-Y-yiZxNgIGlVKwULx9RI9bOTrmiIAvvzuuYAgYQUP7hABwoL6WkCKTqaGBeEqLskQQNgpgI2Pjq_04AQBgAb13dSe-q2Sm2CgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_2wtnreMVPcqOMwIjB0O659ijeciQ%2526client%253Dca-pub-5512390705137507%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 14bf8a172e1188b5009d94c2298bf66274945a3139c57c747456f5df92081b1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:09 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 95107100028919403912180011824026
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 328
Expires: Thu, 30 Dec 2021 03:33:09 +0100

GET
H/1.1 200
OK request_content.php Show response
hal900026.redintelligence.net/ Frame E242 4 KB
2 KB 34ms
12ms Document
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=ygzg305hzfs2&nw=20&renderingType=javascript&namespace=c9c22c4426&subid=&uid=c4ba99948d03961f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D6237465095162545952%26mt_id%3D9696045%26mt_adid%3D226589%26mt_sid%3D9968202%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_cid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCugtOdCjNYcrMHIWk3wOE-JrAA8-HjptcwIbZgsYCwI23ARABIABglYqJjrAHggEXY2EtcHViLTU1MTIzOTA3MDUxMzc1MDfIAQngAgCoAwGqBNACT9BoSkfz-PMm6DtcWo9hRM5hbXosM10GGQ9ah8Rj8nOlNL92c4KiiVUtbp51quZtleB3uOXKz2UHLyU25Lhmt2jz9skk4h6FFxtUMs6tqrqe5gTP-mAW40_4r_LzmUfx40Oz0-2Bv7IerZiRBXPcBDTMittvH8XwtUAHgNgaYLiGZUnf9aIiYLR-rNH_p10cQ0XBDEF7BHGwnW37tyqAPIp-e9SCLlXDT_YTBbus5MJpb0Fv_53YBfVBx9TezXXDfSKNLrRVqI52lpmNeyq0byLPnirvjeQS_-yXU7AX67qk1N2CQv-skUQeD96IkGgnBjR7YcNxGecy4YdEYA-LHvS8Jgh4v1TRHpvlnaY0sG_Oyh3WEj-Y-yiZxNgIGlVKwULx9RI9bOTrmiIAvvzuuYAgYQUP7hABwoL6WkCKTqaGBeEqLskQQNgpgI2Pjq_04AQBgAb13dSe-q2Sm2CgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_2wtnreMVPcqOMwIjB0O659ijeciQ%2526client%253Dca-pub-5512390705137507%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2F633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=2067440587632&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 27b091c2376b5e849b1daed86ad1644a4d311ef47226362d262b165038747a13

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/

Response headers

Date: Thu, 30 Dec 2021 03:33:09 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 30 Dec 2021 03:33:09 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1522
Connection: close
Content-Type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ Frame E433 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9e153b66d9a1432544421ff580a688048507fe7734253d79c6d4662c37102da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame E242 747 B
938 B 53ms
17ms Script
text/javascript 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=51954931;click=https%3A%2F%2Fhal900026.redintelligence.net%2Fc%2Fpiosldpuxazwrue%3Ftprde%3D

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

10681688521cdf5f50442ed2ebf08f6291fd8cd3dac051f5ba875660f8a8680b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:09 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 545
expires: -1

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame E242 0
150 B 37ms
15ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=95107100028919403912180011824026&a=57700cc8&vb=m
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:09 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 container.html Show response
633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FB80 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 30 Dec 2021 03:33:07 GMT
expires: Fri, 30 Dec 2022 03:33:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ Frame FB80 4 KB
618 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 01:57:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 03:33:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 03:33:09 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame FB80 1 KB
882 B 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:24:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 499
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 03:24:50 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FB80 0
0 48ms
48ms Fetch
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CxFDrdCjNYZCmLd2t3gO9hJ74COPe9rtnhr_Ft6YN6s3oo-kSEAEgqoDDImCViomOsAegAbC6odcDyAEJqQLs-vZvJg6zPuACAKgDAcgDmwSqBKsCT9BIVCdygwcXA4havURgAArmENXr7Vp9_MM5h4h4nSXqKTbDnr3EC3FLcd-0nUWzp9tVeJSXqKBJXxdbECWcNN2j24n3koAGLZTMI38vsoC8EfXxk91y5pKPDxP3g71voKJ7wLL6P8S9eNL7CaJvwFpD15sGpdhQbaau1kOhrxqeXFQbl8Spvf_UGNnk6gy04vKtB3oVr9WKBtOeu1C9117lPyYk5WBV0hfRywGZeKIx7oJuqMvg7LYTttytOjRMXdjCyjuXu38DKOuS6wPMI7-XzSkg3HfrlviCwi9MHTk5Cwd3ALP5xCDOUbzZeSah8nu1LBp50cwL_0lEAqaO5UY6KwCWVvG4aiXdbzETO36jtygxX7K8Sxx_qpEk9nlTed3DJa9K558IZ3vABMmp_eSiA-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe_2b1gqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpr4b2AcA8gcEEIitEtIICQiI4YAQEAEYHYAKA8gLAdgTDNAVAYAXAbIXHgocCAASFHB1Yi01NTEyMzkwNzA1MTM3NTA3GJLvIQ&sigh=5AkSv7bDR4U&uach_m=[UACH]&template_id=494
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame FB80 19 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 03:31:13 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame FB80 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:27:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 367
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 03:27:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame FB80 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 02:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 02:52:55 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FB80 0
0 15ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQfiCUh3KkbgSBfbIPjoJMI3--6vTAAJPkUgZfu7nPPK0W0YCsIf7EmutLU7JvoRi3V2XK8-hlMTNKumY92Tt1d1kLz1A
Requested by: Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FB80 119 KB
36 KB 31ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 03:33:09 GMT

GET
H2 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame FB80 27 KB
12 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 22:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 191790
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 27 Mar 2022 22:16:39 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame E242 33 KB
16 KB 72ms
18ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=51954931;click=https%3A%2F%2Fhal900026.redintelligence.net%2Fc%2Fpiosldpuxazwrue%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 30d2143e5e0ad4af94bf25a55ea17ac1451f5f8b91ff96dc4a32b4791aaeeab8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
content-encoding: gzip
last-modified: Wed, 01 Dec 2021 14:23:05 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Fri, 31 Dec 2021 06:24:08 GMT

GET
DATA 200
OK truncated
/ Frame FB80 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

4091503581208051288
tpc.googlesyndication.com/simgad/ Frame FB80
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL
https://tpc.googlesyndication.com/simgad/4091503581208051288

107 KB
107 KB

8ms
7ms

Image
image/png

2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4091503581208051288

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 09:38:35 GMT
x-content-type-options: nosniff
age: 64474
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109931
x-xss-protection: 0
last-modified: Wed, 23 Oct 2019 12:45:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 09:38:35 GMT

Redirect headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 08:02:32 GMT
x-content-type-options: nosniff
server: cafe
age: 70237
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/4091503581208051288
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 28 Jan 2022 08:02:32 GMT

GET
DATA 200
OK truncated
/ Frame FB80 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67816bce8d2292d2609ca1096a2c57d50b522962cdfad422ee4322c4f1f1df7e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame FB80 16 KB
16 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:02:00 GMT
x-content-type-options: nosniff
age: 135069
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 14:02:00 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame E242 4 KB
3 KB 18ms
18ms Script
text/javascript 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=51954931;click=https%3A%2F%2Fhal900026.redintelligence.net%2Fc%2Fpiosldpuxazwrue%3Ftprde%3D;js=1;adfxid=1x;6380;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fisecosmetic.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

370c484c5737cd1832015131b16c0275e5cc9def4ac2e2975f44f67c7c5ce15f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:09 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2058
expires: -1

GET
DATA 200
OK truncated
/ Frame E242 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/24i/tools/js/ Frame E242 851 B
1 KB 119ms
24ms Script
application/javascript 54.36.108.3
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 54.36.108.3 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3112796.ip-54-36-108.eu
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:09 GMT
Last-Modified: Tue, 03 May 2016 20:54:50 GMT
Server: nginx
ETag: "5729101a-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame E242 90 KB
39 KB 28ms
26ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 81ec37f2f154f27cfde29aa4ea92e319fde0efec6444e6d053b76eb12828afc7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
content-encoding: gzip
last-modified: Wed, 01 Dec 2021 14:23:05 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Fri, 31 Dec 2021 06:24:28 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame E242 35 B
478 B 27ms
27ms Ping
image/gif 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=51954931&csi=g0KZaBVtqbNMSniZvURzBVcRqYIvt6EtiF6BsHMqAfnrygPkIxxfky6mcq6Cjy1WGYtYbVMABfxEvsB6iwpCCt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900026.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:09 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900026.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 10676349.js Show response
s1.adform.net/Banners/Elements/Files/169192/10676349/ Frame 592F 7 KB
2 KB 18ms
18ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/10676349.js?ADFassetID=10676349&bv=516

Requested by

Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

317acc31e0e915b9721074fbb44a6a7a98b9f59308a4c9018bcbccb26ae98613

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
content-encoding: gzip
last-modified: Wed, 15 Dec 2021 08:51:48 GMT
server: nginx
etag: W/"61b9aca4-1a27"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 592F 30 KB
13 KB 20ms
20ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:29 GMT
server: nginx
etag: W/"609e6e91-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 logo1_linie.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 212 B
508 B 21ms
20ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/logo1_linie.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1eb8746e20f1459b5b17998d1e20bfa72ce64efebb2db13227d6f3d1ba0f1b69

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:48 GMT
server: nginx
etag: "61b9aca4-d4"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 212

GET
H2 200 logo1.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 2 KB
2 KB 21ms
20ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/logo1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a897d5e5f7dcd81814db32c3849c14667b51f0dc70e2d3dff4b57891cf232352

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:52 GMT
server: nginx
etag: "61b9aca8-85b"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2139

GET
H2 200 bg.jpg
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 22 KB
23 KB 23ms
22ms Image
image/jpeg 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/bg.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e73fb8e63d658252598a77a569c59aa9cb60e8106e0a0b0152757917c0bc1537

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:52 GMT
server: nginx
etag: "61b9aca8-5948"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 22856

GET
H2 200 seite.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 2 KB
2 KB 25ms
23ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/seite.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

116a092bb03369ca5a75ee6a6e146e1df0965fdb82ac0b32980e88c23054b7d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:48 GMT
server: nginx
etag: "61b9aca4-72b"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1835

GET
H2 200 motiv.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 41 KB
41 KB 28ms
26ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/motiv.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f3081c491bd1c683342f5927b7522daf537f9625458065cadb6e573eb88a70e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:52 GMT
server: nginx
etag: "61b9aca8-a2a1"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 41633

GET
H2 200 txt1.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 2 KB
3 KB 33ms
31ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/txt1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1275b5a1ea97a834f26a9e8ce03545147d5c72e843827b5ba9400bde29146b45

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:48 GMT
server: nginx
etag: "61b9aca4-963"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2403

GET
H2 200 sto.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 4 KB
4 KB 33ms
32ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/sto.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

408dffe30b46aa921760ff16f5309a0e7b23b73a3824b6c63655c65500454eac

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:48 GMT
server: nginx
etag: "61b9aca4-f2a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3882

GET
H2 200 legal.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 4 KB
4 KB 34ms
33ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/legal.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c1683223424b4571b7ed7d9f5f40088928c909edf6924976aa475561a3f27cda

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:48 GMT
server: nginx
etag: "61b9aca4-e39"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3641

GET
H2 200 logo2.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 3 KB
4 KB 35ms
34ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/logo2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3cdb5bd7b42c191d94fe64fa1754e862cff8f919e055df3ef4e4dcd06616a4c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:52 GMT
server: nginx
etag: "61b9aca8-d11"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3345

GET
H2 200 txt2.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 1010 B
1 KB 35ms
34ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/txt2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

443cfc3dca8d0a55a336f205212bf1a9b7c402db64d24897565fb332babfe7b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:48 GMT
server: nginx
etag: "61b9aca4-3f2"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1010

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/ Frame 592F 3 KB
3 KB 35ms
35ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/169192/10676349/bvpath_516/images/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.212/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

55a66f71cf4c08456f896a49c482fd835ab5997e159a4314a85ff159f028fbd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:09 GMT
last-modified: Wed, 15 Dec 2021 08:51:48 GMT
server: nginx
etag: "61b9aca4-ada"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2778

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame FBAC 42 B
64 B 42ms
42ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstiOjlGpBc4MOhYfGJr9XZpnj1xuKVDzolmprnlQM9K27dF4PuCWE7BbRXPlTsStZq_ZB75bSOfCb9DRH9ZmONFaWPmFD8djt_fBq9C8-Q4kWbTz63XFQ&sai=AMfl-YTlBE7BKNMgF05xAoMunGC0HDA2iJw9uMRreieCjyzeTKH6hnP3r6gM519fEd8TOkFeeiClxYA5kxEwV3MN-Fjr7h2BFXm1moDvvsNYUF0geTgT07ouwSIU5QZRWaU&sig=Cg0ArKJSzL4NvedVbpV3EAE&id=ampim&o=300,117&d=1000,400&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=31&tls=1031&g=100&h=100&tt=1031&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=1093461533

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E433 42 B
64 B 55ms
41ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv62MLKMeHfoTAMELdrRcHOndETaQO0Y6wFX4zt5K6MDsVulhPfHKq2Z9zUKuG8o5c0V9ADmKDHoOw6XYpJYWKLUQ&sig=Cg0ArKJSzDihH5jsQEo9EAE&id=lidar2&mcvt=1001&p=1110,436,1200,1164&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=902498057&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640835188760&rpt=387&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame E242 0
150 B 34ms
12ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=95107100028919403912180011824026&a=57700cc8&vb=v
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:10 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H/1.1 200
OK s
ares.veedmo.com/o/ 2 B
0 66ms
66ms Fetch
text/html 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Requested by

Host: cdn.veedmo-static.com
URL: https://cdn.veedmo-static.com/cdn/player/v2/current.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Dec 2021 03:33:10 GMT
X-Content-Type-Options: nosniff
X-IPLB-Instance: 39399
X-DNS-Prefetch-Control: off
Vary: Origin
Content-Length: 2
X-XSS-Protection: 1; mode=block
Server: nginx/1.18.0 (Ubuntu)
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2876_4D6EFBB:2A037
X-Frame-Options: SAMEORIGIN
ETag: W/"2-eoX0dku9ba8cNUXvu/DyeabcC+s"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains, max-age=15768000
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store

OPTIONS
H/1.1 204
No Content s
ares.veedmo.com/o/ Frame 0
0 63ms
62ms Preflight 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://isecosmetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 30 Dec 2021 03:33:10 GMT
Content-Length: 0
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains max-age=15768000
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: https://isecosmetic.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2874_4D6EF6F:2A037
X-IPLB-Instance: 39399

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 79AC 42 B
64 B 48ms
47ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsswvq9jUG5spweCNbeTSCZhclHCYgUXv3yk7O1vFsMnAra4UjN8CHDdE4HK-V3J_mQc_WHelF0YUcifQ3L4AmGgD6l1cAEqb30zqppsGtIE5T_qQNaTNLm7J3wBhlgXib8Q4A6RXMLvEvAG&sai=AMfl-YQ86eiB8NtJVUT7MJeXv2x2bxLawmSwdw3NpioZDTPRdudLfAHGWHomIIXU0OpAhu2rP4qP_kRlQJP5GU0OEtPbBMTOcDT0e6SsIx6l0kjqx4ETW2O3rjc4Ozs&sig=Cg0ArKJSzCsgGsZK-aUyEAE&cid=CAASF-RoAKAG7EOBbFttE3HWpoXazaBGLBGW&id=lidarv&acvw=sv%3D914%26cb%3Dima%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D2023,0,0,0,0%26mtos%3D2023,2023,2023,2023,2023%26amtos%3D0,0,0,0,0%26mcvt%3D2023%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2023%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D428%26pst%3D417%26dur%3D15882%26vmtime%3D1939%26dtos%3D2023%26dtoss%3D1%26dvs%3D2007%26dfvs%3D2007%26dvpt%3D2007%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D12%26emuc%3D0%26emb%3D12,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D3035%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2023&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0%26t%3D1640835188470

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 53ms
17ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fisecosmetic.com%2F&domain=isecosmetic.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://isecosmetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://isecosmetic.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1575
date: Thu, 30 Dec 2021 03:33:10 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fisecosmetic.com%2F&domain=isecosmetic.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=E5qlRHxIT3hRd0tkUW9qNlh5N08vdEo2Q3E2OUNXUU4xNEpYZFFwNDFBZnoraXA3TDdZQXRmR1RMUWcxOGVqN1JBaWRHUUF2MVdSWWlCWEVkcXNlMmJ2dEVqSFFXcU5SK3J2Y1UzMFVUU2E2WHlRcUw4ZDJLTU9BWk1Hcn...

350 B
619 B

39ms
13ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=E5qlRHxIT3hRd0tkUW9qNlh5N08vdEo2Q3E2OUNXUU4xNEpYZFFwNDFBZnoraXA3TDdZQXRmR1RMUWcxOGVqN1JBaWRHUUF2MVdSWWlCWEVkcXNlMmJ2dEVqSFFXcU5SK3J2Y1UzMFVUU2E2WHlRcUw4ZDJLTU9BWk1HcnBBeGtTU2RNUWpNZktTU2xBcTBwdlRvTmdVMm1iTnNiT3QvWjdBTHhtcGtrdGhUN2dQampPaUlybFJ5aGRZaWVCMS80bHp6blh4TDNJejVKdEI4eGVrVmJhQ0NRMzgyb2ZMQUhicDhhdUJxNGZTZS90blNVPXw&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

62f8223673568af8e2a81229c4fc98204d3b2ab2c1fed4d9314419320b294e19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:10 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1776
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:10 GMT
location: https://mug.criteo.com/sid?cpp=E5qlRHxIT3hRd0tkUW9qNlh5N08vdEo2Q3E2OUNXUU4xNEpYZFFwNDFBZnoraXA3TDdZQXRmR1RMUWcxOGVqN1JBaWRHUUF2MVdSWWlCWEVkcXNlMmJ2dEVqSFFXcU5SK3J2Y1UzMFVUU2E2WHlRcUw4ZDJLTU9BWk1HcnBBeGtTU2RNUWpNZktTU2xBcTBwdlRvTmdVMm1iTnNiT3QvWjdBTHhtcGtrdGhUN2dQampPaUlybFJ5aGRZaWVCMS80bHp6blh4TDNJejVKdEI4eGVrVmJhQ0NRMzgyb2ZMQUhicDhhdUJxNGZTZS90blNVPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://isecosmetic.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1753
content-length: 482
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
543 B 99ms
30ms XHR
application/json 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 93b0ef8d782a086932f7c3d8f1c34cd9acf8c7147ca42a15fe5b6dca1c0734cd

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 03:33:10 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://isecosmetic.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Sat, 29 Jan 2022 03:33:10 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame C2AB 52 KB
17 KB 53ms
11ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 31 Dec 2021 03:33:12 GMT
Date: Thu, 30 Dec 2021 03:33:10 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 usersync Show response
ssp.wp.pl/bidder/ Frame E1F3 442 B
436 B 34ms
33ms Document
text/html 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/usersync?tcf=2
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: b0ecc068189c389cc70ae56306a63c7174fa4cf1b6f58922d3179002ada6142a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

server: nginx
date: Thu, 30 Dec 2021 03:33:10 GMT
content-type: text/html; charset=utf-8
content-length: 306
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
last-modified: Thu, 16 Dec 2021 13:26:11 GMT
vary: Accept-Encoding

GET
H2 200 usersync Show response
ssp.wp.pl/bidder/ Frame 00A0 442 B
344 B 34ms
33ms Document
text/html 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/usersync?tcf=2
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: b0ecc068189c389cc70ae56306a63c7174fa4cf1b6f58922d3179002ada6142a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

server: nginx
date: Thu, 30 Dec 2021 03:33:10 GMT
content-type: text/html; charset=utf-8
content-length: 306
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
last-modified: Thu, 16 Dec 2021 13:26:11 GMT
vary: Accept-Encoding

GET
H2 200 usersync Show response
ssp.wp.pl/bidder/ Frame D8CB 442 B
344 B 35ms
35ms Document
text/html 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/usersync?tcf=2
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: b0ecc068189c389cc70ae56306a63c7174fa4cf1b6f58922d3179002ada6142a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

server: nginx
date: Thu, 30 Dec 2021 03:33:10 GMT
content-type: text/html; charset=utf-8
content-length: 306
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
last-modified: Thu, 16 Dec 2021 13:26:11 GMT
vary: Accept-Encoding

GET
H2 200 usersync Show response
ssp.wp.pl/bidder/ Frame 90DA 442 B
344 B 35ms
35ms Document
text/html 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/usersync?tcf=2
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: b0ecc068189c389cc70ae56306a63c7174fa4cf1b6f58922d3179002ada6142a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

server: nginx
date: Thu, 30 Dec 2021 03:33:10 GMT
content-type: text/html; charset=utf-8
content-length: 306
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
last-modified: Thu, 16 Dec 2021 13:26:11 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 99ED 52 KB
17 KB 49ms
11ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 31 Dec 2021 03:33:12 GMT
Date: Thu, 30 Dec 2021 03:33:10 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 9D47 52 KB
17 KB 48ms
12ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 31 Dec 2021 03:33:12 GMT
Date: Thu, 30 Dec 2021 03:33:10 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 44FA 52 KB
17 KB 48ms
12ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 31 Dec 2021 03:33:12 GMT
Date: Thu, 30 Dec 2021 03:33:10 GMT
Connection: keep-alive
Vary: Accept-Encoding

POST
H2 200 /
track.adform.net/serving/unload/ Frame E242 35 B
478 B 17ms
17ms Ping
image/gif 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5523680775223334479@@51954931,5591487238889089627,100|1216|0|0|0|0|0|0|0||41|1|||||1|0|0|KQ7b0aCguxZcPlakbYq96SmaY5JY4mcCtW3QU0eFSE4zJJWOul3CJIm3nyX34Xgm0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900026.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:10 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900026.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 wpjslib-sync.js Show response
std.wpcdn.pl/wpjslib/ Frame E1F3 124 KB
32 KB 317ms
50ms Script
application/javascript 212.77.98.32
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://std.wpcdn.pl/wpjslib/wpjslib-sync.js
Requested by: Host: ssp.wp.pl
URL: https://ssp.wp.pl/bidder/usersync?tcf=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.98.32 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: wifi32.ras.wp.pl
Software: nginx /
Resource Hash: 48c3d7202c20bd9bfd70e9d79af03816452806cb4ed039b0649b55204ddd779f

Request headers

Referer: https://ssp.wp.pl/
Origin: https://ssp.wp.pl
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:11 GMT
content-encoding: br
last-modified: Mon, 20 Dec 2021 15:23:13 GMT
server: nginx
etag: W/"647d1c82fff29b1355fd0cf7dff9bcf7"
access-control-max-age: 300
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, stale-while-revalidate=86400
x-rgw-object-type: Normal
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 wpjslib-sync.js Show response
std.wpcdn.pl/wpjslib/ Frame 00A0 124 KB
32 KB 338ms
72ms Script
application/javascript 212.77.98.32
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://std.wpcdn.pl/wpjslib/wpjslib-sync.js
Requested by: Host: ssp.wp.pl
URL: https://ssp.wp.pl/bidder/usersync?tcf=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.98.32 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: wifi32.ras.wp.pl
Software: nginx /
Resource Hash: 48c3d7202c20bd9bfd70e9d79af03816452806cb4ed039b0649b55204ddd779f

Request headers

Referer: https://ssp.wp.pl/
Origin: https://ssp.wp.pl
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:11 GMT
content-encoding: br
last-modified: Mon, 20 Dec 2021 15:23:13 GMT
server: nginx
etag: W/"647d1c82fff29b1355fd0cf7dff9bcf7"
access-control-max-age: 300
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, stale-while-revalidate=86400
x-rgw-object-type: Normal
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 wpjslib-sync.js Show response
std.wpcdn.pl/wpjslib/ Frame D8CB 124 KB
32 KB 338ms
72ms Script
application/javascript 212.77.98.32
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://std.wpcdn.pl/wpjslib/wpjslib-sync.js
Requested by: Host: ssp.wp.pl
URL: https://ssp.wp.pl/bidder/usersync?tcf=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.98.32 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: wifi32.ras.wp.pl
Software: nginx /
Resource Hash: 48c3d7202c20bd9bfd70e9d79af03816452806cb4ed039b0649b55204ddd779f

Request headers

Referer: https://ssp.wp.pl/
Origin: https://ssp.wp.pl
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:11 GMT
content-encoding: br
last-modified: Mon, 20 Dec 2021 15:23:13 GMT
server: nginx
etag: W/"647d1c82fff29b1355fd0cf7dff9bcf7"
access-control-max-age: 300
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, stale-while-revalidate=86400
x-rgw-object-type: Normal
timing-allow-origin: *
access-control-allow-headers: *

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 46ms
13ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 984
date: Thu, 30 Dec 2021 03:33:10 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 wpjslib-sync.js Show response
std.wpcdn.pl/wpjslib/ Frame 90DA 124 KB
32 KB 331ms
73ms Script
application/javascript 212.77.98.32
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://std.wpcdn.pl/wpjslib/wpjslib-sync.js
Requested by: Host: ssp.wp.pl
URL: https://ssp.wp.pl/bidder/usersync?tcf=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.98.32 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: wifi32.ras.wp.pl
Software: nginx /
Resource Hash: 48c3d7202c20bd9bfd70e9d79af03816452806cb4ed039b0649b55204ddd779f

Request headers

Referer: https://ssp.wp.pl/
Origin: https://ssp.wp.pl
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:11 GMT
content-encoding: br
last-modified: Mon, 20 Dec 2021 15:23:13 GMT
server: nginx
etag: W/"647d1c82fff29b1355fd0cf7dff9bcf7"
access-control-max-age: 300
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, stale-while-revalidate=86400
x-rgw-object-type: Normal
timing-allow-origin: *
access-control-allow-headers: *

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame C2AB 0
730 B 7ms
7ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:10 GMT
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 280e1e42-0331-49a6-8c35-6bea96afd64e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 99ED 0
730 B 7ms
6ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:10 GMT
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: f4a8bf43-09fb-425b-bd1f-2c6a4e923cc7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 9D47 0
730 B 6ms
6ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:10 GMT
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 6fcd14d5-85bb-4463-b353-ff69de0a3ac7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 44FA 0
730 B 7ms
6ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:10 GMT
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 30200ae5-76e0-4e8c-b7db-dfe6b70157f8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame C2AB 0
730 B 6ms
6ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:11 GMT
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 229e6cd0-0516-4eb3-bd4a-a29533c83d0a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 99ED 0
730 B 6ms
6ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:11 GMT
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 965fa552-815c-4070-8fb5-de378681512f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 9D47 0
730 B 6ms
6ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:11 GMT
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: dfa3c5d5-875f-4b73-bedb-f7c13501fd9b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 44FA 0
730 B 6ms
6ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:11 GMT
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: e0e9b8c8-59fe-41c7-ad88-79fb8233ac24
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 19ms
19ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cul_UdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=Wi5NUM6emfg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=videoplaytime25&ad_mt=4190&acvw=sv%3D914%26cb%3Dima%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D4246,0,0,0,0%26mtos%3D4246,4246,4246,4246,4246%26amtos%3D0,0,0,0,0%26mcvt%3D4246%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D4246%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1033%26pst%3D417%26dur%3D15882%26vmtime%3D4189%26dtos%3D2223%26dtoss%3D2%26dvs%3D2223%26dfvs%3D2223%26dvpt%3D2223%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D4246,4246,4246,4246,4246%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D23%26emuc%3D0%26emb%3D23,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147483617%26psv%3D-2147483617%26psfv%3D-2147483617%26psa%3D0%26ptlt%3D5257%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,4246&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0%26t%3D1640835188470&sdkv=h.3.493.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25InQJQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cul_UdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=Wi5NUM6emfg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=video_skip_shown&ad_mt=5190&acvw=sv%3D914%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26p0%3D1082,49,1182,226%26p1%3D1082,49,1182,226%26tos%3D5246,0,0,0,0%26mtos%3D5246,5246,5246,5246,5246%26amtos%3D0,0,0,0,0%26mtos1%3D4246,0,0%26mcvt%3D5246%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D5246%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1233%26pst%3D417%26dur%3D15882%26vmtime%3D5189%26is%3D275%26i0%3D275%26i1%3D275%26cs%3D16781587%26c%3D1%26c0%3D1%26c1%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D1000,1000,1000,1000,1000%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D28%26emuc%3D0%26emb%3D28,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147483585%26psv%3D-2147483585%26psfv%3D-2147483585%26psa%3D0%26ptlt%3D6258%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5246%26ss0%3D0%26ss1%3D0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1640835188470&sdkv=h.3.493.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25InQJQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame E242 35 B
478 B 17ms
17ms Ping
image/gif 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5523680775223334479@@51954931,5591487238889089627,100|4899|0|0|0|0|0|0|0||167|1|||||1|0|0|KQ7b0aCguxZcPlakbYq96SmaY5JY4mcCtW3QU0eFSE4zJJWOul3CJIm3nyX34Xgm0|||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900026.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:14 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900026.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cul_UdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=Wi5NUM6emfg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=videoplaytime50&ad_mt=8190&acvw=sv%3D914%26cb%3Dima%26e%3D2%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D8245,0,0,0,0%26mtos%3D8245,8245,8245,8245,8245%26amtos%3D0,0,0,0,0%26mcvt%3D8245%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D8245%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1834%26pst%3D417%26dur%3D15882%26vmtime%3D8189%26dtos%3D3999%26dtoss%3D3%26dvs%3D3999%26dfvs%3D3999%26dvpt%3D3999%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26ic%3D512%26cs%3D16782099%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D3999,3999,3999,3999,3999%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D43%26emuc%3D0%26emb%3D43,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147483137%26psv%3D-2147483137%26psfv%3D-2147483137%26psa%3D0%26ptlt%3D9257%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,8245&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0%26t%3D1640835188470&sdkv=h.3.493.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25InQJQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

aclk
www.googleadservices.com/pagead/ Frame 79AC
Redirect Chain

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CCewDdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2Fv...
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdDsCdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqa...

0
0

39ms
18ms

Image
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdDsCdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAHABW6gBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHZoJO2h0dHBzOi8vdG90YWxiYXR0bGUuY29tL2VuL2xwL2NpdHk5YWxpa2UyX3dlYmdsX2RhcmtfcG9fMi8zsQnoQ4iAmmfKDoAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggBgBcB&num=1&client=ca-pub-2382012522979108&ctype=110&label=video_10s_engaged_view&ad_mt=10190&acvw=sv%3D914%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26p0%3D1082,49,1182,226%26p1%3D1082,49,1182,226%26p2%3D1082,49,1182,226%26tos%3D10245,0,0,0,0%26mtos%3D10245,10245,10245,10245,10245%26amtos%3D0,0,0,0,0%26mtos1%3D4246,0,0%26mtos2%3D3999,0,0%26mcvt%3D10245%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10245%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2235%26pst%3D417%26dur%3D15882%26vmtime%3D10189%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26cs%3D16782099%26c%3D1%26c0%3D1%26c1%3D1%26c2%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D2000,2000,2000,2000,2000%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D11257%26pngs%3D9s,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10245%26ss0%3D0%26ss1%3D0%26ss2%3D0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1640835188470&cid=CAQSKQCNIrLMoLVYoiSbJLtc_A6S4xKPAS7ZEccVQekeUCs0-wCtaoWGaOps&dblrd=1&val=ChAyMjBmNGRlYzExY2QwMDM5EPTQtI4GGgjxyTG5RHoxiiABKAE&sig=AOD64_2qFfn-yPzmrmwE4WBrqliiVN5SWw&adurl=https://totalbattle.com/en/lp/city9alike2_webgl_dark_po_2/3%3Fowr%3DIL%26frt%3DDisplay%26crt%3Dv3CGI0083zenCDLNGZ%26typ%3DNU%26cnt%3DTIER2-LL%26int%3Dvideo%26adgp%3Dads%26prtr%3DGoogle%26cq_src%3Dgoogle_ads%26cq_cmp%3D15413678065%26cq_term%3D%26cq_plac%3Disecosmetic.com%26cq_net%3Dvp%26cq_plt%3Dgp%26ad_id%3D565170044319
Protocol: H2
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:18 GMT
x-content-type-options: nosniff
server: adclick_server
p3p: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdDsCdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAHABW6gBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHZoJO2h0dHBzOi8vdG90YWxiYXR0bGUuY29tL2VuL2xwL2NpdHk5YWxpa2UyX3dlYmdsX2RhcmtfcG9fMi8zsQnoQ4iAmmfKDoAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggBgBcB&num=1&client=ca-pub-2382012522979108&ctype=110&label=video_10s_engaged_view&ad_mt=10190&acvw=sv%3D914%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26p0%3D1082,49,1182,226%26p1%3D1082,49,1182,226%26p2%3D1082,49,1182,226%26tos%3D10245,0,0,0,0%26mtos%3D10245,10245,10245,10245,10245%26amtos%3D0,0,0,0,0%26mtos1%3D4246,0,0%26mtos2%3D3999,0,0%26mcvt%3D10245%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10245%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2235%26pst%3D417%26dur%3D15882%26vmtime%3D10189%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26cs%3D16782099%26c%3D1%26c0%3D1%26c1%3D1%26c2%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D2000,2000,2000,2000,2000%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D11257%26pngs%3D9s,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10245%26ss0%3D0%26ss1%3D0%26ss2%3D0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1640835188470&cid=CAQSKQCNIrLMoLVYoiSbJLtc_A6S4xKPAS7ZEccVQekeUCs0-wCtaoWGaOps&dblrd=1&val=ChAyMjBmNGRlYzExY2QwMDM5EPTQtI4GGgjxyTG5RHoxiiABKAE&sig=AOD64_2qFfn-yPzmrmwE4WBrqliiVN5SWw&adurl=https://totalbattle.com/en/lp/city9alike2_webgl_dark_po_2/3%3Fowr%3DIL%26frt%3DDisplay%26crt%3Dv3CGI0083zenCDLNGZ%26typ%3DNU%26cnt%3DTIER2-LL%26int%3Dvideo%26adgp%3Dads%26prtr%3DGoogle%26cq_src%3Dgoogle_ads%26cq_cmp%3D15413678065%26cq_term%3D%26cq_plac%3Disecosmetic.com%26cq_net%3Dvp%26cq_plt%3Dgp%26ad_id%3D565170044319
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 watchtime
s.youtube.com/api/stats/ Frame 79AC 0
0 31ms
15ms Image
text/html 2a00:1450:400c:c09::8b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/watchtime?rti=10&st=0.000&et=10.190&rtn=15.882&ns=yt&fexp=44750604%2C44750822%2C44752657&el=adunit&cpn=dNSKbz8IM2jVyw07&docid=pZS3SqO-o7w&ver=2&cmt=10.190&fmt=18&rt=10.000&adformat=2_2_1&euri=https%3A%2F%2Fisecosmetic.com%2F&len=15.882&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=96.0.4664.93&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c09::8b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 17ms
17ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cul_UdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=Wi5NUM6emfg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=videoplaytime75&ad_mt=11940&acvw=sv%3D914%26cb%3Dima%26e%3D3%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D11995,0,0,0,0%26mtos%3D11995,11995,11995,11995,11995%26amtos%3D0,0,0,0,0%26mcvt%3D11995%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D11995%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2637%26pst%3D417%26dur%3D15882%26vmtime%3D11939%26dtos%3D3750%26dtoss%3D4%26dvs%3D3750%26dfvs%3D3750%26dvpt%3D3750%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26i3%3D275%26ic%3D0%26cs%3D16782099%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D3750,3750,3750,3750,3750%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D62%26emuc%3D0%26emb%3D62,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147479553%26psv%3D-2147479553%26psfv%3D-2147479553%26psa%3D0%26ptlt%3D13007%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,11995&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0%26t%3D1640835188470&sdkv=h.3.493.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25InQJQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 delayplay
s.youtube.com/api/stats/ Frame 79AC 0
0 17ms
17ms Image
text/html 2a00:1450:400c:c09::8b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/delayplay?ns=yt&fexp=44750604%2C44750822%2C44752657&el=adunit&cpn=dNSKbz8IM2jVyw07&docid=pZS3SqO-o7w&ver=2&cmt=14.190&fmt=18&rt=13.000&adformat=2_2_1&euri=https%3A%2F%2Fisecosmetic.com%2F&len=15.882&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=96.0.4664.93&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=14
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c09::8b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3

204

aclk
www.googleadservices.com/pagead/ Frame 79AC
Redirect Chain

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CCewDdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2Fv...
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdDsCdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqa...

0
0

50ms
31ms

Image
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdDsCdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAHABW6gBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHZoJO2h0dHBzOi8vdG90YWxiYXR0bGUuY29tL2VuL2xwL2NpdHk5YWxpa2UyX3dlYmdsX2RhcmtfcG9fMi8zsQnoQ4iAmmfKDoAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggBgBcB&num=1&client=ca-pub-2382012522979108&label=video_engaged_view&ctype=110&cid=CAQSKQCNIrLMxd8ePkHouV9vvpXFNKr5grzAHfYD6Uy9tYnd-fOPz6E_v_r1&dblrd=1&val=ChAyMjBmNGRlYzExY2QwMDM5EPTQtI4GGgjxyTG5RHoxiiABKAE&sig=AOD64_1A29o_J5XJeggmTgLT4z3STPP9eA&adurl=https://totalbattle.com/en/lp/city9alike2_webgl_dark_po_2/3%3Fowr%3DIL%26frt%3DDisplay%26crt%3Dv3CGI0083zenCDLNGZ%26typ%3DNU%26cnt%3DTIER2-LL%26int%3Dvideo%26adgp%3Dads%26prtr%3DGoogle%26cq_src%3Dgoogle_ads%26cq_cmp%3D15413678065%26cq_term%3D%26cq_plac%3Disecosmetic.com%26cq_net%3Dvp%26cq_plt%3Dgp%26ad_id%3D565170044319
Protocol: H3
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:24 GMT
x-content-type-options: nosniff
server: adclick_server
p3p: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdDsCdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoEmAJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmF06Pz1laj2DK1ZNoMNlp1UzmC9J3VNXqRKzrUep8ef81bICp_dbnAESSPGauTwASwnpvU_gPgBAHABW6gBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHZoJO2h0dHBzOi8vdG90YWxiYXR0bGUuY29tL2VuL2xwL2NpdHk5YWxpa2UyX3dlYmdsX2RhcmtfcG9fMi8zsQnoQ4iAmmfKDoAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggBgBcB&num=1&client=ca-pub-2382012522979108&label=video_engaged_view&ctype=110&cid=CAQSKQCNIrLMxd8ePkHouV9vvpXFNKr5grzAHfYD6Uy9tYnd-fOPz6E_v_r1&dblrd=1&val=ChAyMjBmNGRlYzExY2QwMDM5EPTQtI4GGgjxyTG5RHoxiiABKAE&sig=AOD64_1A29o_J5XJeggmTgLT4z3STPP9eA&adurl=https://totalbattle.com/en/lp/city9alike2_webgl_dark_po_2/3%3Fowr%3DIL%26frt%3DDisplay%26crt%3Dv3CGI0083zenCDLNGZ%26typ%3DNU%26cnt%3DTIER2-LL%26int%3Dvideo%26adgp%3Dads%26prtr%3DGoogle%26cq_src%3Dgoogle_ads%26cq_cmp%3D15413678065%26cq_term%3D%26cq_plac%3Disecosmetic.com%26cq_net%3Dvp%26cq_plt%3Dgp%26ad_id%3D565170044319
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 21ms
21ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cul_UdCjNYfmPBMqsgQes87WoDJyFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQIx2HRdRgqzPuACAKgDAZgEAKoElQJP0PLwDGyy8tagR3rfBRZ3WLIqP06hFCHSKqal2FvSx4sZTqXEKUBz29GlTx3VUNZI6fJe-HpgDzRIZPLiAX67_CkjXr3ZsduUTgurqlmczPHXX6BeOJi9WtbilPKZLxffnkBJRpEEVzVPqtFNIqRqasQpED5DGbzbtlmIWjjtu2qovPrnJ_bfUUWtnsxWhuxfBWuDq4bYZeEVhIUFV9LlpAZhCmejlAlDigLbd5rlTkfVi6HTcKWi5guUWYicPi6NkPjWvrAmZ5ZGtSfNLG0yw9Gg1t-lGnLcl2MTCyTyY5ARu-3TIGSQAAmFi6JpI8UxjqA_plccz9c5zNy_b1DZKHB0IhTMrhzjQlacyT5TbTEnhDR2wASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=Wi5NUM6emfg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=videoplaytime100&ad_mt=15882&acvw=sv%3D914%26cb%3Dima%26e%3D4%26nas%3D1%26sdk%3Dh%26p%3D1082,49,1182,226%26p0%3D1082,49,1182,226%26p1%3D1082,49,1182,226%26p2%3D1082,49,1182,226%26p3%3D1082,49,1182,226%26tos%3D15958,0,0,0,0%26mtos%3D15958,15958,15958,15958,15958%26amtos%3D0,0,0,0,0%26mtos1%3D4246,0,0%26mtos2%3D3999,0,0%26mtos3%3D3750,0,0%26mcvt%3D15958%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26a3%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D15958%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D3438%26pst%3D417%26dur%3D15882%26vmtime%3D15882%26dtos%3D3963%26dtoss%3D5%26dvs%3D3963%26dfvs%3D3963%26dvpt%3D3963%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26i3%3D275%26ic%3D0%26cs%3D16782099%26c%3D1%26c0%3D1%26c1%3D1%26c2%3D1%26c3%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D3963,3963,3963,3963,3963%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D598%26femvt%3D0%26emc%3D81%26emuc%3D0%26emb%3D81,0,0,0,0%26avms%3Dexc%26qi%3D243025780%26psm%3D-2147418113%26psv%3D-2147418113%26psfv%3D-2147418113%26psa%3D0%26ptlt%3D16969%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,15958%26ss0%3D0%26ss1%3D0%26ss2%3D0%26ss3%3D0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0%26t%3D1640835188470&sdkv=h.3.493.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QN0CUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25InQJQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 watchtime
s.youtube.com/api/stats/ Frame 79AC 0
0 16ms
15ms Image
text/html 2a00:1450:400c:c09::8b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/watchtime?rti=20&st=10.190&et=15.882&final=1&ns=yt&fexp=44750604%2C44750822%2C44752657&el=adunit&cpn=dNSKbz8IM2jVyw07&docid=pZS3SqO-o7w&ver=2&cmt=15.882&fmt=18&rt=15.000&adformat=2_2_1&euri=https%3A%2F%2Fisecosmetic.com%2F&len=15.882&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=96.0.4664.93&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c09::8b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

OPTIONS
H/1.1 204
No Content s
ares.veedmo.com/o/ Frame 0
0 73ms
72ms Preflight 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://isecosmetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 30 Dec 2021 03:33:24 GMT
Content-Length: 0
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains max-age=15768000
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: https://isecosmetic.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2876_4D6EFC1:2A037
X-IPLB-Instance: 39399

POST
H/1.1 200
OK s
ares.veedmo.com/o/ 2 B
0 91ms
71ms Fetch
text/html 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Requested by

Host: cdn.veedmo-static.com
URL: https://cdn.veedmo-static.com/cdn/player/v2/current.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Dec 2021 03:33:24 GMT
X-Content-Type-Options: nosniff
X-IPLB-Instance: 39399
X-DNS-Prefetch-Control: off
Vary: Origin
Content-Length: 2
X-XSS-Protection: 1; mode=block
Server: nginx/1.18.0 (Ubuntu)
X-IPLB-Request-ID: 5BC77649:BFA9_894A7FB8:01BB_61CD2884_4D6F21F:2A037
X-Frame-Options: SAMEORIGIN
ETag: W/"2-eoX0dku9ba8cNUXvu/DyeabcC+s"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains, max-age=15768000
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 79AC 0
20 B 55ms
55ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=complete&format=TRUEVIEW&lid=143&sdkv=h.3.493.0&e=44750604%2C44750822%2C44752657&id=ima_html5&c=2452837210116983&domain=isecosmetic.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 204
No Content s
ares.veedmo.com/o/ Frame 0
0 142ms
72ms Preflight 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://isecosmetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 30 Dec 2021 03:33:24 GMT
Content-Length: 0
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains max-age=15768000
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: https://isecosmetic.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2884_4D6F21E:2A037
X-IPLB-Instance: 39399

POST
H/1.1 200
OK s
ares.veedmo.com/o/ 2 B
0 68ms
67ms Fetch
text/html 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Requested by

Host: cdn.veedmo-static.com
URL: https://cdn.veedmo-static.com/cdn/player/v2/current.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Dec 2021 03:33:24 GMT
X-Content-Type-Options: nosniff
X-IPLB-Instance: 39399
X-DNS-Prefetch-Control: off
Vary: Origin
Content-Length: 2
X-XSS-Protection: 1; mode=block
Server: nginx/1.18.0 (Ubuntu)
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2884_4D6F223:2A037
X-Frame-Options: SAMEORIGIN
ETag: W/"2-eoX0dku9ba8cNUXvu/DyeabcC+s"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains, max-age=15768000
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store

GET
H2 206 bio_diversity_protects_life.mp4
get.optad360.io/video/ 3 MB
0 9ms
8ms Media
video/mp4 2600:9000:2156:a800:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/video/bio_diversity_protects_life.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:a800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://isecosmetic.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=131072-

Response headers

date: Tue, 18 May 2021 16:33:52 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 10:40:36 GMT
server: AmazonS3
age: 19479573
etag: "0538cd08a593387db670eee4176f6e26"
x-cache: Hit from cloudfront
content-type: video/mp4
Content-Range: bytes 131072-4054554/4054555
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
Content-Length: 3923483
x-amz-cf-id: bZEMWxjeeOMI_Zwji_vuOpi9YtPvfnvfBnmii6FofQbxwv8xtHrwLg==

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame E242 0
150 B 37ms
14ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=95107100028919403912180011824026&a=57700cc8&vb=v20
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=95107100028919403912180011824026&a=e860144a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:29 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 79AC 453 B
478 B 7ms
6ms Image
image/png 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-2382012522979108

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:17:08 GMT
x-content-type-options: nosniff
age: 981
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Dec 2021 04:07:08 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 17ms
16ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=C6k5tdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoEmAJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCr3Iw3RPvoyjv5Eun-sfd56VpaosuyKNQzVetIIJhzhxPUF1yJW-VH1gQTKlyAwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHbEJ6EOIgJpnyg6ACgOYCwHICwHQCw64DAHYEwzQFQHiFgIIAYAXAQ&sigh=DMvECVl2wG4&label=show_ad&acvw=&sdkv=h.3.493.0&vci=CmcIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QPkBUh8QDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25IblAAGAE.

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame 79AC 0
0 48ms
47ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=CUc1DdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoElQJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCrhI2tsWh6nKlz0GTuSHo1dr9nOQa-Nd7WXMVQ9BuOuogT_kilQ22gQxTqwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEMunFqgIAdIICQiA4YAQEAEYHYAKA8gLAcITBhjnt6CVA9gTDNAVAeIWAggBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=6IRgInIdfow&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&vt=10&sdkv=h.3.493.0&vci=CmcIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QPkBUh8QDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25IblAAGAE.
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 79AC 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=start&format=TRUEVIEW&lid=143&sdkv=h.3.493.0&e=44750604%2C44750822%2C44752657&id=ima_html5&c=2452837210116983&domain=isecosmetic.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 25ms
24ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cn2IrdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoElQJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCrhI2tsWh6nKlz0GTuSHo1dr9nOQa-Nd7WXMVQ9BuOuogT_kilQ22gQxTqwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=7q44B9POthg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=admute&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D10%26nas%3D2%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D15882%26vmtime%3D-1%26is%3D0%26cs%3D4096%26c%3D0%26mc%3D-1%26nc%3D-1%26mv%3D-1%26nv%3D-1%26lte%3D-2%26ces%26femt%3D21787%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D1,0,0,0,0%26avms%3Dexc%26qi%3D563721578%26psm%3D0%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D21993%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1640835209659&sdkv=h.3.493.0&vci=CmcIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QPkBUh8QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IblAAGAE.

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Oy6hyfNY.js Show response
tpc.googlesyndication.com/sodar/ Frame 79AC 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:14:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 483568
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15406
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 24 Dec 2022 13:14:01 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame 79AC 0
0 48ms
48ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=CUc1DdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoElQJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCrhI2tsWh6nKlz0GTuSHo1dr9nOQa-Nd7WXMVQ9BuOuogT_kilQ22gQxTqwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEMunFqgIAdIICQiA4YAQEAEYHYAKA8gLAcITBhjnt6CVA9gTDNAVAeIWAggBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=6IRgInIdfow&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&sdkv=h.3.493.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cn2IrdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoElQJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCrhI2tsWh6nKlz0GTuSHo1dr9nOQa-Nd7WXMVQ9BuOuogT_kilQ22gQxTqwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=7q44B9POthg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=vast_creativeview&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D19%26nas%3D2%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D15882%26vmtime%3D-1%26is%3D0%26cs%3D4096%26c%3D0%26mc%3D-1%26nc%3D-1%26mv%3D-1%26nv%3D-1%26lte%3D-2%26ces%26femt%3D21787%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D1,0,0,0,0%26avms%3Dexc%26qi%3D563721578%26psm%3D0%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D21995%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1640835209659&sdkv=h.3.493.0&vci=CmcIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QPkBUh8QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IblAAGAE.

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 79AC 42 B
64 B 46ms
46ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvsxff06w36TXuuPLbVhYstWYB3ENLGvIxNO_vjbPwcOy4-VDoGB-wqhAC1uzMrnUyUnpnou8mUGyU6H01_ExokXDEeFEtUCF1HCpP6KYMjnJC0nH_4rP51HEzrXmiPQ698neZ1hBQQN5sa&sai=AMfl-YTHdqRwgbvaZTl3QtyH6qM9eKLeGW2_gIdOt5ePVBdDTa6XcPngTePOeCTp1jTulx6qFTCttULsKlcDKlV4QwW5m0o0WTPgihOg5iOc2VpOueq3H6HU6ayDzsA&sig=Cg0ArKJSzIx1fqPDcbyLEAE&cid=CAASF-RopqRBp-QyQH6bDfs19asu2kPSkAy4&id=lidarv&acvw=sv%3D914%26cb%3Dima%26e%3D15%26nas%3D2%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D15882%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D4370%26cs%3D4370%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D21787%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D1,0,0,0,0%26avms%3Dexc%26qi%3D563721578%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D21996%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1640835209659&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 19ms
18ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cn2IrdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoElQJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCrhI2tsWh6nKlz0GTuSHo1dr9nOQa-Nd7WXMVQ9BuOuogT_kilQ22gQxTqwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=7q44B9POthg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=part2viewed&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D0%26nas%3D2%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D15882%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D4370%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D21787%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D1,0,0,0,0%26avms%3Dexc%26qi%3D563721578%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D21997%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1640835209659&sdkv=h.3.493.0&vci=CmcIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QPkBUh8QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IblAAGAE.

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 79AC 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=showui&format=TRUEVIEW&lid=143&sdkv=h.3.493.0&e=44750604%2C44750822%2C44752657&id=ima_html5&c=2452837210116983&domain=isecosmetic.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 19ms
18ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cn2IrdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoElQJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCrhI2tsWh6nKlz0GTuSHo1dr9nOQa-Nd7WXMVQ9BuOuogT_kilQ22gQxTqwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=7q44B9POthg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=admute&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D10%26nas%3D2%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D4,0,0,0,0%26mtos%3D4,4,4,4,4%26amtos%3D0,0,0,0,0%26mcvt%3D4%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D4%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D4%26pst%3D-1%26dur%3D15882%26vmtime%3D-1%26dvs%3D4%26dfvs%3D4%26dvpt%3D4%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D4370%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D21787%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D1,0,0,0,0%26avms%3Dexc%26qi%3D563721578%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D21999%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,4&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1640835209659&sdkv=h.3.493.0&vci=CmcIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QPkBUh8QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IblAAGAE.

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 videoplayback
rr5---sn-4g5ednse.googlevideo.com/ 2 MB
2 MB 8ms
7ms Media
video/mp4 2a00:1450:4001:69::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:69::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

078414f10a56e5f7d1cbf10bdf9f4bd8c9c399d3b6b44402445b0355af22670c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://isecosmetic.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 28 Nov 2021 06:37:49 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-2262578/2262579
client-protocol: quic
cache-control: private, max-age=28479
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2262579
expires: Thu, 30 Dec 2021 03:33:29 GMT

OPTIONS
H/1.1 204
No Content s
ares.veedmo.com/o/ Frame 0
0 68ms
68ms Preflight 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://isecosmetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 30 Dec 2021 03:33:29 GMT
Content-Length: 0
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains max-age=15768000
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: https://isecosmetic.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2884_4D6F228:2A037
X-IPLB-Instance: 39399

POST
H/1.1 200
OK s
ares.veedmo.com/o/ 2 B
0 71ms
71ms Fetch
text/html 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Requested by

Host: cdn.veedmo-static.com
URL: https://cdn.veedmo-static.com/cdn/player/v2/current.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Dec 2021 03:33:29 GMT
X-Content-Type-Options: nosniff
X-IPLB-Instance: 39399
X-DNS-Prefetch-Control: off
Vary: Origin
Content-Length: 2
X-XSS-Protection: 1; mode=block
Server: nginx/1.18.0 (Ubuntu)
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2889_4D6F2D4:2A037
X-Frame-Options: SAMEORIGIN
ETag: W/"2-eoX0dku9ba8cNUXvu/DyeabcC+s"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains, max-age=15768000
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store

GET
H3 200 hhrtBw21.html Show response
tpc.googlesyndication.com/sodar/ Frame EDFA 23 KB
9 KB 9ms
8ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Fri, 24 Dec 2021 07:43:36 GMT
expires: Sat, 24 Dec 2022 07:43:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 503393
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame EDFA 35 KB
13 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 00:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 00:37:40 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDFA 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.493.0&bgai=BKJLSdCjNYbrJH5S_gQf3q66IAwAAAAA4AboFEwi42620y4r1AhUIhN4KHXipA3A&bg=!xMelx4PNAAZKWFskSlg7ACkAdvg8WmL2i3PnvBObWm0EBsu8aOHvh8WFCfRzf25yJj3XYFXsAKmofQIAAABsUgAAAAdoAQcKAJs1qwg5ILbQVpALe1JhWhmVSk0IH9hBbr0-NPxkfvorm7SoSj3VU8Dd_afOddw9CeiUK8l7bVqwN63audqTBr4sxFqPy6yCdQ88dYnR09LmNPwkOchZ628EHbdar2x11-njp-CCKV4lTtI-FX8BsZuXauQ6ziSONwXujmDSABWZAPXH2DKeupiWfg51660qyW8lfQ6XGV5tLXSsipkCeV4KA_wieIv9JCyhbLfbLDQOXPJkNeS8HBwz014DHmJ5u1bF74-KRrScK6GpiPLiPiWq9LdcEAut0Aa2slEOZS2LaTYoDPQcsr4Uo6nAUKxzNpWHgz6XkeLgQeXLhXQcbErZaTD-KN7FC9MlS1PIIsbVaNKYtnIlZEV47IlQW2gDn-H9PbHcHD5DQH6GYY-SzhxKL_tj7ouC0NR8Z9mtqSg5rx9GxHajZasfj6NdXPGxLiA6edvXfweOaMAb77txyO1R0RvXdTuNNtbWLgSTDaD2W7VQ2wIGu9E7NuvhPoMx8ToKSQZBMhE-M1mXxsXZ2km2ygWhHIo5UbqVgnUF0DJM2iYYERGlKvjlsg1QchZyWd5dOjMDP9OEiO0GmQVDzgGTZZChiE3YV5Hfoi6XWwOTQSJzPb7kTvzIwSlF-oAer8MqGWne-K71ZqlrKnp4hCh2B_ubwE3PnBXjDdVdTJ4IfSdfVKQPWfiRzxuSxMeQeSUU0ci9yMW5awSpFsn0vS2MEn9hHoa8NQV1vNyo34QGz3Tsl6SI8Nev7Lxjti9hT4FIlNvmGrTQQ8aq13mhtSwO6jeWlT8C6Zwv2oH-sTfBh3HDi8mrVWqg2brJIzJskpbtqWUN8L2QmuC3qhC_MgUUdEqr0REAvOMeFBa37GccerLwddKogFb8T8IYmRnViVCLxeIX0RId6JtTQIvk9xOE57JFDXhBExZuYZbSX1jlP1praOJ3rQjEK11fMHCHOVo07TOB2ENBWr71jQwdRV8SuudD2P9tMYa6mRjEwRHHYVR_OC_dPcbHrovKdubSRU6pgsj2NHfHSnBYaP49ND_WstGLZk8pag

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 playback
s.youtube.com/api/stats/ Frame 79AC 0
0 15ms
15ms Image
text/html 2a00:1450:400c:c09::8b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/playback?ns=yt&fexp=44750604%2C44750822%2C44752657&el=adunit&cpn=AtPVi5uyoCDB_Ot9&docid=pZS3SqO-o7w&ver=2&cmt=0.168&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Fisecosmetic.com%2F&len=15.882&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=96.0.4664.93&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=14&rtn=10
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c09::8b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 79AC 42 B
64 B 46ms
45ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvsxff06w36TXuuPLbVhYstWYB3ENLGvIxNO_vjbPwcOy4-VDoGB-wqhAC1uzMrnUyUnpnou8mUGyU6H01_ExokXDEeFEtUCF1HCpP6KYMjnJC0nH_4rP51HEzrXmiPQ698neZ1hBQQN5sa&sai=AMfl-YTHdqRwgbvaZTl3QtyH6qM9eKLeGW2_gIdOt5ePVBdDTa6XcPngTePOeCTp1jTulx6qFTCttULsKlcDKlV4QwW5m0o0WTPgihOg5iOc2VpOueq3H6HU6ayDzsA&sig=Cg0ArKJSzIx1fqPDcbyLEAE&cid=CAASF-RopqRBp-QyQH6bDfs19asu2kPSkAy4&id=lidarv&acvw=sv%3D914%26cb%3Dima%26e%3D9%26nas%3D2%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D2008,0,0,0,0%26mtos%3D2008,2008,2008,2008,2008%26amtos%3D0,0,0,0,0%26mcvt%3D2008%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2008%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D437%26pst%3D405%26dur%3D15882%26vmtime%3D1917%26dtos%3D2008%26dtoss%3D1%26dvs%3D2004%26dfvs%3D2004%26dvpt%3D2004%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D21787%26femvt%3D0%26emc%3D11%26emuc%3D0%26emb%3D11,0,0,0,0%26avms%3Dexc%26qi%3D563721578%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D24003%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2008&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0%26t%3D1640835209659

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK s
ares.veedmo.com/o/ 2 B
0 68ms
68ms Fetch
text/html 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Requested by

Host: cdn.veedmo-static.com
URL: https://cdn.veedmo-static.com/cdn/player/v2/current.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Dec 2021 03:33:31 GMT
X-Content-Type-Options: nosniff
X-IPLB-Instance: 39399
X-DNS-Prefetch-Control: off
Vary: Origin
Content-Length: 2
X-XSS-Protection: 1; mode=block
Server: nginx/1.18.0 (Ubuntu)
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD288B_4D6F32F:2A037
X-Frame-Options: SAMEORIGIN
ETag: W/"2-eoX0dku9ba8cNUXvu/DyeabcC+s"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains, max-age=15768000
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store

OPTIONS
H/1.1 204
No Content s
ares.veedmo.com/o/ Frame 0
0 70ms
70ms Preflight 137.74.127.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://ares.veedmo.com/o/s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.127.184 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://isecosmetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 30 Dec 2021 03:33:31 GMT
Content-Length: 0
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains max-age=15768000
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: https://isecosmetic.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
X-IPLB-Request-ID: 5BC77649:BD75_894A7FB8:01BB_61CD2889_4D6F2D7:2A037
X-IPLB-Instance: 39399

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 19ms
19ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cn2IrdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoElQJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCrhI2tsWh6nKlz0GTuSHo1dr9nOQa-Nd7WXMVQ9BuOuogT_kilQ22gQxTqwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=7q44B9POthg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=videoplaytime25&ad_mt=4168&acvw=sv%3D914%26cb%3Dima%26e%3D1%26nas%3D2%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D4246,0,0,0,0%26mtos%3D4246,4246,4246,4246,4246%26amtos%3D0,0,0,0,0%26mcvt%3D4246%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D4246%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1041%26pst%3D405%26dur%3D15882%26vmtime%3D4167%26dtos%3D2238%26dtoss%3D2%26dvs%3D2238%26dfvs%3D2238%26dvpt%3D2238%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D4246,4246,4246,4246,4246%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D21787%26femvt%3D0%26emc%3D22%26emuc%3D0%26emb%3D22,0,0,0,0%26avms%3Dexc%26qi%3D563721578%26psm%3D-2147483617%26psv%3D-2147483617%26psfv%3D-2147483617%26psa%3D0%26ptlt%3D26241%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,4246&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0%26t%3D1640835209659&sdkv=h.3.493.0&vci=CmcIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QPkBUh8QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IblAAGAE.

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 19ms
18ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cn2IrdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoElQJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCrhI2tsWh6nKlz0GTuSHo1dr9nOQa-Nd7WXMVQ9BuOuogT_kilQ22gQxTqwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=7q44B9POthg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=video_skip_shown&ad_mt=5168&acvw=sv%3D914%26cb%3Dima%26nas%3D2%26sdk%3Dh%26p%3D1082,49,1182,226%26p0%3D1082,49,1182,226%26p1%3D1082,49,1182,226%26tos%3D5246,0,0,0,0%26mtos%3D5246,5246,5246,5246,5246%26amtos%3D0,0,0,0,0%26mtos1%3D4246,0,0%26mcvt%3D5246%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D5246%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1241%26pst%3D405%26dur%3D15882%26vmtime%3D5167%26is%3D275%26i0%3D275%26i1%3D275%26cs%3D16781587%26c%3D1%26c0%3D1%26c1%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D1000,1000,1000,1000,1000%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D21787%26femvt%3D0%26emc%3D27%26emuc%3D0%26emb%3D27,0,0,0,0%26avms%3Dexc%26qi%3D563721578%26psm%3D-2147483585%26psv%3D-2147483585%26psfv%3D-2147483585%26psa%3D0%26ptlt%3D27242%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5246%26ss0%3D0%26ss1%3D0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1640835209659&sdkv=h.3.493.0&vci=CmcIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QPkBUh8QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IblAAGAE.

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
205 B 153ms
152ms XHR
text/plain 147.75.61.140
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:37 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 60
vary: origin, Accept-Encoding

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 105ms
92ms XHR
application/json 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e15f9dc2ecb24df3b7a88e2aa7e9d474c7f1abff9b8dabcb6e14e1f633f7b03c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 03:33:37 GMT
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 63f3b30b-c136-4921-8b04-a56dcf0b5506
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 / Show response
ssp.wp.pl/bidder/ 0
40 B 33ms
33ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?cs=true&bdver=5.0&pbver=5.14.0&inver=0
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:37 GMT
access-control-allow-credentials: true
server: nginx
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
vary: Origin
accept-ch-lifetime: 604800

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
177 B 13ms
13ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:37 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
177 B 13ms
13ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:37 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 13 KB
7 KB 98ms
86ms XHR
application/json 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

514c62308cff9eec3e0753c4683064dc73c6a1af56e06e1b9b2f2135358efade

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 03:33:37 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9dc693b1-b999-4d62-96f1-bbb387322f34
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
228 B 96ms
96ms XHR
text/plain 147.75.61.140
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:37 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 3
vary: origin, Accept-Encoding

POST
H2 204 / Show response
ssp.wp.pl/bidder/ 0
17 B 36ms
36ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?cs=true&bdver=5.0&pbver=5.14.0&inver=0
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:37 GMT
access-control-allow-credentials: true
server: nginx
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
vary: Origin
accept-ch-lifetime: 604800

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 12 KB
6 KB 103ms
91ms XHR
application/json 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

41c2da340bc5451d50262cb398b70f8bb8de14c713b382e9a7c3a150b5423d59

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 03:33:37 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.199.118.73; 91.199.118.73; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 13501231-5ef3-4eed-8203-6e558d144628
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://isecosmetic.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 / Show response
ssp.wp.pl/bidder/ 0
17 B 34ms
34ms XHR
text/plain 212.77.99.29
WIRTUALNAPOLSKA G...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.wp.pl/bidder/?cs=true&bdver=5.0&pbver=5.14.0&inver=0
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.77.99.29 , Poland, ASN12827 (WIRTUALNAPOLSKA GDANSK, Poland, PL),
Reverse DNS: ssp.wp.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:37 GMT
access-control-allow-credentials: true
server: nginx
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
vary: Origin
accept-ch-lifetime: 604800

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
229 B 254ms
254ms XHR
text/plain 147.75.61.140
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:36 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 161
vary: origin, Accept-Encoding

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
177 B 13ms
13ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://isecosmetic.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://isecosmetic.com
date: Thu, 30 Dec 2021 03:33:37 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 31ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=isecosmetic.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 23ms
22ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=isecosmetic.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 47 KB
11 KB 379ms
379ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=604139616722378&correlator=1066360021114236&output=ldjh&impl=fif&eid=44752541%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=121764058%3A22654470044%2Cisecosmetic.com%2Cisecosmetic.com_o3b_display_sf_o3b&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&ris=30&rcs=1&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D69f0c96e73eed71%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D69f0c96e73eed71%26hb_bidder%3Dappnexus&eri=1&cookie=ID%3D0d9364fe48dfcd0d-2297f60912cd00f7%3AT%3D1640835187%3AS%3DALNI_MbGjA4xLMus10qjLiACuPKEEiRWgg&bc=31&abxe=1&lmt=1640835217&dt=1640835217482&dlt=1640835187059&idt=452&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=1110&adks=902498057&ucis=3&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&ga_vid=1196167228.1640835188&ga_sid=1640835188&ga_hid=560614065&ga_fc=false&fws=516&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

98417501bec3e892f65cf97b5c1da2be1128c0329ba6af2a45dad4f296f9a6ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11570
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://isecosmetic.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=isecosmetic.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=isecosmetic.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 296ms
295ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=604139616722378&correlator=2112087916760103&output=ldjh&impl=fif&eid=44752541%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=121764058%3A22654470044%2Cisecosmetic.com%2Cisecosmetic.com_o3b_display_am_o3b_S1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C336x280%7C360x300&ris=30&rcs=1&eri=1&cookie=ID%3D0d9364fe48dfcd0d-2297f60912cd00f7%3AT%3D1640835187%3AS%3DALNI_MbGjA4xLMus10qjLiACuPKEEiRWgg&bc=31&abxe=1&lmt=1640835217&dt=1640835217530&dlt=1640835187059&idt=452&frm=20&biw=1600&bih=1200&oid=2&adxs=610&adys=1327&adks=4023956002&ucis=1&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&vis=1&dmc=8&scr_x=0&scr_y=0&psz=360x318&msz=360x300&ga_vid=1196167228.1640835188&ga_sid=1640835188&ga_hid=560614065&ga_fc=false&fws=516&ohw=1600&btvi=4&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

16ab65eb11fd2dc6248ec2e768044168b127e8ca29ba83bb14b2953dc9f15bae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12252
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://isecosmetic.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=isecosmetic.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=isecosmetic.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 03:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET ads
securepubads.g.doubleclick.net/gampad/ 0
0

GET
H3 200 container.html Show response
633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CBE4 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 30 Dec 2021 03:33:07 GMT
expires: Fri, 30 Dec 2022 03:33:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 30
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CBE4 0
0 47ms
46ms Fetch
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CQmbjkSjNYYLzIoTm3wPk4KtQz4eOm1zAhtmCxgLAjbcBEAEgAGCViomOsAeCARdjYS1wdWItNTUxMjM5MDcwNTEzNzUwN8gBCeACAKgDAaoEsQJP0NLZ8j5bA0jUPExAC5gILAh2NBarkqPbn1I1UMjsHGoDMYL90Spxumgj4LT9vTii4R2cHAzqx_sp1VNuZF2MS7iHGC2_uiQgjtgGB6-qQi_1QH_PNZsRv4Yc6fHnC0ljfjZ2uKMtL7izg07l4Dfe0R0mn5U09zBqbmHIAmIJy9ANvVA3_w1NeVfCw40vBaLeDQDXxxlc_S-svYtlsGm6HjGFmcgXdKYG1Hh-j0fS6W72AtSs8ARzySg7ZBdjlnyFy185OldLGMNHcuIGO4lL4-iZIXuVgzZNKZgposZ5Msdaxg5HUu8g5HSA-v0_ag1_b-wp1gbgihg0Xgfm3R15hFAyEdKYd40z4zseBPYm_Tl7hQnRcVTOd8fNZIpau1c93dLUFb5yivoYyvVBo4jHGuAEAYAGtLbT96236LjYAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=JlVa_KF6B9o&uach_m=[UACH]&cid=CAQSOwCNIrLMLdml1p2jpZQLS6Q7sclUY7T_wUGKKzWXW4XJH1qzarcoM8F8PERE2vuqmbD274IfH0ZrOPUeGAE&tpd=AGWhJmtPDWw1M6bdkqiNzDBcfZrzYmG-X64cw1wlkn9nuk-o4NrDDm34a6myGC7YiA6ml4DsG6uNw8CG-CoqGIpRyXaghi92kF63qpGOD1AbS7zMydUDMT4ENXwcklVt826iwDWSh7M7Z_kEe8Q9xgwK5hYHeFDSfYSHlDUO3DFXX7voiXztj_oztbDxBnZF4yRrfiW4EfMizUD1oEt_zN3cTnbeJc36qqvEYFIa4F6rcVOMxdQkEgttDaiRgrD9xKG_ulqArLIyv8Z1dPv3Kcf9w9Ask6konKDSjpMM7qfoczu4GtZBY6aNI8DRDSOHPd1ZjF9yHm9XNfhSgAyEkx6NBLKQsMPjH2BP72Wdo83YVjpDWlYGKACMfZYgk87p4287bp5YZo1c-BBUFsMli107Z1rJD7gdrYL_TmpcsXZYuF-tysMTsfyRQFG1bQm3lSlKHz6YtN8FjNIkows7n9Hoq7mjyDXBjqKVDRnx-4ZeMgiNoNwKX5_4MNqxdFT14PAZo7BEnGMbU8ew1tHVBCP9Zl3xIeU9erR9F0GfZ_H9YJcUNfGzeLnp476quhddkM3E29YEwhw6kJnG3s6UPBrMtS6c_yWPjVB0RQVOA-G5XMi3iiVmSXF-6QAdfHitztPI41P8ODQYemSYCFZLW4spBV5-ZAouLDqY7I3jHDtZx327jmoDQApd_684tt9HdWJahovYYBE1mA30ckfqhVSla3C8sFQ1xr2xhvwlyX5PZUPreFaikpdjMu9VbFJN491WosnvqOMkXNGLwdJQNhO0Zh7a7siyyJuEiPu1CUw7-pPDDMrM9XMlRBMYkGnDKAux3eehqzHOIonTSufhRP0JOf44E2OH3tIqnFbH9I5SKMymr1zgx2jcXLF16ml58ecs96r9YG8M4eMuAGnrjuRDO0B3kU3mk7TvQ2VS7jMgYr8H4jkOpjLNJZ-i6JGV-5mTWSawPTjubJP0he_Q8uCA6hOOgSzdAR1u5pw4JWZiMh32TzAIOnXvxIHX_YYN1oJIj-IMrVbAIUZcAvCc39tG7JcVM0VnRnyT3va_M6ShbUnQ0NBqJhAPbLolA0HO1Vf9iu9CyQUpF3CU5poCnE68VQ
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame CBE4 3 KB
2 KB 26ms
26ms Script
application/x-javascript 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpNellXTTVNV0V0TVRWbVppMDBZalF6TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1NDMzMDgyMjU3MTIxNDE5ODYvOTY5MDAzMy85OTU1OTkzLzQvYlFyZVpXbG5LZjBpNXd1SHF5TjRUQlI4LXZrMHg3ck1udTBOSnI2akdQcy8xLzQvMC8wLzE3MzQ5NDUvMTUzOTc5ODUyOC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzg1NDMzMDgyMjU3MTIxNDE5ODYvenJoLzAvOTI1Mi81Ni85OTkvMjU4LzkxLjE5OS4xMTguMC8wLjAwMC8xNjQwODM1MjE3LzE2NDA4NDc4MTcvNC9wdWItNTUxMjM5MDcwNTEzNzUwNy8/3D45iwYJbImXvR6YU50X-AtmBcs&nodeid=501&group=zrh&auctionid=8543308225712141986&shardkey=8543308225712141986&sid=9955993&cid=9690033&bp=a_cfjjig&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYyPOkSjNYYLzIoTm3wPk4KtQz4eOm1zAhtmCxgLAjbcBEAEgAGCViomOsAeCARdjYS1wdWItNTUxMjM5MDcwNTEzNzUwN8gBCeACAKgDAaoEtAJP0NLZ8j5bA0jUPExAC5gILAh2NBarkqPbn1I1UMjsHGoDMYL90Spxumgj4LT9vTii4R2cHAzqx_sp1VNuZF2MS7iHGC2_uiQgjtgGB6-qQi_1QH_PNZsRv4Yc6fHnC0ljfjZ2uKMtL7izg07l4Dfe0R0mn5U09zBqbmHIAmIJy9ANvVA3_w1NeVfCw40vBaLeDQDXxxlc_S-svYtlsGm6HjGFmcgXdKYG1Hh-j0fS6W72AtSs8ARzySg7ZBdjlnyFy185OldLGMNHcuIGO4lL4-iZIXuVgzZNKZgposZ5Msdaxg5HUu8g5HSA-v0_ag1_b-wp1gbgihg0Xgfm3R15hFAyEdKYd40z4ztcBte0UYXfgoR1Of8WN2g9eZ5QB10TxTNp1f7dcFsG5u3vOjTAl2jkceAEAYAGtLbT96236LjYAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qPyZAWizO05EXMrNsLLfgRzjScQ%26client%3Dca-pub-5512390705137507%26adurl%3D
Requested by: Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.210.4 /
Resource Hash: 1cccad26f39174468d78b3546c6f451ebfe77bb616daa650d660c7a5b9b1eb30

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:37 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1640835217
Last-Modified: Thu, 30 Dec 2021 03:33:37 GMT
Server: MMBD/3.210.4
x-mm-latency: 12 (1)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x100, zrh-bidder-x57
Connection: close
Expires: Thu, 30 Dec 2021 03:33:36 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame CBE4 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:27:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 03:27:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CBE4 119 KB
36 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 03:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 03:33:37 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame CBE4 15 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 02:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2442
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 02:52:55 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CBE4 0
0 15ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR1kzEbBTeXjg02NMowLLDTlitjjqxg2z7xDn-lj6iU5J2z_gRD1aSbByEjBqbZN0pOtpV_gxN8CRa8Gp3wPJrz-iq_iw
Requested by: Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame CBE4 22 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
URL: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 20:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23978
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 29 Dec 2022 20:53:59 GMT

GET activeview
pagead2.googlesyndication.com/pcs/ Frame E433 0
0

POST /
track.adform.net/serving/unload/ Frame E242 0
0

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame 54CC 189 KB
54 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 54CC 13 KB
5 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 54CC 89 KB
28 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 54CC 5 KB
2 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 amp-form-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 54CC 40 KB
13 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Tue, 28 Dec 2021 14:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Dec 2022 14:56:32 GMT

GET
H3 200 th.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 54CC 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/th.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cad58f215d074424bf4b9310a814d9ea51931235a3afe31ee2e69c58e8f75bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 18:21:39 GMT
x-content-type-options: nosniff
server: cafe
age: 33118
etag: 12800268860518071124
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3306
x-xss-protection: 0
expires: Thu, 30 Dec 2021 18:21:39 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 54CC 344 B
379 B 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 16:59:05 GMT
x-content-type-options: nosniff
server: cafe
age: 38072
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Thu, 30 Dec 2021 16:59:05 GMT

GET
DATA 200
OK truncated
/ Frame 54CC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 005acb275bc7e15fb2f1052dede504ce24e0e006011311fe5899abb3d57d99d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 l
www.google.com/ads/measurement/ Frame 54CC 0
0 15ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRQfhw3x7hMD7LoL0NPZ6jUyooDb0GQtEJKtDtH52ppPR1a6dP31iBcn7PU0VoKBWDJMWa5xzAlEUrMmnrTbyfgCSVY3A
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 54CC 0
0 54ms
53ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAA-xkSjNYfqWILaFjuwP9PiW-AGc_onOZuC1y_OoD_SQyPuaAhABIKqAwyJglYqJjrAHoAHFua7gA8gBAeACAKgDAcgDCqoEiwJP0O0_0HaI2pQ3Roi1hE-U3O1skxIGc0C1f3aDCvh41AfmPeUJGVSrY5b2s8wapEPRiUXYQcPNHk7TNwgqbfRQjtQdHeulqqaImdStyDnnAOXz3ubTB06S5m4zEp-5KRaNZAGnZiIJFHcwgjnT074kfafv0yq6Bb0WZVTYH3KsoKuZEpLkPo_nbJ4KO6kZ_FZf-IR-8JCYbloFX-y5048NlZ-TJWT0vAdzFcBKYs5fpJEyy-QzlhKXecc_ca5TfQl_1JE9ic4njYPZ94byYk-15JlYUrCKASas7UgfkYaesq5HCh6TsAdkRaCmclwx_gUtimzBX4EzjUF9FCuhY3g9e1nAaAMpDsPiB93ABKPd-ZbvA-AEAZIFBAgEGAGSBQQIBRgEgAes1ayyAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEI7bD9IICQiA4YAQEAEYHYAKA8gLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi01NTEyMzkwNzA1MTM3NTA3GJLvIQ&sigh=tSXFOQp3dQc&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://isecosmetic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1 200
OK s013g5sbr739
hal9000.redintelligence.net/zone/ Frame CBE4 10 KB
4 KB 42ms
20ms Script
text/html 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/s013g5sbr739?subid=&gdpr=1&gdpr_consent=li&rnd=8543308225712141986&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8543308225712141986%26mt_id%3D9690033%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_cid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCYyPOkSjNYYLzIoTm3wPk4KtQz4eOm1zAhtmCxgLAjbcBEAEgAGCViomOsAeCARdjYS1wdWItNTUxMjM5MDcwNTEzNzUwN8gBCeACAKgDAaoEtAJP0NLZ8j5bA0jUPExAC5gILAh2NBarkqPbn1I1UMjsHGoDMYL90Spxumgj4LT9vTii4R2cHAzqx_sp1VNuZF2MS7iHGC2_uiQgjtgGB6-qQi_1QH_PNZsRv4Yc6fHnC0ljfjZ2uKMtL7izg07l4Dfe0R0mn5U09zBqbmHIAmIJy9ANvVA3_w1NeVfCw40vBaLeDQDXxxlc_S-svYtlsGm6HjGFmcgXdKYG1Hh-j0fS6W72AtSs8ARzySg7ZBdjlnyFy185OldLGMNHcuIGO4lL4-iZIXuVgzZNKZgposZ5Msdaxg5HUu8g5HSA-v0_ag1_b-wp1gbgihg0Xgfm3R15hFAyEdKYd40z4ztcBte0UYXfgoR1Of8WN2g9eZ5QB10TxTNp1f7dcFsG5u3vOjTAl2jkceAEAYAGtLbT96236LjYAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qPyZAWizO05EXMrNsLLfgRzjScQ%2526client%253Dca-pub-5512390705137507%2526adurl%253D%26redirect%3D
Requested by: Host: isecosmetic.com
URL: https://isecosmetic.com/wiki/Internet_Systems_Consortium
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:37 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3415
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame CBE4 43 B
405 B 22ms
20ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=8543308225712141986&v3=1040879&v4=9955993&v5=9690033&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpNellXTTVNV0V0TVRWbVppMDBZalF6TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1NDMzMDgyMjU3MTIxNDE5ODYvOTY5MDAzMy85OTU1OTkzLzQvYlFyZVpXbG5LZjBpNXd1SHF5TjRUQlI4LXZrMHg3ck1udTBOSnI2akdQcy8xLzQvMC8wLzE3MzQ5NDUvMTUzOTc5ODUyOC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzg1NDMzMDgyMjU3MTIxNDE5ODYvenJoLzAvOTI1Mi81Ni85OTkvMjU4LzkxLjE5OS4xMTguMC8wLjAwMC8xNjQwODM1MjE3LzE2NDA4NDc4MTcvNC9wdWItNTUxMjM5MDcwNTEzNzUwNy8/3D45iwYJbImXvR6YU50X-AtmBcs&nodeid=501&group=zrh&auctionid=8543308225712141986&shardkey=8543308225712141986&sid=9955993&cid=9690033&bp=a_cfjjig&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYyPOkSjNYYLzIoTm3wPk4KtQz4eOm1zAhtmCxgLAjbcBEAEgAGCViomOsAeCARdjYS1wdWItNTUxMjM5MDcwNTEzNzUwN8gBCeACAKgDAaoEtAJP0NLZ8j5bA0jUPExAC5gILAh2NBarkqPbn1I1UMjsHGoDMYL90Spxumgj4LT9vTii4R2cHAzqx_sp1VNuZF2MS7iHGC2_uiQgjtgGB6-qQi_1QH_PNZsRv4Yc6fHnC0ljfjZ2uKMtL7izg07l4Dfe0R0mn5U09zBqbmHIAmIJy9ANvVA3_w1NeVfCw40vBaLeDQDXxxlc_S-svYtlsGm6HjGFmcgXdKYG1Hh-j0fS6W72AtSs8ARzySg7ZBdjlnyFy185OldLGMNHcuIGO4lL4-iZIXuVgzZNKZgposZ5Msdaxg5HUu8g5HSA-v0_ag1_b-wp1gbgihg0Xgfm3R15hFAyEdKYd40z4ztcBte0UYXfgoR1Of8WN2g9eZ5QB10TxTNp1f7dcFsG5u3vOjTAl2jkceAEAYAGtLbT96236LjYAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qPyZAWizO05EXMrNsLLfgRzjScQ%26client%3Dca-pub-5512390705137507%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4133 baa842e master cdg-pixel-x27 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:37 GMT
Server: MT3 4133 baa842e master cdg-pixel-x27 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 03:33:36 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame CBE4 49 B
329 B 40ms
38ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=8543308225712141986&st=9955993&time=1640835217&nodeid=501
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpNellXTTVNV0V0TVRWbVppMDBZalF6TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1NDMzMDgyMjU3MTIxNDE5ODYvOTY5MDAzMy85OTU1OTkzLzQvYlFyZVpXbG5LZjBpNXd1SHF5TjRUQlI4LXZrMHg3ck1udTBOSnI2akdQcy8xLzQvMC8wLzE3MzQ5NDUvMTUzOTc5ODUyOC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzg1NDMzMDgyMjU3MTIxNDE5ODYvenJoLzAvOTI1Mi81Ni85OTkvMjU4LzkxLjE5OS4xMTguMC8wLjAwMC8xNjQwODM1MjE3LzE2NDA4NDc4MTcvNC9wdWItNTUxMjM5MDcwNTEzNzUwNy8/3D45iwYJbImXvR6YU50X-AtmBcs&nodeid=501&group=zrh&auctionid=8543308225712141986&shardkey=8543308225712141986&sid=9955993&cid=9690033&bp=a_cfjjig&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYyPOkSjNYYLzIoTm3wPk4KtQz4eOm1zAhtmCxgLAjbcBEAEgAGCViomOsAeCARdjYS1wdWItNTUxMjM5MDcwNTEzNzUwN8gBCeACAKgDAaoEtAJP0NLZ8j5bA0jUPExAC5gILAh2NBarkqPbn1I1UMjsHGoDMYL90Spxumgj4LT9vTii4R2cHAzqx_sp1VNuZF2MS7iHGC2_uiQgjtgGB6-qQi_1QH_PNZsRv4Yc6fHnC0ljfjZ2uKMtL7izg07l4Dfe0R0mn5U09zBqbmHIAmIJy9ANvVA3_w1NeVfCw40vBaLeDQDXxxlc_S-svYtlsGm6HjGFmcgXdKYG1Hh-j0fS6W72AtSs8ARzySg7ZBdjlnyFy185OldLGMNHcuIGO4lL4-iZIXuVgzZNKZgposZ5Msdaxg5HUu8g5HSA-v0_ag1_b-wp1gbgihg0Xgfm3R15hFAyEdKYd40z4ztcBte0UYXfgoR1Of8WN2g9eZ5QB10TxTNp1f7dcFsG5u3vOjTAl2jkceAEAYAGtLbT96236LjYAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qPyZAWizO05EXMrNsLLfgRzjScQ%26client%3Dca-pub-5512390705137507%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.210.4 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:37 GMT
Server: MMBD/3.210.4
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x95, zrh-bidder-x57
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 30 Dec 2021 03:33:36 GMT

GET
H/1.1 200
OK js
sync.mathtag.com/sync/ Frame CBE4 1 KB
1 KB 60ms
17ms Script
text/javascript 185.29.134.248

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=1&type=1&synclist=4&gdpr=1&gdpr_consent=li
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpNellXTTVNV0V0TVRWbVppMDBZalF6TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1NDMzMDgyMjU3MTIxNDE5ODYvOTY5MDAzMy85OTU1OTkzLzQvYlFyZVpXbG5LZjBpNXd1SHF5TjRUQlI4LXZrMHg3ck1udTBOSnI2akdQcy8xLzQvMC8wLzE3MzQ5NDUvMTUzOTc5ODUyOC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzg1NDMzMDgyMjU3MTIxNDE5ODYvenJoLzAvOTI1Mi81Ni85OTkvMjU4LzkxLjE5OS4xMTguMC8wLjAwMC8xNjQwODM1MjE3LzE2NDA4NDc4MTcvNC9wdWItNTUxMjM5MDcwNTEzNzUwNy8/3D45iwYJbImXvR6YU50X-AtmBcs&nodeid=501&group=zrh&auctionid=8543308225712141986&shardkey=8543308225712141986&sid=9955993&cid=9690033&bp=a_cfjjig&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYyPOkSjNYYLzIoTm3wPk4KtQz4eOm1zAhtmCxgLAjbcBEAEgAGCViomOsAeCARdjYS1wdWItNTUxMjM5MDcwNTEzNzUwN8gBCeACAKgDAaoEtAJP0NLZ8j5bA0jUPExAC5gILAh2NBarkqPbn1I1UMjsHGoDMYL90Spxumgj4LT9vTii4R2cHAzqx_sp1VNuZF2MS7iHGC2_uiQgjtgGB6-qQi_1QH_PNZsRv4Yc6fHnC0ljfjZ2uKMtL7izg07l4Dfe0R0mn5U09zBqbmHIAmIJy9ANvVA3_w1NeVfCw40vBaLeDQDXxxlc_S-svYtlsGm6HjGFmcgXdKYG1Hh-j0fS6W72AtSs8ARzySg7ZBdjlnyFy185OldLGMNHcuIGO4lL4-iZIXuVgzZNKZgposZ5Msdaxg5HUu8g5HSA-v0_ag1_b-wp1gbgihg0Xgfm3R15hFAyEdKYd40z4ztcBte0UYXfgoR1Of8WN2g9eZ5QB10TxTNp1f7dcFsG5u3vOjTAl2jkceAEAYAGtLbT96236LjYAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qPyZAWizO05EXMrNsLLfgRzjScQ%26client%3Dca-pub-5512390705137507%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 -, , ASN (),
Reverse DNS
Software: MT3 4133 baa842e master cdg-pixel-x15 config:1.0.0 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 03:33:37 GMT
Content-Encoding: gzip
Server: MT3 4133 baa842e master cdg-pixel-x15 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Type: text/javascript
Expires: Thu, 30 Dec 2021 03:33:36 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 79AC 42 B
64 B 18ms
17ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cn2IrdCjNYbrJH5S_gQf3q66IA5yFielm24WJ4oYPsJAfEAEg6pr8J2CViomOsAegAee3oJUDyAEFqQKP5D_-0wqzPuACAKgDAZgEAKoElQJP0KF27ItFiYiqBlWGFbkf9Sj7RtzVRIkbOWhEczijWLuvUzjXGBmLSIBgZDUxrAiHMkf0MbUj-OlZ4WZGw2CPX13Kg_QqmKd9GVBabLz_BmMkrqHJM_HORWLUaK7Ui9mqNs9OqKkAWM7MDbpu2xtIXzAtTsn_61WOnxNh7CJ8DBRXbdPKr_q3X-_FEyB8GptBAAStcO6FKa3j7rgZzfx4v-9I8Ux0ZB4jOldvgkVWhglXuzW9md3aFyCO0MUhouZW0egMlDJG3ykCELMfFHp5uH1Xa3ibBAQRAvVzt2qirBrDBgmrv2Op_BCrhI2tsWh6nKlz0GTuSHo1dr9nOQa-Nd7WXMVQ9BuOuogT_kilQ22gQxTqwASwnpvU_gPgBAGgBlSAB4HI32qoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAagIAdIICQiA4YAQEAEYHYAKA8gLAdgTDNAVAeIWAggBgBcB&sigh=7q44B9POthg&cmd=Ch1jYS12aWRlby1wdWItNTUxMjM5MDcwNTEzNzUwNxAAGAI&label=videoplaytime50&ad_mt=8187&acvw=sv%3D914%26cb%3Dima%26e%3D2%26nas%3D2%26sdk%3Dh%26p%3D1082,49,1182,226%26tos%3D8273,0,0,0,0%26mtos%3D8273,8273,8273,8273,8273%26amtos%3D0,0,0,0,0%26mcvt%3D8273%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D8273%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2049%26pst%3D405%26dur%3D15882%26vmtime%3D8187%26dtos%3D4027%26dtoss%3D3%26dvs%3D4027%26dfvs%3D4027%26dvpt%3D4027%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26ic%3D512%26cs%3D16782099%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D4027,4027,4027,4027,4027%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D21787%26femvt%3D0%26emc%3D42%26emuc%3D0%26emb%3D42,0,0,0,0%26avms%3Dexc%26qi%3D563721578%26psm%3D-2147483137%26psv%3D-2147483137%26psfv%3D-2147483137%26psa%3D0%26ptlt%3D30269%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,8273&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0%26t%3D1640835209659&sdkv=h.3.493.0&vci=CmcIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUxNzIxMjM1NzMzOTIMNTY1MTcwMDQ0MzE5QPkBUh8QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IblAAGAE.

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 03:33:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET request.php
hal900021.redintelligence.net/ Frame CBE4 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=604139616722378&correlator=2271505180879596&output=ldjh&impl=fif&eid=44752541%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=121764058%3A22654470044%2Cisecosmetic.com%2Cisecosmetic.com_o3b_display_am_o3b_ATF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1000x100%7C970x250%7C970x300%7C970x90%7C750x300%7C750x200%7C750x100%7C728x90%7C700x300%7C700x200%7C700x100%7C640x90%7C640x180%7C580x400&ris=30&rcs=1&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D970x250%26hb_pb_appnexus%3D0.09%26hb_adid_appnexus%3D70c1534ec1dd307%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.09%26hb_adid%3D70c1534ec1dd307%26hb_bidder%3Dappnexus&eri=1&cookie=ID%3D0d9364fe48dfcd0d-2297f60912cd00f7%3AT%3D1640835187%3AS%3DALNI_MbGjA4xLMus10qjLiACuPKEEiRWgg&bc=31&abxe=1&lmt=1640835217&dt=1640835217641&dlt=1640835187059&idt=452&frm=20&biw=1600&bih=1200&oid=2&adxs=300&adys=117&adks=1093461533&ucis=2&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&ref=https%3A%2F%2Fisecosmetic.com%2Fwiki%2FInternet_Systems_Consortium&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1000x418&msz=1000x400&ga_vid=1196167228.1640835188&ga_sid=1640835188&ga_hid=560614065&ga_fc=false&fws=516&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=2

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv62MLKMeHfoTAMELdrRcHOndETaQO0Y6wFX4zt5K6MDsVulhPfHKq2Z9zUKuG8o5c0V9ADmKDHoOw6XYpJYWKLUQ&sig=Cg0ArKJSzDihH5jsQEo9EAE&id=lidartos&mcvt=28714&p=1110,436,1200,1164&mtos=28714,28714,28714,28714,28714&tos=28714,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=902498057&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=u&rst=1640835188760&rpt=387&isd=0&lsd=0&ec=0&met=mue&wmsd=0

Domain: track.adform.net
URL: https://track.adform.net/serving/unload/?version=15&unload=5523680775223334479@@51954931,5591487238889089627,100|28312|0|0|0|0|0|0|0||966|1|||||1|0|0|KQ7b0aCguxZcPlakbYq96SmaY5JY4mcCtW3QU0eFSE4zJJWOul3CJIm3nyX34Xgm0|||01||0

Domain: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=s013g5sbr739&nw=20&renderingType=javascript&namespace=276e96b34d&subid=&uid=e4fd351873fe6238&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8543308225712141986%26mt_id%3D9690033%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_cid%3D73f061cd-2874-4601-b858-b62787a534fd%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCYyPOkSjNYYLzIoTm3wPk4KtQz4eOm1zAhtmCxgLAjbcBEAEgAGCViomOsAeCARdjYS1wdWItNTUxMjM5MDcwNTEzNzUwN8gBCeACAKgDAaoEtAJP0NLZ8j5bA0jUPExAC5gILAh2NBarkqPbn1I1UMjsHGoDMYL90Spxumgj4LT9vTii4R2cHAzqx_sp1VNuZF2MS7iHGC2_uiQgjtgGB6-qQi_1QH_PNZsRv4Yc6fHnC0ljfjZ2uKMtL7izg07l4Dfe0R0mn5U09zBqbmHIAmIJy9ANvVA3_w1NeVfCw40vBaLeDQDXxxlc_S-svYtlsGm6HjGFmcgXdKYG1Hh-j0fS6W72AtSs8ARzySg7ZBdjlnyFy185OldLGMNHcuIGO4lL4-iZIXuVgzZNKZgposZ5Msdaxg5HUu8g5HSA-v0_ag1_b-wp1gbgihg0Xgfm3R15hFAyEdKYd40z4ztcBte0UYXfgoR1Of8WN2g9eZ5QB10TxTNp1f7dcFsG5u3vOjTAl2jkceAEAYAGtLbT96236LjYAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qPyZAWizO05EXMrNsLLfgRzjScQ%2526client%253Dca-pub-5512390705137507%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2F633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=866528335964&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
isecosmetic.com/	1969-12-31 23:59:59	Name: humans Value: checktest
.fastred.biz/	1970-01-20 00:30:27	Name: uuid Value: e30be442-f42b-4baf-8097-ee122cb0a075
isecosmetic.com/	1970-01-19 23:57:19	Name: __oagr Value: true
.yadro.ru/	1970-01-20 08:32:27	Name: FTID Value: 1XpIX_3bp48E1XpIX_0011Zb
.yadro.ru/	1970-01-20 08:32:27	Name: VID Value: 3kRGqG0v7l8E1XpIX_0011b0
isecosmetic.com/	1970-01-20 00:30:27	Name: _pbjs_userid_consent_data Value: 6683316680106290
isecosmetic.com/	1970-01-20 08:32:51	Name: _sharedID Value: bd078d1b-cdc3-4321-9366-fe16c4d31bf5
.adnxs.com/	1970-01-20 01:56:51	Name: icu Value: ChgIlst2EAoYASABKAEw89C0jgY4AUABSAEQ89C0jgYYAA..
.adnxs.com/	1970-01-20 01:56:51	Name: uuid2 Value: 751235160868935029
prebid.a-mo.net/	1970-01-20 08:32:51	Name: __amc Value: 1_1640835187_1640835187
.doubleclick.net/	1970-01-20 09:08:51	Name: IDE Value: AHWqTUl8_m9dDYjCofpGY_j8A8oDiLUvK3Si44e84ovLfb1cP3BVQ1KCuWvKQJDS7P4
.doubleclick.net/	1970-01-19 23:47:18	Name: DSID Value: NO_DATA
.mathtag.com/	1970-01-20 08:32:51	Name: uuid Value: 73f061cd-2874-4601-b858-b62787a534fd
.isecosmetic.com/	1970-01-20 09:08:51	Name: __gads Value: ID=0d9364fe48dfcd0d-2297f60912cd00f7:T=1640835187:S=ALNI_MbGjA4xLMus10qjLiACuPKEEiRWgg
.adform.net/	1970-01-20 00:31:53	Name: C Value: 1
.adform.net/	1970-01-20 01:13:39	Name: uid Value: 5523680775223334479
.adform.net/	1970-01-19 23:57:19	Name: TPC Value: 1640835189317
.adsrvr.org/	1970-01-20 08:32:51	Name: TDID Value: 1b58a429-0f34-432c-933a-ff9cd0eb5413
isecosmetic.com/	1970-01-20 08:32:51	Name: unifiedid Value: %7B%22TDID%22%3A%221b58a429-0f34-432c-933a-ff9cd0eb5413%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222021-12-30T03%3A33%3A10%22%7D
isecosmetic.com/	1970-01-20 09:08:51	Name: cto_bundle Value: TU3OTF9COGhXUXZkcmRHQTJvMWZHTkpsJTJCWTRmQmFQRGo2WjVtJTJCd1NrYWRLTjhkdzdPZ1RiNTV2VGdnNiUyQjdLeHdYTkUzV3NJOGE5Vm5EY3dZRHFCSThHc3NLOWx0MVBLSEVRZ08lMkZNbU1XbGtpMDZSaWFZVzVDczlpOUJsUklyQWtad2Vm
isecosmetic.com/	1970-01-20 09:08:51	Name: cto_bidid Value: 1uurCV94R0JpdXdWTU1lU1V3bUMlMkJRdjliaU9PeW8zYiUyQkVOb0xqZlFGTlZUVVc2bmhZYkNyeDRhT0g3N0JFWlFVYzM1REJQZ0RtdGhCaHlTJTJCN3V3QTIwcm1ydyUzRCUzRA

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

633df87f5d690c07128444681c5f65d8.safeframe.googlesyndication.com
acdn.adnxs.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
ares.veedmo.com
cdn.ampproject.org
cdn.contentspread.net
cdn.jsdelivr.net
cdn.veedmo-static.com
cdn.veedmo-storage-2.com
cmp.optad360.io
counter.yadro.ru
csi.gstatic.com
en.wikipedia.org
fastred.biz
fonts.googleapis.com
fonts.gstatic.com
get.optad360.io
googleads.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900021.redintelligence.net
hal900026.redintelligence.net
ib.adnxs.com
imasdk.googleapis.com
isecosmetic.com
match.adsrvr.org
mug.criteo.com
pagead2.googlesyndication.com
pixel.mathtag.com
prebid-eu.creativecdn.com
prebid.a-mo.net
pubads.g.doubleclick.net
rr5---sn-4g5ednse.googlevideo.com
rr5---sn-4g5lzner.googlevideo.com
s.youtube.com
s0.2mdn.net
s1.adform.net
script.4dex.io
securepubads.g.doubleclick.net
ssp.wp.pl
std.wpcdn.pl
sync.mathtag.com
tags.mathtag.com
tpc.googlesyndication.com
track.adform.net
upload.wikimedia.org
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
hal900021.redintelligence.net
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
track.adform.net
137.74.127.184
138.201.63.149
138.201.84.244
142.250.185.130
142.250.185.226
147.75.61.140
15.197.193.217
178.250.2.146
185.184.8.65
185.29.134.245
185.29.134.248
2.18.232.130
2.18.233.201
212.77.98.32
212.77.99.29
2600:9000:2156:a800:11:a4de:2580:93a1
2600:9000:2315:e600:6:b871:4f00:93a1
2606:4700:20::681a:9a9
2606:4700:3035::ac43:ce26
2606:4700:3036::ac43:9f20
2606:4700::6810:5714
2620:0:862:ed1a::1
2620:0:862:ed1a::2:b
2a00:1450:4001:15::a
2a00:1450:4001:69::a
2a00:1450:4001:808::2001
2a00:1450:4001:809::2001
2a00:1450:4001:810::2003
2a00:1450:4001:811::2002
2a00:1450:4001:811::200a
2a00:1450:4001:812::2002
2a00:1450:4001:827::2003
2a00:1450:4001:827::200a
2a00:1450:4001:829::2001
2a00:1450:4001:829::2004
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2006
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2002
2a00:1450:400c:c09::8b
2a00:1450:4010:c01::5e
2a02:2638::1c
2a02:6ea0:c700::4
37.157.2.235
37.157.6.235
37.252.173.22
51.15.15.73
54.36.108.3
88.212.201.198
005acb275bc7e15fb2f1052dede504ce24e0e006011311fe5899abb3d57d99d3
078414f10a56e5f7d1cbf10bdf9f4bd8c9c399d3b6b44402445b0355af22670c
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0e54a084222055cc47f4a8c385b5abd8a06a70fb55587d75ad762e1e9a201d8d
10681688521cdf5f50442ed2ebf08f6291fd8cd3dac051f5ba875660f8a8680b
116a092bb03369ca5a75ee6a6e146e1df0965fdb82ac0b32980e88c23054b7d0
1275b5a1ea97a834f26a9e8ce03545147d5c72e843827b5ba9400bde29146b45
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
14bf8a172e1188b5009d94c2298bf66274945a3139c57c747456f5df92081b1e
16ab65eb11fd2dc6248ec2e768044168b127e8ca29ba83bb14b2953dc9f15bae
1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1b9a43101803a1f2fa8e9c14a3d0e432a3357a915b6438fb689360374b34ff5a
1cccad26f39174468d78b3546c6f451ebfe77bb616daa650d660c7a5b9b1eb30
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1eb8746e20f1459b5b17998d1e20bfa72ce64efebb2db13227d6f3d1ba0f1b69
222d5fb2a34e188d9881a19d925052ce150ec96ce81bf316b36000a6a8ca8bfb
23e78a4b8f590067a0906a71d65d2cbe116b8b4682a6a641e086ffcef8c55e46
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27b091c2376b5e849b1daed86ad1644a4d311ef47226362d262b165038747a13
2bef169bbdd472d68aa7d090b4604481a286f222a0552801bb59d2e8650b4487
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
309dcb99d4c39340ca3e8683a484f68f1bb8f0e07eb2237ab09829964b29276e
30d2143e5e0ad4af94bf25a55ea17ac1451f5f8b91ff96dc4a32b4791aaeeab8
317acc31e0e915b9721074fbb44a6a7a98b9f59308a4c9018bcbccb26ae98613
31c63fcedbb22beb433881cb17831235b9b347241bb3e3ec6823e16e20a28017
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
370c484c5737cd1832015131b16c0275e5cc9def4ac2e2975f44f67c7c5ce15f
3715c225e5ed1fb3a24aafa9436b6ea36aac9ef46414a9b7aaa7b288c4379077
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
3bc21797de283ed8a184b7a12e07566eb539d3f2ca06ffce1c9939d438c5eea6
3c61d645a6a75efd17b9c6889d99e2e63a3296c4a057809590622b1ae9234469
3cdb5bd7b42c191d94fe64fa1754e862cff8f919e055df3ef4e4dcd06616a4c8
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
408dffe30b46aa921760ff16f5309a0e7b23b73a3824b6c63655c65500454eac
41c2da340bc5451d50262cb398b70f8bb8de14c713b382e9a7c3a150b5423d59
443cfc3dca8d0a55a336f205212bf1a9b7c402db64d24897565fb332babfe7b7
47ecd5179d3181e8b8c00c404741692a81e251680eeb7da8f0accdfe49759672
4841bc08084ca302010ea5c1c849c8bd43a71f894c4f5d430b2d8ae3805ce056
48c3d7202c20bd9bfd70e9d79af03816452806cb4ed039b0649b55204ddd779f
493637dea9987a10083bec71cf32d360a31dcb6eb38c8110638e1fab30be1a9b
514c62308cff9eec3e0753c4683064dc73c6a1af56e06e1b9b2f2135358efade
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55a66f71cf4c08456f896a49c482fd835ab5997e159a4314a85ff159f028fbd5
5cf6caa7c9b811beacfb31b4862949e0b7d690ab1bdcf3c6e9707c7a05116436
5df467e8d8bf55ac51b4f3503fcae6249047cd76872196635655ece8c8916477
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
622097ac49b5868e4dff2f1f3090dfa8a10ba37465954e147314e0c4c3cf0271
62f8223673568af8e2a81229c4fc98204d3b2ab2c1fed4d9314419320b294e19
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
67816bce8d2292d2609ca1096a2c57d50b522962cdfad422ee4322c4f1f1df7e
6b8dbf934234bae6d5494d7d4e3be47fbc5b9a38677dba0c99e42eb8edb79a56
7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453
71c2c7c95dd715806dfe44bc55020548bf46a9493f95408206617ed4e30d3d7d
732dad845d38401ffd6f812b344aefc05faac6291219c981000789d02bd9ab4b
76f754050e2c29ed1ee0e170536af6dfb5b48721068bc9fe786633289b024272
7bccc6e3eec4d6e13a9fd669de7660314722b313256f51b388b254538e9b2738
81ec37f2f154f27cfde29aa4ea92e319fde0efec6444e6d053b76eb12828afc7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8545f789d157443e285020e59d3ede5a7725a9ab6d03ebaa996ef57914d1685c
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
885ab49b1a6e155bc3827777a8982f932765d86f6cd913322cea9b5807c207b9
8b4f6b760aaa4e512a23b22942601658649f04dce75f38351a11be9794e2b65c
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7
93b0ef8d782a086932f7c3d8f1c34cd9acf8c7147ca42a15fe5b6dca1c0734cd
981a1871d0eca08fb5f3ed20197583cb8bad958567a102a3a52711f6650d46c7
98417501bec3e892f65cf97b5c1da2be1128c0329ba6af2a45dad4f296f9a6ac
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9e464945c8fbe2d4e4c6ffa4521bfe712189c765442dd62aa39eea5d0ac2a456
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a897d5e5f7dcd81814db32c3849c14667b51f0dc70e2d3dff4b57891cf232352
a9e153b66d9a1432544421ff580a688048507fe7734253d79c6d4662c37102da
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
ae2bd2403ae920b407f625753234bee13dee6faf9cab1a88076e72ff09e7c58d
aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308
b045287a016be2002049a4ca393e13d9de9855e64de840ec716da106fbea296e
b0ecc068189c389cc70ae56306a63c7174fa4cf1b6f58922d3179002ada6142a
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
c1683223424b4571b7ed7d9f5f40088928c909edf6924976aa475561a3f27cda
c3e4d2500a800e6fdb5052aa7b6d5eb7cde55651831bed6f44cdde3ef6d494a6
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
cad58f215d074424bf4b9310a814d9ea51931235a3afe31ee2e69c58e8f75bec
cb7553aa982d5250338c33229e7663b6c75e1aa36c000f2cfd8fe52747dbacde
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
ddb2bac1c0cfcbe9d7ab0a96070cc2581f1de8c1d570b392b409c36775be7880
de3594db2833ba89ab7bf35cf35488ad5321c24aa8817fdae2ff247527edbdcb
e15f9dc2ecb24df3b7a88e2aa7e9d474c7f1abff9b8dabcb6e14e1f633f7b03c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e73fb8e63d658252598a77a569c59aa9cb60e8106e0a0b0152757917c0bc1537
e86e22993fb9eefb8b86a9514b0eea64237e066343129b11d2bdd3ad9fd54b9f
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
eb04b94656de1350a1fe252e640d692b44f9501188d48c01884d6962bea38913
ebd5d51d90cc683e170eb87030c137f32ccd7b393a86acacbcb9e19a38c8d966
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
f3081c491bd1c683342f5927b7522daf537f9625458065cadb6e573eb88a70e3
fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

isecosmetic.com Open in urlscan Pro 2606:4700:3036::ac43:9f20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

285 Requests

95 %HTTPS

57 %IPv6

34 Domains

52 Subdomains

48 IPs

10 Countries

6950 kBTransfer

14779 kBSize

21 Cookies

34 Outgoing links

Page URL History

Redirected requests

285 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

isecosmetic.com Open in urlscan Pro
2606:4700:3036::ac43:9f20 Public Scan

Screenshot
Live screenshot

Full Image

285
Requests

95 %
HTTPS

57 %
IPv6

34
Domains

52
Subdomains

48
IPs

10
Countries

6950 kB
Transfer

14779 kB
Size

21
Cookies

285 HTTP transactions
11 data transactions