lookbook.nu Open in urlscan Pro
2606:4700:3031::ac43:9926 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lookbook.nu/user/9875454-Taari-Maa
Submission: On April 18 via manual (April 18th 2022, 10:33:21 am UTC) from IN — Scanned from DE

Summary HTTP 153 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 42 IPs in 8 countries across 30 domains to perform 153 HTTP transactions. The main IP is 2606:4700:3031::ac43:9926, located in United States and belongs to CLOUDFLARENET, US. The main domain is lookbook.nu. The Cisco Umbrella rank of the primary domain is 596995.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 28th 2021. Valid for: a year.

This is the only time lookbook.nu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3031::ac43:9926	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2606:4700:20:... 2606:4700:20::681a:12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:d000:a:ecd6:9900:21	16509 (AMAZON-02) (AMAZON-02)
2	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
4	143.204.95.188 143.204.95.188	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:3c00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 3	108.157.4.121 108.157.4.121	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:401... 2a00:1450:4010:c07::9b	15169 (GOOGLE) (GOOGLE)
7	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1 2	52.31.65.246 52.31.65.246	16509 (AMAZON-02) (AMAZON-02)
4	78.46.90.238 78.46.90.238	24940 (HETZNER-AS) (HETZNER-AS)
3	2600:9000:215... 2600:9000:2156:7400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
15	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
7	52.36.70.233 52.36.70.233	16509 (AMAZON-02) (AMAZON-02)
9 12	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
6 12	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
6 9	185.33.221.13 185.33.221.13	29990 (ASN-APPNEX) (ASN-APPNEX)
1 4	94.130.102.164 94.130.102.164	24940 (HETZNER-AS) (HETZNER-AS)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 2	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	46.236.13.147 46.236.13.147	12703 (PULSANT-AS) (PULSANT-AS)
1	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
1	23.205.253.64 23.205.253.64	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	143.204.98.117 143.204.98.117	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	54.76.212.160 54.76.212.160	16509 (AMAZON-02) (AMAZON-02)
153	42

1 2606:4700:3031::ac43:9926 (United States)

ASN13335 (CLOUDFLARENET, US)

lookbook.nu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:20::681a:12 (United States)

ASN13335 (CLOUDFLARENET, US)

lbstatic.nu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wasabi-files.lbstatic.nu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:d000:a:ecd6:9900:21 (United States)

ASN16509 (AMAZON-02, US)

d33veqcui7lu1w.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.95.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-95-188.fra50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:3c00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.157.4.121 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-121.dus51.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4010:c07::9b (Lappeenranta, Finland)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.65.246 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-65-246.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.90.238 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:7400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.36.70.233 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-36-70-233.us-west-2.compute.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.186.34 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.35.236.247 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.33.221.13 (Amsterdam, Netherlands) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 94.130.102.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de

hal900012.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.193.130 (France) 2 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.236.13.147 (United Kingdom)

ASN12703 (PULSANT-AS, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.205.253.64 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-253-64.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-117.fra50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.212.160 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-212-160.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	googlesyndication.com 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 tpc.googlesyndication.com — Cisco Umbrella Rank: 128	194 KB
25	doubleclick.net 9 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 95 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 cm.g.doubleclick.net — Cisco Umbrella Rank: 211 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 293	208 KB
21	lbstatic.nu lbstatic.nu — Cisco Umbrella Rank: 663927 wasabi-files.lbstatic.nu — Cisco Umbrella Rank: 789404	872 KB
15	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 262	851 KB
12	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575	11 KB
12	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 780 static.adsafeprotected.com — Cisco Umbrella Rank: 565 dt.adsafeprotected.com — Cisco Umbrella Rank: 517	112 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 248	9 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 31596 hal900012.redintelligence.net — Cisco Umbrella Rank: 243152	57 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 302	40 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 176	137 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 19570 api.webgains.io — Cisco Umbrella Rank: 54577	52 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 77 www.google.com — Cisco Umbrella Rank: 4	1 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 137	2 KB
2	gstatic.com fonts.gstatic.com	26 KB
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 41028	2 KB
2	medialead.de 2 redirects pv.medialead.de — Cisco Umbrella Rank: 46083	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	83 KB
2	quantserve.com edge.quantserve.com — Cisco Umbrella Rank: 11703 pixel.quantserve.com — Cisco Umbrella Rank: 423	10 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 282 fonts.googleapis.com — Cisco Umbrella Rank: 46	34 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	34 KB
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 15136	705 B
1	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 67611	312 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 262671	931 B
1	media01.eu pb.media01.eu — Cisco Umbrella Rank: 44330	627 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 7579	792 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 903	438 B
1	cloudfront.net d33veqcui7lu1w.cloudfront.net	4 KB
1	lookbook.nu lookbook.nu — Cisco Umbrella Rank: 596995	10 KB
153	30

	Domain	Requested by
17	pagead2.googlesyndication.com	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
17	lbstatic.nu	lookbook.nu lbstatic.nu
15	s0.2mdn.net	lookbook.nu s0.2mdn.net
15	tpc.googlesyndication.com	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
7	dt.adsafeprotected.com	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
6	googleads.g.doubleclick.net	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com lookbook.nu
4	hal900012.redintelligence.net	1 redirects 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com hal900012.redintelligence.net
4	hal9000.redintelligence.net	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com hal900012.redintelligence.net
4	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
4	c.amazon-adsystem.com	lookbook.nu c.amazon-adsystem.com
4	www.googletagservices.com	lookbook.nu 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
4	wasabi-files.lbstatic.nu	lookbook.nu
3	static.adsafeprotected.com	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
3	sb.scorecardresearch.com	1 redirects lookbook.nu
2	api.webgains.io	analytics.webgains.io
2	fonts.gstatic.com	fonts.googleapis.com
2	track.webgains.com	lookbook.nu 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
2	pv.medialead.de	2 redirects
2	googleads4.g.doubleclick.net	lookbook.nu
2	fw.adsafeprotected.com	1 redirects 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
2	www.google.com	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com tpc.googlesyndication.com
2	www.google-analytics.com	lookbook.nu
2	connect.facebook.net	lookbook.nu connect.facebook.net
1	www.googletagmanager.com	adv.office-partner.de
1	analytics.webgains.io	track.webgains.com
1	fonts.googleapis.com	hal900012.redintelligence.net
1	www.awin1.com	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
1	ad-server.eu	1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
1	adv.office-partner.de	hal900012.redintelligence.net
1	pb.media01.eu	hal900012.redintelligence.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.facebook.com	connect.facebook.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	pixel.quantserve.com	lookbook.nu
1	rules.quantcount.com	edge.quantserve.com
1	edge.quantserve.com	lookbook.nu
1	d33veqcui7lu1w.cloudfront.net	lookbook.nu
1	ajax.googleapis.com	lookbook.nu
1	lookbook.nu
153	44

This site contains links to these domains. Also see Links.

Domain
www.taarimaa.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-10-28` - `2022-10-27`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-25` - `2022-04-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
redintelligence.net R3	`2022-03-29` - `2022-06-27`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
dt.adsafeprotected.com Amazon	`2021-11-19` - `2022-12-18`	a year	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
adv.office-partner.de R3	`2022-03-07` - `2022-06-05`	3 months	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
www.awin1.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-18` - `2023-04-19`	a year	crt.sh
*.webgains.io Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh

This page contains 18 frames:

Primary Page: https://lookbook.nu/user/9875454-Taari-Maa
Frame ID: C09538967EF209C1BCB7E63FB8BC2211
Requests: 49 HTTP requests in this frame

Frame: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 472B437D25216A45927E739EBDA096B3
Requests: 1 HTTP requests in this frame

Frame: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 75CD3AC0C359E8ADD45FD6CCEE2C6076
Requests: 15 HTTP requests in this frame

Frame: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6F4E095D11807044EB5D6A3B3BA450B5
Requests: 19 HTTP requests in this frame

Frame: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B4772FE33BDC437CB82AD5FD20140C43
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMClKRCYniwYusK7wwEwAQ&v=APEucNVqSoi0cjW3zeGugpTNceLwrqWHhJV36rOxV725edXOXPnMVb0JZCd9ayBfsHI07zUJHzLStw0w-FfeZLR3E1FrZP-rFAmsEyuK3X0myRbsL4C8ujTb3we-JLCVhh5uv-49_IwiI-YP0zKxEZolcbmykJ0AQF9W4xdWPaSEZqGCJgDoMZY
Frame ID: E27916DCBEA2D761A326AB7E57B514B0
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC5mpUCGMrhmcgBMAE&v=APEucNWABqW4ARs_ZXvmlFNWDzF6190eRGpuTK2Hu2grk10YzwF6zAfuHrrEXxGV5uWw1nUS4ASLY8ZwtzHbRFZysljvyvRHraMC3cKnUw-iu6Dd9WQc3zE9QaMKZ9W2UHvm9SoNkSGCJroUhbndcCfLfgu_TgyA57y-nNg2m9o8bbUyQXnNGBQ
Frame ID: 55BBCD9161EB986C07E7089747A1139E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXCbeB98vKQehvT2GB52g4RMuuAg56UGsogOsC5iPVBg0eOdxxUCBtiqDN-SX9awQDKUCKZKsXONikA2cpg0d3Zn7juvhoBHdLXoupZn1CzdOIck7uCNZRZYsy3n4Wp7_BZECwTbfOPcCyp9PyoJJpntKTQ8ZHiEfmyO0woXzEDW3QSpQk
Frame ID: C1011EF36F1EFF46DD4795C9BC6E8F7F
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 1F733A911EBEED8278DCBA73B8A57B22
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1DC5482C098FDBCB5D45E1485DC138F9
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C736406205DA4481FDF32C87323AD8B6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4133034DE766E2C0E93A8BA5DFEB3E1A
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
Frame ID: 0C89931C62FFF301271A73BE7E7C03C2
Requests: 14 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=30638100075181304444554011933012&actionid=981741&produktid=&dt_url=
Frame ID: D5528D4BEC37B9661643C5B148CBD55C
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: A1EEF8C4075A67ACD790D52FCE56BBC5
Requests: 2 HTTP requests in this frame

Frame: https://hal900012.redintelligence.net/request_content.php?s=30638100075181304444554011933012&a=1824eaca
Frame ID: EFB54FA66FDC494B9D693A3D0B823D6D
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F85211E069EA21E5341059C5E2A48096
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 98433B176E02501FCD6CFF529AE7648A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Taari Maa | Lookbook

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

153
Requests

90 %
HTTPS

57 %
IPv6

30
Domains

44
Subdomains

42
IPs

8
Countries

2759 kB
Transfer

5669 kB
Size

26
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.taarimaa.com/products/raksha-bandhan-cards-rakhdi
Title: www.taarimaa.com/products/raksha-bandhan-cards-rakhdi

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://sb.scorecardresearch.com/b?c1=2&c2=8354559&ns__t=1650277995761&ns_c=UTF-8&cv=3.5&c8=Taari%20Maa%20%7C%20Lookbook&c7=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=8354559&ns__t=1650277995761&ns_c=UTF-8&cv=3.5&c8=Taari%20Maa%20%7C%20Lookbook&c7=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&c9=

Request Chain 72

https://fw.adsafeprotected.com/rfw/bgd/1016769/62197370/xbbe/creative/adj?p=APEucNVzKBLKM-ojNtGq2ggt7uQHx_c0tr-1bbXRYjsUO0b19nOZKwM&d=CnkAoCZ_4CetQsuZKc71b67o1IwRv_dVKwjqOEpWnY1pq8gVOJ8a5mUC-LgDPTPZBukEU3df1JMSOmSsv0fT9z_e17QzahWuIdhX5P3ADht2laK4IfrctQhpktVPQaGNO8TkTHGNdbSv98CkEu5BO83uXFD8-g-VJXplEtkSAKAmf-Czhu1DnuTgAqcpY1UVegLEj00rMnjdz3UbvEyiahloSKEg0XS71KzlF0n-7aeypz-WvU65ufxF0FCuLXXwvquGwxtuk-cxP-F_oCA1ccsigmuup0p7Z5Cs2f1DRuK28ysMRVBEwC7ou_Fb8QU6a5GUwkNKUEtDQsxxjec_RUh7CWihBf3fck3JSZ76NbAJ2n25A5XcN7MrRjuEp9rjz_qX0-Y4NHotq_xUFJ-R0_Opw8eC46fhuBuzdcevrjRQfd1EfLp3bZ-OQPDuI-C5TSHqCnT96UlwVz2VJBSa5WafiyT6bA4IiFBKzOO9rHOzzlaYgzAjgqPBU4keeTlJ52wHn_Dr5hEU9rO5rIUo6_zibKC6tXxeqYP4BDe2rWl4LtHTf4dcYw-ObuWNOkQKvI8HPUKncGp6BVmjgy4i-BmdQ_0RukyySXYgVPywk1OZk8oVxHEyzZnowZxCSqG1mso-O5iFx9dmoiTViuof7JQLy4wHvd3zbOP15bSLtyNC-ynAqktlWSPakfLlGzcd-FoWKn6eLjUgd2Rze0tzQa_NI3heat4qPhjvosQ9Bel1Q2MjV_ADYcHJEzfk_gQjuh2dbQ0GVTzqw4hqfBZwJ0ZJverBIP1stITDXzJSKa59BHLiL0_FWVdqZ7DISwj7c3zhM2VolpT2txrLkrRtTEZ3SrrJ-KcGXpYR8II_Vg41YxuUSS5GoXzAjp6tRdwTVPEqnvOrGPBSlNpj1BNKUUoL3D6FHzJZbemSUpQ6SB29oFlVSRCsr9gQQoX9lY5YLt7tLUZS5ZBCvsXrzF1_fEOefWYL75b2hsnGgQpcoWkoKN6jNt4mePL5FUD1J-zWhDKYI5gEuK0N4pfIseyqrPZ0RvhbRWAo3CWh5jZpM9w67-O6nqXzxSfjgeWuvOinOPZ9aUCIJjckWHqwaWqc90Qjd4ixvyiv6kAzd05W4HSl3Ryv-r1FQiXGtV4UoXx7XUf1zOZZB6Q30PrmYRl8sa0FrrrWSq5KwlzTQ_j42amM6i2PxGQb-OrqN3SyPKLORtAetv1xFput4Zp8NAJAd4vJnLj5eE619SS2eY58vhtFbotOgE5SKC0tFrdsKPlpS4ndyRlclFZDtTkADvUai_CmtdPTElNvSRc5eRrCGvvKya2iou4MY25vrwxx_rTxK5-leYT9po5fHMeUtl-pfqgDGtOYg-fl4rMYSVniGRhT2j0x6ffMS29D6-BiD6KHgVb5LvcyGsjcMWQL48XJ2TigZcTMcUaYheB-qy7NTmOLYNE_1xqY9M94WiFFVdHl0Zii5Vorsc6FKFk7pmyUpa7FgX_ieblhhV6vrRlobqqtUw9x1W8Ef6klwkABInk82Dh64OtdaSssqo4rKW8j2a0rLhAq3xUL5DPlzqGEpKMHmMNdOsq1LvtFTDYb1jF0STDyMiYdVwGe0o_5g3tg_l32rWgt3F9yOu-ybcx6OAGvJIeuMrEVHl8N_eXHXwdJgSP92WjZoJIeIDhB0mbscKhx1u0pqLCgSqSUsBhEsiCBqIVbBgixfYOnSGj63sPdL1OzwNEMhThLi_rX-GK_pOwFo60thOYfG_fi0tBiVkqMYpkJ1rjDTOqvncsHNSfOmPO041T0UCGQV71rmtROOGxmguqZ9vqZoEpRbD44Eel8CnwzviSiN_5lIDOAq_axtZDg6yjFaiu4XfzxT6LGWGnLoxlYwAOoU5kgnxZuYAuBbPJ7sfwImpqyJ1ANqFDYW0Hv7IitSK0j88yAT4dS06aaMqnzIY5a096b2STDYUFmsv2ChDwg3Rx-QkC3xgWcjXP0TPYY_z4DN7SaSb7L4MQ9aUHyqHCscMShLpPe5n8EmccQTX2HScIQzzLpHwSM2Fu239Mhan4JG8aYgQ3Ba9FSrb3bSpB8lLMF3Z7G7--ZPQ5sjx92QUCXqM3G3V7VZBZvpRUICgjdHtAkqLWGNb2EkC5Az4eDmG5n7h_RJFkAvl1dspbLPTNIspp4RpHeVZc6abkKAbpom_26_vtduQNSlzBoltGOJBeFlsurEQW7aFmT3AKFcpS9_mKzxQ6K7DNx1uyfh37rAJVsTBRMi9ecK7l4_smt_7Msk2IsvqU_VbbnoPYYQogDPO_AqaEasvqIRtAi-BdnPLHy3plUBemNOcvBwAsLyI1nDsxgRsgoG4ZqTNLc7I1Y0Svl5KpNf1TV302xELop6-Q2U_7dbn_9mrDXxTFjwhz81ogNQFA0gYjhxewsynNDEEOFUTQKAsUTlm9d30nET8yWfY2igW3FD1pJ3Jzh_hDDphLGY4VGWXdiR-zKHnKJScGwudNkJXetwwZpvqU7qf__1HUL75GnRO873q_-MShSBgG4IJeD_DVFgLx9VsfUaZoAZyrH8bNfgsXhfGnegoroiNiVxeaPXFQw7FdjM2HjNyabnwu8cvohR6MR6FOqdXsFoe-97JeOzOzDDA3MdWmRta3zRz7pC7FeiLPOnpJGpKSm0X476uTOs81CjjGxnPgdWXuuR8FY7irFtVzlzcKtnyAkgLwEFMLIHGF5Zd9tNp5XABxu0d_FT6PEslh7oGOnCLD1b2yZerVoRwmsudANYw39x8gh2N0EVT3SbgBFsWH7Rztjmy7nKPc28ypiVcvdtfysd3euNmkptfqFSgF-pPtGXhEFLbB2e-o2iIj9BziwD5MWtPDisqdAp_4GLcnChmCdd3JFg62hs18kb6myyZXXY1alqwBiOUMypy2dj0iHrlquvWW4OI1ncJkxeG3g4D2P2X__ZZ2usadedKvG4O1D0fcmOlnmCPc1idEobWJ6ax6XmAOleZZUGgG_kSJlQtpC7gzubWuLnI0v0_hPMVPHEKa3WZ50SLOKbd-sBMVgmMDNlor26aiQCStlUEql6ZpGIwwG11CQsUlxTxUmUkcp26C1JS-IcZumuComA3frHQb7XCchxuTIg9k230aeHFCUI1KEDPBHEP38KEWVVgGcmLseA9Uv49t_IJcwKxE4l-121E-9veGNvUllcRIyojbHJM3ssBfpjaykCRGdMxQwLogizmD_kKxnaQ9kfrhdUczQIuLqYE_sgSst9om_dysAH_NyCVXGmm07_xnCl8MLTulTKzG4bdrw6Bxqdergy6Li1vdcCIApPI-GosI4AGLKABBQKiyZ-By5pHBPR7tejHWOw3NVhykaMQgEEi0AjSKyzBkDHVLwd-e1uT10tkGgXGvA-Bg_sYpF53nDWW7EuzXlUlrCKd_qJwJgAQ&ias_dspID=3&ias_campId=27895355&ias_pubId=pub-0790894148451785&ias_chanId=1&ias_placementId=16903879348&bidurl=https://lookbook.nu/user/9875454-Taari-Maa&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hlXiiBTCLVApZ7yCtxCPdc&adsafe_url=https%3A%2F%2Flookbook.nu%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:57c8a358-ae3b-63d4-55f3-b8c8b6520fc0,c:a8dFuC,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7f56698b44-82n4t,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:6,fm:t3lQigo+11%7C121%7C13*.1016769-62197370%7C131%7C141,idMap:13*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:22,oid:f537fe50-bf02-11ec-8cf1-566719e087eb,v:19.8.299,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/passback_300x250.js

Request Chain 80

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1

Request Chain 81

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yl0.bAM12b8B.U1Q11nkOgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2

Request Chain 82

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1

Request Chain 83

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D

Request Chain 84

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1

Request Chain 85

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yl0.bAM12b8B.U1Q11nkOgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2

Request Chain 86

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1

Request Chain 87

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D

Request Chain 88

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1

Request Chain 89

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yl0.bAM12b8B.U1Q11nkOgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2

Request Chain 90

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1

Request Chain 91

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D

Request Chain 92

https://hal900012.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=0df69568ba&subid=&uid=58c969849cfa8319&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC_W8XbD5dYrrlBr6P7_UPotKk2AKm5b2gaa2VnKfJD_AuEAEgoa7VGWCV4pCCoAfIAQmpAl_9NSf3JLI-qAMBqgTkAU_QRbtH8pIx_79_yGRAf2bMKkO0h7lc1sMpGfeBFic_EKb7GHsQFI0qilSpnmQLiAZvVaXwE7Rs3OfKKTylWve96YDXhB6bcIlKv_jQZhDSB1tKiSNtPuUmng3jaVUjvYpA_OmC-7as25Z_dxR4SSjGRaGx9nWCYOVMEheeAUuz59FlYUxGB-ci-AQfaPO181BbWvkvkk2CErChBOav3hWxpo0K5PhaLPCSsvyozn34-6WHA3BnOcmb-fZRlk9jRkmE68P6Vk9I6PlgdSVO7z12UE6FqPz0g00aDrQ0AtLeIfinyMAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg%26sig%3DAOD64_3hpiAYlySnMvDmj4wvHEjE-XQtMA%26client%3Dca-pub-0790894148451785%26dbm_c%3DAKAmf-D5Mn-tHcbspRBz09obCx8WXEo0ev0lOCwa8pVSdZ6yICm0OKKv0VbhQu3Ck6zeHDZkuGIjEWjmVoBn7UTlY1zMdW15RAcf8f-KcYB9yuvmPb_coThDHio5Kbk07b4ktgBcNTGJ1RmITBaoWTUV0PZVad4mUg%26cry%3D1%26dbm_d%3DAKAmf-BgYIMjpSnJBnsikgi0cihBlVqFBLsVt21LPzUK6BJ4z0qNZPlxw1nutDzHjB_pgXtRFVVNoSotjoQYUhzZviG6ANXYpGxItHuBCpQqBnCQg6DHu458kmEAO1x5hY-EdOPmNlwKnNcMenAL1cJ882dGbYEOuy4bG-MzZOlMqHltwd3iDMZDKVuq1blxvcsRnCEGgVV7G0hQqeAieL4zqLvf67fvBa90bRfwGz0b1XGCIkoqqv_LppmHw1-3nTzOrcSKhLhhdVB7tY1imal0m3sw7131fVO9kkRMShkv2dSIaiLAcP-TwVyxbY-9GnCGOID5VdYAYnCmVm9t238A5t9WCCrAWmYtgI47C7-3e2SUhXQKr5pdbmRmDF-oQ7pR3v8qoNL-q0hyT6dJLZgc4HbsmNaubhzo_cIZdQWmwP_4_vZrQ06cEJDyjwkzlz-E7C4TR6gfQnGrlSAvLhLT68Z_rn3VFQ8siGlFGZhynaMJfO70qwg%26adurl%3D&documentReferer=https%3A%2F%2Flookbook.nu%2F&ancestorOrigins=https%3A%2F%2Flookbook.nu&random=3775906432402&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900012.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=0df69568ba&subid=&uid=58c969849cfa8319&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC_W8XbD5dYrrlBr6P7_UPotKk2AKm5b2gaa2VnKfJD_AuEAEgoa7VGWCV4pCCoAfIAQmpAl_9NSf3JLI-qAMBqgTkAU_QRbtH8pIx_79_yGRAf2bMKkO0h7lc1sMpGfeBFic_EKb7GHsQFI0qilSpnmQLiAZvVaXwE7Rs3OfKKTylWve96YDXhB6bcIlKv_jQZhDSB1tKiSNtPuUmng3jaVUjvYpA_OmC-7as25Z_dxR4SSjGRaGx9nWCYOVMEheeAUuz59FlYUxGB-ci-AQfaPO181BbWvkvkk2CErChBOav3hWxpo0K5PhaLPCSsvyozn34-6WHA3BnOcmb-fZRlk9jRkmE68P6Vk9I6PlgdSVO7z12UE6FqPz0g00aDrQ0AtLeIfinyMAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg%26sig%3DAOD64_3hpiAYlySnMvDmj4wvHEjE-XQtMA%26client%3Dca-pub-0790894148451785%26dbm_c%3DAKAmf-D5Mn-tHcbspRBz09obCx8WXEo0ev0lOCwa8pVSdZ6yICm0OKKv0VbhQu3Ck6zeHDZkuGIjEWjmVoBn7UTlY1zMdW15RAcf8f-KcYB9yuvmPb_coThDHio5Kbk07b4ktgBcNTGJ1RmITBaoWTUV0PZVad4mUg%26cry%3D1%26dbm_d%3DAKAmf-BgYIMjpSnJBnsikgi0cihBlVqFBLsVt21LPzUK6BJ4z0qNZPlxw1nutDzHjB_pgXtRFVVNoSotjoQYUhzZviG6ANXYpGxItHuBCpQqBnCQg6DHu458kmEAO1x5hY-EdOPmNlwKnNcMenAL1cJ882dGbYEOuy4bG-MzZOlMqHltwd3iDMZDKVuq1blxvcsRnCEGgVV7G0hQqeAieL4zqLvf67fvBa90bRfwGz0b1XGCIkoqqv_LppmHw1-3nTzOrcSKhLhhdVB7tY1imal0m3sw7131fVO9kkRMShkv2dSIaiLAcP-TwVyxbY-9GnCGOID5VdYAYnCmVm9t238A5t9WCCrAWmYtgI47C7-3e2SUhXQKr5pdbmRmDF-oQ7pR3v8qoNL-q0hyT6dJLZgc4HbsmNaubhzo_cIZdQWmwP_4_vZrQ06cEJDyjwkzlz-E7C4TR6gfQnGrlSAvLhLT68Z_rn3VFQ8siGlFGZhynaMJfO70qwg%26adurl%3D&documentReferer=https%3A%2F%2Flookbook.nu%2F&ancestorOrigins=https%3A%2F%2Flookbook.nu&random=3775906432402&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 102

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=30638100075181304444554011933012&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=30638100075181304444554011933012&actionid=981741&produktid=&dt_url=

Request Chain 106

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=30638100075181304444554011933012 HTTP 302
https://ad-server.eu/wm/pb/native.png

153 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 9875454-Taari-Maa Show response
lookbook.nu/user/ 32 KB
10 KB 575ms
531ms Document
text/html 2606:4700:3031::ac43:9926
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:9926 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db513f489ed0426bfdcaf722ba9ddc11e2fa87304744948631d3d03e6b244a59

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=14400, must-revalidate
cf-cache-status: MISS
cf-ray: 6fdcbdba9833905e-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 18 Apr 2022 10:33:15 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x74KPhHykdOJkMgqPCF%2Bp6mS3ZdcDRqWsQ0Mp1PX6VGf3z0BvSfBoCjg9Dcjq6IXbOcA0m7d9rEYfGVAYEhKdmrZezaD5%2Fa1W2qjiTcyzKUvsJLIZGT%2BJNjo3l39n64IzqJjxHzpdBPr6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding Accept-Encoding
x-rack-cache: miss
x-request-id: ffdfe7385154ed5aed7c459fea8d8888
x-runtime: 0.055175
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 application-e4fe603c2b70ce160ad7d335edb27021.css
lbstatic.nu/assets/ 575 KB
77 KB 84ms
31ms Stylesheet
text/css 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9aab9a81ed9cdb217eefe585e153cc2f64ea8792d5adf9060538a9b0b44ce4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
age: 3342
etag: W/"61fba691-8fa63"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6fpGPjw12icEWSF3egwp3MuBLEoSC5JjSbN%2BKVpHFEO7cZnN%2FNwyGsbQdjHtZdUieoAFUfGdXJiNQxsp%2F3Nap7IE3OJrhG34PsUK4L%2BNCVm3WcyvKycNZtTN%2BvBlweuRadKYt1zTiHhN"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6fdcbdbf3d07916a-FRA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ 94 KB
33 KB 142ms
49ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 09:43:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 348615
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33434
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Apr 2023 09:43:00 GMT

GET
H2 200 application-7b818775488356777838903bd9f8728f.js Show response
lbstatic.nu/assets/ 556 KB
158 KB 97ms
44ms Script
application/javascript 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/application-7b818775488356777838903bd9f8728f.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd4bc601b2d6cdd261ca5f70037aaefd1766fee638771a12fb8aeb1854e3d76b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
age: 3342
etag: W/"61fba691-8b177"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2F2ktF3NfZIilbbbTvIsg1cx1jCTQDdPMWVd3kosQbpdwOVW%2FsN8gsTvhX%2FHEQwfKb%2BLP1uSvYKdma%2BwnapQgLRzbxPOYc2fE0cueBPtKwPnxVhMar7DcgpK5uRtOmqouLO9IMCS42Bk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6fdcbdbf3d0a916a-FRA

GET
H2 200 application-d09c4e65376710846df00b38a9418a27.js Show response
lbstatic.nu/assets/moo/ 91 KB
25 KB 82ms
30ms Script
application/javascript 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/moo/application-d09c4e65376710846df00b38a9418a27.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 553678e59fceeacafd5154462c78076454ba407aa61ad43bb7d3537f7145998a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
age: 3342
etag: W/"61fba691-16a8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tn89e1fqaELKZoCahRqh9fTwebL9D81Gezg%2Fcf1DhBG9AvrBS%2BMixcMLX7BjDdchSFFxv9iwc9RoPCJo2PCT9eOgM%2FA6AyJWxrb07DPup%2FJjf71XJyphNp8fHwlNWtaf%2FWp9vNJuNotK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6fdcbdbf3d0c916a-FRA

GET
H2 200 prox-new-6f58470807ac660d8f50fe544c823bba.png
lbstatic.nu/assets/logos/ 953 B
1 KB 22ms
21ms Image
image/png 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/logos/prox-new-6f58470807ac660d8f50fe544c823bba.png
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1852ec5957212ab1ddc679453216178799dd25a2c75985a885e7d467328795e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6837
content-length: 953
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
etag: "61fba691-3b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tXiZVGGpijKIXzEbAoPMCzbHLcvniNxpZ3JceiUNjTtR536sk3n7ZeH2lnU5foHML6f37xUd84j8wNw4MWr8u6sGN8aWKmaYwlnwO82TpjAm0iyG4dgwqLtVFJJJ1P2F5JMsTysNc35c"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6fdcbdc01e90916a-FRA

GET
H2 200 more-0b061e84918c4f68f8a0aad60ae58625.png
lbstatic.nu/assets/header/icons/ 19 KB
20 KB 26ms
26ms Image
image/png 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/header/icons/more-0b061e84918c4f68f8a0aad60ae58625.png
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b0df5acd41c11fc146d64795aa729d99370a98109ce1e441db4ac0b7f69d025

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6837
content-length: 19662
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
etag: "61fba691-4cce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPlN30%2BMwDOmLiXn0fEVA1n%2FAoqodKKMTX4RxlWxah77YOpv%2Ffw7%2BwzYdMeJHCYbKvRo9byrJ7ddTIYcfB%2FWOy%2FmECgt35QSgt1GoNHQw3U9zY51d5V%2F%2BrVHLmnjJZg7QN4k2KoK4imH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6fdcbdc06f48916a-FRA

GET
H2 200 plaaastic-86b5fe39ee14bb829d6e28be811408f6.jpg
lbstatic.nu/assets/cover-photos/ 154 KB
155 KB 27ms
27ms Image
image/jpeg 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/cover-photos/plaaastic-86b5fe39ee14bb829d6e28be811408f6.jpg
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eb2e32cbdf541a52377b16f7ea920e5cd43cf518e2c103173ca1de4d8cf67f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2907
content-length: 157738
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
etag: "61fba691-2682a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V8F1DLd%2FE2%2FokRHsznOWath4hkymC9INHaLZpQa%2Fpj0ldn9Pa4IKv02qymUEBSjfT0Ux%2Bp65riNeG58581A5r17BAZ4%2FDCu%2Ftd%2Bmf1bX4hq%2FEGhBbPxTGm4yIjeKTD81vmUWk7oqlXjX"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6fdcbdc06f4a916a-FRA
cf-bgj: h2pri

GET
H2 200 guy.gif
lbstatic.nu/assets/ 580 B
1 KB 28ms
28ms Image
image/gif 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/guy.gif
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d7600604cb30e42b1511c91d29c886de204d3f46d8c265b9c35b0960ccf8195

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 329
content-length: 580
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
etag: "61fba691-244"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w1XeS9DpIEh3rV5DDtjgnyb4OA%2FJCcxAiLOHfYqn810T75qQOSXGHqDh2Sjh%2B8OIFWO3ExdIHD%2FSZUZGiCn8%2BbF3l9CvQg%2Bivtsd9oo%2BJjLmLji9MjmyXVSHi9KnRMr%2BpNDijRsK84SC"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6fdcbdc06f4d916a-FRA

GET
H2 200 ajax-loader-big-0d4c0c710c24223145d172f44db328d0.gif
lbstatic.nu/assets/ 3 KB
3 KB 26ms
26ms Image
image/gif 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/ajax-loader-big-0d4c0c710c24223145d172f44db328d0.gif
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 747
content-length: 2608
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
etag: "61fba691-a30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RWbuJTvZLpQdrttu4J8ECqfPNkL1CQhCzglWwEpDOgZhCYvd36OE%2FV1AECY3xUawPPPZDeTicH4L%2FwOIo3dsmXfVGN3dwdexUeZ3qhVehJvEbQZPwUBeuN%2FiYmhJxWc4bSo80SdIRPkp"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6fdcbdc06f4f916a-FRA

GET
H2 200 ajax-loader-fb-4fbe973b96349c727a1d97957527acc3.gif
lbstatic.nu/assets/ 723 B
1 KB 28ms
28ms Image
image/gif 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/ajax-loader-fb-4fbe973b96349c727a1d97957527acc3.gif
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1cf81bef2ea82eaa43265a5ff786b7cd74e7d5f4f2de104b586f092ca0fb886

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 771
content-length: 723
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
etag: "61fba691-2d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2FdWXJrZLjAEIGe2%2FquW6Ujtw9rZSNBWKRbKM%2FWTQ2grwbijs7%2BNd9QPLu%2BBMBtD%2FDn2W63Ef02uBPae%2F6ykynaFTVYgKtt624E%2BlsHCTsCqph4w%2BNFDk23BOShxLoHIIm%2B1fciYx3nQ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6fdcbdc06f50916a-FRA

GET
H2 200 2234188_IMG_7829.jpg
wasabi-files.lbstatic.nu/files/users/small/ 5 KB
6 KB 35ms
24ms Image
image/jpeg 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wasabi-files.lbstatic.nu/files/users/small/2234188_IMG_7829.jpg?1493234856
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59466fcac8870221eecad5cf85c6ea8b32577e4b2f2660d16fe70ab6935fe105

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 578498
cf-ray: 6fdcbdc07f70916a-FRA
content-length: 5273
x-amz-id-2: wOMnU7Xb4fSMMcStQiK+C+1eo5655mspVpzA2Uz5laMO7mqd5bPI4fjKNq/J+aK9MASFODjxAq9N
last-modified: Sat, 04 Jul 2020 23:04:22 GMT
server: cloudflare
etag: "e716b1bdedba96c63890fe1d48dc05c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OXoHOdUzR7YYc%2FNvodehdselr9rFY30DCOB9B%2B2bfAey6%2FWSeiD2gdbQNcXMHHxeuz%2Bg1UxHu3mSFizOJrptE33RNp6V8Hhy7U%2BBZx2pMYmzQ50VWCfjic%2F7h9DxnuT238RmQwJm0ImrohJxYo29GHus2rdPiA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: E0B0E6F2F6121A07
cache-control: max-age=1382400
x-amz-version-id: 001593903861629149569-5rhmpLjZKR
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H2 200 2389423_image.jpg
d33veqcui7lu1w.cloudfront.net/files/users/small/ 4 KB
4 KB 63ms
10ms Image
image/jpeg 2600:9000:2156:d000:a:ecd6:9900:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33veqcui7lu1w.cloudfront.net/files/users/small/2389423_image.jpg?1622125798
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:a:ecd6:9900:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 51d35bffe0aeaa64097b7fdae34d06a35cd66390ebcbb1d9b8d6846a82144580

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: EJRN5X0ic04l2AhyDHMDvp4w1XdpQKge
via: 1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
last-modified: Thu, 27 May 2021 14:30:00 GMT
server: AmazonS3
age: 114097
etag: "9f825fcb005d58955398f31fcbfca8a5"
x-cache: Hit from cloudfront
content-type: image/jpeg
date: Sun, 17 Apr 2022 02:51:39 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3836
x-amz-cf-id: 1OrwzcU_pdB56RmrAVOuMUeWm3OCNptrdbgl0wPB_tmr7jYTA3iKig==

GET
H2 200 5729247_image.jpg
wasabi-files.lbstatic.nu/files/users/small/ 3 KB
3 KB 132ms
122ms Image
image/jpeg 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wasabi-files.lbstatic.nu/files/users/small/5729247_image.jpg?1556689270
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e6d52cda07540ae13ea2ba6fdf52ab1bd57530880afd1815e8845f041966067

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: E9EEAA53A646D9AA
cf-ray: 6fdcbdc07f6d916a-FRA
content-length: 2912
x-amz-id-2: y4RkgX4l6LFPktPpjWzEIPHMSMu+3oE0Hhe+/GF3PTWhZSIM4zYx2LrOmEtl3XawL6mEdU9v7udr
last-modified: Mon, 24 Aug 2020 13:02:12 GMT
server: cloudflare
etag: "344be71b97008c6959a5edbf49ccb08c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Ga7J1EbVcVHbgac3UsX%2FfxSypBM7ycoowzwDrvH9bI1Lzbb7UGRojFYKpZ0MJVqDpNJg%2BRGTuh8WPaUvcKdzQJbVqqAUnfqfkzwFmLKSZL6y%2Bce7LCibAvkBZ7mFLN%2BRVIOdU0v8e67Gkg1S%2FZkV8G7fMcKnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 001598274131855475062-etLEFSyPAT
cache-control: max-age=1382400
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H2 200 5914565_image.jpg
wasabi-files.lbstatic.nu/files/users/small/ 3 KB
4 KB 35ms
25ms Image
image/jpeg 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wasabi-files.lbstatic.nu/files/users/small/5914565_image.jpg?1646802159
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2c7515288d5d4ed0b1c4606a673614a17300b865f901a0d5932df1d54c20e5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 449626
cf-ray: 6fdcbdc07f6e916a-FRA
content-length: 3503
x-amz-id-2: phzJb7u3BROVXYZQGoXrh/KNf5WxYZzd0mXRxwxOQh0q1pmZCFnLg6zYUBMgemYAZif07Ry9JLgj
last-modified: Sat, 04 Jul 2020 23:00:36 GMT
server: cloudflare
etag: "256f15fb6b75811a61f6241c404a360b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L0bi1JenF2mdkPJ9bzJ7ab8P4IkyOU4KmsCwBJNt4rdtyzzWZj%2BQubKZtiqkE%2BUoJKkF4njaf1YXYd%2FhfczIY4iZxQDzbZI0F52dO0%2F3%2B3KHJqiSVe%2Bp3VThXpGYMzyQBwQY2QFYxlQ8fNDRNXjdm%2Bx%2BqfRdug%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 9938DAAC5B6FB764
cache-control: max-age=1382400
x-amz-version-id: 001593903636438270665-lyIZB1DrrN
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H2 200 5211302_image.jpg
wasabi-files.lbstatic.nu/files/users/small/ 3 KB
3 KB 50ms
41ms Image
image/jpeg 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wasabi-files.lbstatic.nu/files/users/small/5211302_image.jpg?1640085855
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc1e78a5cbe9e37f06546e1b831b08988edba2e09307f726d49eafbdcea25630

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 487214
cf-ray: 6fdcbdc07f6f916a-FRA
content-length: 2588
x-amz-id-2: flgcQwW44rCJlDH02KNXhifqvj+unmADRHiyOi4u4Iac7KPgninxe440Wqgn5+43vK3jRb+1UJ1E
last-modified: Sat, 04 Jul 2020 23:01:34 GMT
server: cloudflare
etag: "3084ec40b6b81d757917df40a04b3bff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2wnrcNtLdbXLqVNCNvj4dfCxzEQt5gQjEU7LbzzCdcKXftfVV9NKPQp0Koge2ZX%2FUNyjPDeXFmDwxngIivvUXAPQwuqmYZCw0zrJNGLV%2BCmpd%2F2gGtri7hh1nExPkWGe3JJij7uBBAVqnPgxs3Q23J4aMTWhaw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 2F3E65B7B41B1DB9
cache-control: max-age=1382400
x-amz-version-id: 001593903693809835320-sOaAtQ3IHj
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H2 200 arrow-up-white-5b97dd7bb071edf6b965bf452cda9fc2.svg
lbstatic.nu/assets/icons/ 686 B
738 B 26ms
26ms Image
image/svg+xml 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/icons/arrow-up-white-5b97dd7bb071edf6b965bf452cda9fc2.svg
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c53cb61e2947d208c306c8680d407115d7663d1920ef125ecdb1ffa417f22fcc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
age: 2414
etag: W/"61fba691-2ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=driV5IXI4WjcFbeVTnPdN6N0wm4MbggQnbm5v791s3qjtp%2BkO2OOHo4ZJqDmP5IqolxtnyPnshRignsa%2FPXbACT8pg9mEgazF3DiEGfy8Gs1ZT5Rf2W47iBqmQm%2BM8pDO8OC3elG9zPr"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6fdcbdc06f56916a-FRA

GET
H2 200 quant.js Show response
edge.quantserve.com/ 24 KB
10 KB 129ms
11ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.quantserve.com/quant.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 25 Apr 2022 10:33:15 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 83 KB
28 KB 139ms
44ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6efeec2f34bfbc7fdf5ce29588ae4d4dd021578c1494bec829ef4a5221edc50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28564
x-xss-protection: 0
server: sffe
etag: "1190 / 64 of 1000 / last-modified: 1650271296"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 18 Apr 2022 10:33:15 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 135 KB
37 KB 59ms
8ms Script
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: 1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 6RTeJ.t3xDSJXjTxhAMtPfr9IcIsozAE
content-encoding: gzip
etag: 4abd427e43cd6822329a2c05539e321f
age: 677
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1ZVGBQ3VS6F0YKZ46EH8
date: Mon, 18 Apr 2022 10:22:49 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: J2ov3b6yLdKdu9C4neAVHwkm2ewOo-3L1oXrn1zqPqAoxhKJmNZcvQ==

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 58ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a0f1b2e3c59e8ead3c208aefebba198c0dbeb7447ab2025d92b7e7c8f7f8dfc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: SHfKSJeB49Nc67tCrX47Mg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Mon, 18 Apr 2022 10:46:23 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: 9sYvnofqHfnGo8xR3ZhR9KSnpEIP5wFsmMteRp4NanvoUEciYkX/3jxnnD74NINdOpXPIjSK+1YdBVk+N/F5MA==
x-fb-trip-id: 686109401
x-fb-content-md5: a17d7b9c20aa20f9c8f52b8fe028758c
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 18 Apr 2022 10:33:15 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "f32e5c18aa11eb2c0bfcb2c75ba236dc"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 129ms
38ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 964
date: Mon, 18 Apr 2022 10:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 18 Apr 2022 12:17:11 GMT

GET
H2 200 ProximaNova-Regular.woff
lbstatic.nu/assets/ 85 KB
86 KB 60ms
25ms Font
application/font-woff 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/ProximaNova-Regular.woff
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99f73ec26d9716363ea8ea73560d10f91d63cf18e32103bcead35559ba1ac361

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
age: 354
etag: W/"61fba691-155b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Af8NVEAAK2FzyWTO4kv0%2F3uH9UWeNRveYmv8XFy5wekSgdOHtQ%2FMaRiTYgjWUKO6ECuheJAI6hNkBZ0kkbdritStvoeBFZaoeMlEpTLsPkRZdwxeroVzSAm3CTtgC%2BJqPPy81cX6JTo0"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6fdcbdc0d8ed9c07-FRA

GET
H2 200 new_sprite.png
lbstatic.nu/assets/ 26 KB
26 KB 26ms
25ms Image
image/png 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/new_sprite.png?cb=9
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fca1fb4990a3abf9e6bba05433ed88ac85bfc8471a273c9c306a7685ace89d26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 918
content-length: 26481
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
etag: "61fba691-6771"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VirLZgDxSDpXCo5Zh0T%2FdV8GhLcug3Grr3QPYLs%2F1Cb6aE5ATwD40xv9OJUzdeYyZ%2BWWKnn6ELE08FWwQTlGSpHY8%2FjQNX96jWSbRLiWHlK2%2B34zYIP5GDxw6Na%2BbujC%2FXhwX%2By4aeAu"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6fdcbdc0afc9916a-FRA

GET
H2 200 ProximaNova-Bold.woff
lbstatic.nu/assets/ 76 KB
76 KB 66ms
38ms Font
application/font-woff 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/ProximaNova-Bold.woff
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cfab6a75576c6827a6d5dd7f823e993678ee3161fed858ca4bb51ae8ce96677

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
age: 354
etag: W/"61fba691-12e63"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bX9Ejmk4ymlHL9Nw5SrL0whG0Le%2FkpoZlj%2BDlJY66BgVhKA4b19lnfeRd9o3j0TsdV2p5cAMny2mIXg0vAihnL5LL33ndznLodUPVaruLni2X%2BqHYIFCGWMb8em8uQwWfG95o1aIXFob"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6fdcbdc0d8f59c07-FRA

GET
H2 200 fontawesome-webfont-6a928d6875c980852c3823caf78dfc43.woff2
lbstatic.nu/assets/ 55 KB
56 KB 50ms
22ms Font
application/octet-stream 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/fontawesome-webfont-6a928d6875c980852c3823caf78dfc43.woff2?v=4.3.0
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 354
content-length: 56780
last-modified: Sun, 15 Jul 2018 18:53:39 GMT
server: cloudflare
etag: "5b4b9833-ddcc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FWFWN1usCd5MKP6WBMczpzzNTi5YzvJt5Hzo9oFcCMil9fkhtN3aQEmQdTYUiKGpGu628XfkKfx3D%2FaBOTYF09Tb%2BP87g3mLCkfGUiX3m97WnSH9IWtNelAZMx5D9tvLk2VR7bV5d3u1"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6fdcbdc0d8f19c07-FRA

GET
H2 200 ProximaNova-Semibold.woff
lbstatic.nu/assets/ 80 KB
80 KB 66ms
38ms Font
application/font-woff 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/ProximaNova-Semibold.woff
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 299920669c7ec8c0add3c58f21eea89871a531545df0b8d70c46db2f44ff4cc4

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
age: 354
etag: W/"61fba691-13e7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQr68MD8IxLBlyG71SGDd0lgErgHouBVmIp3i0qUnYOq7IKd8oxrlhGpNcmjQZSUEYdRzDANOu6p82I%2FQoifgHxIdql5QcA%2FcygYv%2FQPmV0nAwcwjlxeN2GYj0FoD6ynGgIv4b20wyO%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6fdcbdc0d8f49c07-FRA

GET
H2 200 ProximaNova-Light.woff
lbstatic.nu/assets/ 91 KB
90 KB 66ms
38ms Font
application/font-woff 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbstatic.nu/assets/ProximaNova-Light.woff
Requested by: Host: lbstatic.nu
URL: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 202f5a44ef1b1fac13c36c93eee29c52cd61f6e4f3f3ccbc35ce23683cc605bd

Request headers

Referer: https://lbstatic.nu/assets/application-e4fe603c2b70ce160ad7d335edb27021.css
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
age: 6141
etag: W/"61fba691-16c17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meCi3cZrDCyzdZX09EmwN0A2WImg%2BhzNT4OkEabvhJ%2B9ZZmjQjbMwFMkwtFkb9NuWVF3Upc%2FbKiSEez5pKD2MT1gX9eow7vXEtPMNj1OiUrT%2BAwu%2Bfmir3AnjEAVHx8meRHbEOja%2Fsvg"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=1382400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6fdcbdc0d8f29c07-FRA

GET
H2 200 rules-p-15_abpQY22gxg.js Show response
rules.quantcount.com/ 3 B
438 B 26ms
8ms Script
application/javascript 2600:9000:2156:3c00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-15_abpQY22gxg.js
Requested by: Host: edge.quantserve.com
URL: https://edge.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 01:42:26 GMT
via: 1.1 ad46d498157a92ab1076f74db460670c.cloudfront.net (CloudFront)
age: 32311
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:43:01 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: o9gTQLOgZI3CVfDz4rVc-XbovthJc1fTCxh9TtCVILY8zCnoPzWOeQ==

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 37ms
10ms Script
application/javascript 108.157.4.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-121.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 02:43:28 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 28187
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 672ccfdef8d96b8bfc26646386cb4488.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: zKKDGTzOzsTI7LkjrMLE6QPGaeD4Nrj9LDq7APKxWNtOYokYbGrTkw==

GET
H2 200 bubble-e7fec504b573a5fe7aa9a6f1b12e7976.png
lbstatic.nu/assets/ 294 B
598 B 21ms
20ms Image
image/png 2606:4700:20::681a:12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lbstatic.nu/assets/bubble-e7fec504b573a5fe7aa9a6f1b12e7976.png
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd66670e33f248ddc8f8accfb0173af1e10af2389bd59f04ff148ed3e7ff3025

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1042
content-length: 294
last-modified: Thu, 03 Feb 2022 09:55:29 GMT
server: cloudflare
etag: "61fba691-126"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o0pgDc85lB1RCgSaLZXvwXYX3uGsJ8%2FhQuNcYFzbBLt93OCspzi%2BXZ4BNQJA3ypnDj6uqhHzIiHSpF1ytFfHQ9%2Fq7srP0gR8lO6oFUSKhdk%2FeKMwjbT2l%2ByxrmaXiIo0RlYDFAZ1sAsM"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1382400
accept-ranges: bytes
cf-ray: 6fdcbdc138e6916a-FRA

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
307 B 9ms
9ms XHR
text/plain 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Flookbook.nu&pubid=32930239-e300-4e84-8205-3dc868716562
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 04:42:36 GMT
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
server: Server
age: 21038
x-cache: Hit from cloudfront
access-control-allow-origin: https://lookbook.nu
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: JtNULl3K2pKyFFSodBe9vUJU_Kx0icpJF01jH5j7BnVazngEFex3iA==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
488 B 50ms
48ms XHR
text/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&pid=d7rlrxBoeJvOf&cb=0&ws=1600x1200&v=7.75.0&t=2000&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1509568888555-0%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F1093101%2Fex_hp_728x90%22%7D%5D&pubid=32930239-e300-4e84-8205-3dc868716562&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.95.188 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-95-188.fra50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-amz-rid: VA80E1KK6WRBV52P26W4
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://lookbook.nu
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: fkn5QiyxYJPGzezL5hHYd7Y8foqmu0rF-JrKmq22SWKxZjgccjka6Q==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 26ms
10ms XHR
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 25086
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 17 Mar 2022 02:21:48 GMT
server: AmazonS3
date: Mon, 18 Apr 2022 03:35:10 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 a394c864b23364262af48fed4e7e9fac.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: M9HXDTqRoFQL2myn06ImTEda98qnqmh6rGcDCFHfeaKORPiTixpZsQ==

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 283 KB
81 KB 16ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=560761f843e6e146ce1ff398484ada0e

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a39b8a79e766dcc145e36963289cd8b497bd5131542b98c05695f4c09598003d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://lookbook.nu/
Origin: https://lookbook.nu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 2upGcIqMqP2Hp2Ng8h0r3g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Tue, 18 Apr 2023 08:49:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 82864
x-fb-rlafr: 0
x-fb-debug: tBS1eBp0u2hhi2Xs0SYmBfIZSrTSWvf1BT/hL9TLn0oH6tTjidaZ00/2PPavcg9YQfQE5SKrGR4NAvtqZ2WTEQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 15312617c824102f7d26ad036e117f19
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 18 Apr 2022 10:33:15 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "08e6513f91a5f60123f77824c5798749"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 pixel;r=1056886987;rf=0;a=p-15_abpQY22gxg;url=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa;uht=2;fpan=1;fpa=P0-1815704186-1650277995745;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;g...
pixel.quantserve.com/ 35 B
372 B 39ms
14ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1056886987;rf=0;a=p-15_abpQY22gxg;url=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa;uht=2;fpan=1;fpa=P0-1815704186-1650277995745;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=lookbook.nu;je=0;sr=1600x1200x24;dst=0;et=1650277995745;tzo=0;ogl=site_name.Lookbook%2Ctitle.Taari%20Maa%2Ctype.lookbook-nu%3Auser%2Curl.http%3A%2F%2Flookbook%252Enu%2Fuser%2F9875454-Taari-Maa%2Cimage.%2F%2Flbstatic%252Enu%2Fassets%2Fguy%252Egif%2Cdescription.As%20Gujarati%20was%20regularly%20spoken%20in%20my%20childhood%20home%252C%20I%20spoke%20it%20so%20readily%20tha

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:15 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
436 B 128ms
42ms XHR
text/plain 2a00:1450:4010:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-4019432-1&cid=1397857931.1650277996&jid=2042232347&gjid=833259878&_gid=112585449.1650277996&_u=YGBAgAABAAAAAE~&z=1471428671

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4010:c07::9b Lappeenranta, Finland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://lookbook.nu/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 18 Apr 2022 10:33:15 GMT
content-type: text/plain
access-control-allow-origin: https://lookbook.nu
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 82ms
37ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2063746141&t=pageview&_s=1&dl=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&dp=%2Fuser%2F9875454&ul=en-us&de=UTF-8&dt=Taari%20Maa%20%7C%20Lookbook&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgAAB~&jid=2042232347&gjid=833259878&cid=1397857931.1650277996&tid=UA-4019432-1&_gid=112585449.1650277996&cg1=User%20Profiles&z=469304973

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 01:15:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 33481
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=8354559&ns__t=1650277995761&ns_c=UTF-8&cv=3.5&c8=Taari%20Maa%20%7C%20Lookbook&c7=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&c9=
https://sb.scorecardresearch.com/b2?c1=2&c2=8354559&ns__t=1650277995761&ns_c=UTF-8&cv=3.5&c8=Taari%20Maa%20%7C%20Lookbook&c7=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&c9=

0
191 B

15ms
14ms

Image
text/plain

108.157.4.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=8354559&ns__t=1650277995761&ns_c=UTF-8&cv=3.5&c8=Taari%20Maa%20%7C%20Lookbook&c7=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&c9=
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: H2
Server: 108.157.4.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-121.dus51.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:15 GMT
via: 1.1 672ccfdef8d96b8bfc26646386cb4488.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: CRdRdZhbeNDehWQvmT5Nu6fPE17XNvG8QSrN6QVVHhbq9KfXElOLgw==
x-cache: Miss from cloudfront

Redirect headers

location: /b2?c1=2&c2=8354559&ns__t=1650277995761&ns_c=UTF-8&cv=3.5&c8=Taari%20Maa%20%7C%20Lookbook&c7=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&c9=
date: Mon, 18 Apr 2022 10:33:15 GMT
via: 1.1 672ccfdef8d96b8bfc26646386cb4488.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
content-length: 0
x-amz-cf-id: BxuSq-Ta4uIzTtsdhr9HvF5GkG6Ny0pxveGGWZDzaXsse8fw2NDBOg==
x-cache: Miss from cloudfront

GET
H2 200 pubads_impl_2022041201.js Show response
securepubads.g.doubleclick.net/gpt/ 369 KB
126 KB 99ms
29ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

ae1662349ff25bf23f2d8c4d4affd74d2531892eac8dabfd7a05d80459c36583

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:24:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 535
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127945
x-xss-protection: 0
last-modified: Tue, 12 Apr 2022 08:36:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 18 Apr 2023 10:24:20 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 110 B
725 B 106ms
38ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=lookbook.nu

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

fa154aae30700d792a088ec67e9e94878f0947772590d3dd49bb69dcdb1fc3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 10:33:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89
x-xss-protection: 0
expires: Mon, 18 Apr 2022 10:33:15 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 54ms
37ms Fetch
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=71607949800&input_token&origin=1&redirect_uri=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&sdk=joey&wants_cookie_data=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=560761f843e6e146ce1ff398484ada0e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: uutjelvUn+DYX9IcR+ElNGCuU94ZGaNWCSRdKPSRGxw2PmKxUvqXB04W8i5b6dIUe+9f0IwsYVKu4jxFpr37Bw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
date: Mon, 18 Apr 2022 10:33:15 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lookbook.nu
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 138ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=lookbook.nu

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 135ms
45ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=lookbook.nu

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 41 KB
15 KB 388ms
349ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2221379032323076&correlator=1910726940292202&output=ldjh&gdfp_req=1&vrg=2022041201&ptt=17&impl=fifs&iu_parts=1093101%2Cex_hp_300x250%2Cex_hp_btf_300x250&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x600%7C300x250%2C300x250&ifi=1&adks=1276300409%2C1030487218&sfv=1-0-38&ecs=20220418&fsapi=false&eri=1&cust_params=d6%3D6%26d20%3D19%26brand%3D%26leadersize%3D728x90%26sideadsize%3D300x250&sc=1&cookie_enabled=1&abxe=1&dt=1650277996021&lmt=1650277996&dlt=1650277995291&idt=679&biw=1600&bih=1200&adxs=990%2C990&adys=384%2C1496&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x250%7C300x250&msz=300x250%7C300x-1&fws=0%2C0&ohw=0%2C0&ga_vid=1397857931.1650277996&ga_sid=1650277996&ga_hid=2063746141&ga_fc=true&btvi=0%7C1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

76b18cd3c46fd946063620646d58828292e07130e3c3ccba798e23ed0718453d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15035
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lookbook.nu
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 14 KB
8 KB 348ms
309ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2221379032323076&correlator=850235120465370&output=ldjh&gdfp_req=1&vrg=2022041201&ptt=17&impl=fifs&iu_parts=1093101%2Cex_hp_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90&ifi=3&adks=3286650984&sfv=1-0-38&ecs=20220418&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=d6%3D6%26d20%3D19%26brand%3D%26leadersize%3D728x90%26sideadsize%3D300x250&sc=1&cookie_enabled=1&abxe=1&dt=1650277996026&lmt=1650277996&dlt=1650277995291&idt=679&biw=1600&bih=1200&adxs=310&adys=384&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Flookbook.nu%2Fuser%2F9875454-Taari-Maa&frm=20&vis=1&scr_x=0&scr_y=0&psz=980x0&msz=980x0&fws=0&ohw=0&ga_vid=1397857931.1650277996&ga_sid=1650277996&ga_hid=2063746141&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

22453f56e95151d0ddd020f01d8569361a235712871cdcf5e313cefce2faf95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8171
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lookbook.nu
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 472B 6 KB
4 KB 458ms
44ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 10:33:16 GMT
expires: Tue, 18 Apr 2023 10:33:16 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 75CD 6 KB
3 KB 44ms
43ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 10:33:16 GMT
expires: Tue, 18 Apr 2023 10:33:16 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6F4E 6 KB
3 KB 37ms
35ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 10:33:16 GMT
expires: Tue, 18 Apr 2023 10:33:16 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B477 6 KB
3 KB 44ms
43ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 10:33:16 GMT
expires: Tue, 18 Apr 2023 10:33:16 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E279 624 B
615 B 207ms
121ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMClKRCYniwYusK7wwEwAQ&v=APEucNVqSoi0cjW3zeGugpTNceLwrqWHhJV36rOxV725edXOXPnMVb0JZCd9ayBfsHI07zUJHzLStw0w-FfeZLR3E1FrZP-rFAmsEyuK3X0myRbsL4C8ujTb3we-JLCVhh5uv-49_IwiI-YP0zKxEZolcbmykJ0AQF9W4xdWPaSEZqGCJgDoMZY

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 10:33:16 GMT
expires: Mon, 18 Apr 2022 10:33:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 75CD 79 KB
33 KB 164ms
80ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C-B5tMit31X2IM7kpjBf_rh56qRvNr6qoavPjaqtCgMWBtPp0JOFRZ1ss-WwgJKwc9wiR5HJRxgR7y74F5SWB6p6vfLLW1ScqChRagysjw34qpKjc9U-kf1guiS6t2LD4NA7Gzk2KeKoF9BUqaTiyMHXHeBg&dbm_d=AKAmf-AZnppAVH7qELRgrB07kUjsL7vobjjOyECjzgbVypq7m8jYSnbIPEXkjdNkv2U6UWwo2JGEl5ZO8Ct_8fa01y59eOVPUcpr-Syk67DU4u37ffsJQSNn2uUkCRFz_DsBNDiDuReWlhWKhGp0kdd_iuGfXFP3FhamGfQHmcbZo-A37GUR9qrtYtzoODX3RXFVi5kwDJME7q3nZOuTWKjpExM96asjoreizmkpXMmH_ysz69xB5Y-W4dq8173dDX4jeKz-58kCFq8PS4XWJp3oEzNjCHlTGGwmnBb1uNPnFWM7-UjIpU47cKxygXn055K-CmEKIM92gxeSlkhU7eqkPhe2-CIwgBhJVxPQylo2c5VGpy9aRbMX9J2pS8ApkO4oh8ftKyJ61rXFjJnMrNCW2JpVFo0kKc5kmcQ9_KTg5d8y4bv0n3j9pE0zVDXYshe64xexEA0cSPWWgyGdE4yfw-JXzSAh4APtQzVURaPJBDtKqeT6q0mryEx546Pa5oYv3EgJSYG23Rnmce51QMwRotlDQsKedkDjP-5Rjmdv4IX0Mbq_0NzNfH-DfFqDDrlYY7sSKAsGG5CQtxU7z2T6-lzI7UWx08kBsEKAYrIFsVJsYrBcRWUyxB-sYIwSIHVYygReiO8--rQjlJDfWHjzxQIvtr5ksf_2P5tf0t0m9XSyw2eTiIgu_IhNMqyAezIJb5WXSpeCFPZJigJv12BzCrjUPaUfvs-rSJ4fQiz-R_ulvPrVRaa5r0zIMtnpOE9vwK1CllvBiJFDw6HYTfSEZe1D188eWo5R2gnEX7jMCM5cUj-5oQly1ekKzHz_FXnFyXN3gcI53PFZt3YnV9uiub52-acNMcAbCuQQZVDdWkefL3v5TU4BcoqpF0gItEJxXBQU8Rey9MqqYt_RhIrwuHeSR06-RBXMCfeT0LVo3p65p1pYfp1Fx9K7uJ2Io9VfCJxwnc9MK7IE8g04O07ToqmJK8Qb9IilEsbvkU-uzVkbJw5Lixcfiltm-twUw292CQIFqkKAPF1ODQG77QO6fK2l1ZGZUttqA2kzI_uiX8wy66wajVmJQUuYg8UiUXSGBbewG5vD6OT1Lk3iAM2j5c4tGAT3MJs5-zLvEf4X-StO52weXdbWzQBAfrapKhIgXCDcliL1k7BD2yJmj5awUt2FirKk536DWwZOVgtQOJZoaWfKbIrkJRHBxKYgs3t4MlFevOrwtCd6AVwWhIlb5zQnQk2ehpwq2wXLxvqH3K7YkHRLmdlw6-wFfqrw8o8SmhPhUykfwGgN6GSs7hzk0ycO1QCjjeOdK-IAts9pAbBQw6kC6WprzFXHso8a6plAnxkUTO-eZJc8P4cb5NhwQ6_0m7fUk6Jvy0DfKuS28_f38JRdQrBEEAXrvVwR52kNFYJObygR5bkUK7-W5yyVjAcQUBHn6Jhw8RMCbT3ZusjWffkOkKZ4yiVgRW0WPI22JzxNnQVLqj5UOUxRbVVSg9SIS3-EBtYVsv9xLrR4Wl7IhNpv2Ikn_fAMnJmBA6h3aTRDt-_GvPR2UzCU7PkiuZxFnkXSAi2B3RwG6JOq_Jbpi4leg73V5sGjPp7QmFdkKULW5BEcYJRKpi7Si7iVbEsLqz-DhsC113uKGGh15my0uFf2Khp8_UYK-DIn3qQQvdpbvDOgucNUCupR35TzqDAHoSd4SM6zob6thtS8CgvVGTpxjltby6biJrkd2_HUw-YzFQkFWmWoFSLR1oH5MuznlG7kvOVRfNSWKTgbB11sqrSQYn1QE_4FiFzhb2PXIuzauKSiQF-YsKizXg__Q-ZZkWi8keTqfdwGkot685XcBFJ9a8jqh4KGy_1FLrAsPy4TerOBYmGSqKF8rvsXyU5p-WzKbQMZd13PD1lXTNZGbTI98QtUK9qLkwX6tjiu7GMgPoYLBrhZs4kuma4oH3iwjXy26T_CruHpnRQT64qAB-TCd97Kft0lWHbgnjwGCXe96TLh9tJfzPgiChF4wypFwJUhomIRTh6KY_Zcf17iFg46eM6-FR2qNNlgtHeNGewPt-TykBq0t-JjcPU3qjcVypoK3sfu37vYms8VOxbmz6Pvpd-NoIdDZKiyEexz-bSuo-NBXGE-FM2claqRwt7rnucQg--X9vSly0og1dzxXXdgFsH5lWCFVGHncPG9vgGfFRbbZNNlyDK8v2BK0MZwKaocGLr_N-BYhemj9JEUpNhF3MbtJSE965pHIqZgiSD-u1RWgd8VIEEAkhFCuy5Bi1mtDIs-2XSx0bA937CZjykzI_b4jj5zPJzCOZrjbQWJgZjyTMurgZCMpnMwhNaxX97Xjwyk8Y6s0ej9GdumrKUGaiAHq1kPSCWbpyPLouv_zAA911CbqLUDbyn7zzH0VdP6kZ2q7cFlvx6eQnKgNDO31jvzcIUYjuT6cVcEPko_b9OigJB3k1KwKNECJJRbtSm-P1pavb9sEItMmc8u2hKQVTruqYkq_AtxaLMMqyqPjeJncibOrdJOTH-MIq7ZhzsU26MLNBemzmvvAEqaRDTpePkI5NFMC32R0NMNTvZSICYJAwBuvPbSW9VM3_-i-j4QB5yf4rk0dnxoKFHUTfqTfdCFhJpD3sH4m9ozTWxKgDZ135SctBUzqJR9nKUh1hD3IVMH1eRhKENUBpOaZZWGxonhNbw50AKBUdo7cKV8XyrT3UejoGODA0Q6lVBfoiqJgAn3TAe7vCDdzuzFgHsUhxOkG35810vMD6mHWVhCA45HekThbB0vOF-bceubeY9WYviFrtZQh8Bk7mCb1YYbt4NUUOVBizlIXo1Xb8bz3f0X8nud-hVARQopxeheBeFOryet8t2XHuMtmPbrp_viF0c6LFsOojRo5Vt56O1haAcQVUygZHezHln_Fxvc9ahMbIdtlIFeOApM8iipOm3LZugD714CYYLTcy2NSe25KY5FyArcVhDvZr9iRRQe8IDPyyj31vgmhJwW__Ggx6aq54gwrcPsjM5gQKYRY_YITRm9qMeJ2CRyA2DW4Z3cTjHrcA&cid=CAASJ-RoC5xsLGXSNlsnk48EyShdAojvTLaEzqTDkZyyikRTovCAjq0LKw&rfl=1%2Chttps%253A%252F%252Flookbook.nu%252F%240

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2462753fb71eca62b1057d83432361ad147e80bfb02d4f3ec3fb94655e6dc3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33228
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 75CD 42 B
107 B 157ms
70ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CnrxbFbhHSIATY3zN7RFNu1iVkn4J_tpxpyDlzIKwtGrMgMbIVYOqwYA5UH26EKAI2KXpndDzdoF6Nsih-qSLw6mH3ccYo4rUEhgthSH7SNmFT_AY

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 75CD 3 KB
1 KB 152ms
68ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:30:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 02 May 2022 10:30:52 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 75CD 119 KB
36 KB 53ms
53ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36909
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649897599747219"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 10:33:16 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 75CD 15 KB
7 KB 118ms
35ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 02 May 2022 10:13:33 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 75CD 0
0 139ms
48ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR9bm2zc1bPduZ48oqZtEgl9zm6HHUKVve4oUnGpt7raXfbP08xKZCqdhCH-LOMcT4l8Droe9k3ZINU3KH1nMK0mh3UbQ
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 55BB 624 B
559 B 206ms
125ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC5mpUCGMrhmcgBMAE&v=APEucNWABqW4ARs_ZXvmlFNWDzF6190eRGpuTK2Hu2grk10YzwF6zAfuHrrEXxGV5uWw1nUS4ASLY8ZwtzHbRFZysljvyvRHraMC3cKnUw-iu6Dd9WQc3zE9QaMKZ9W2UHvm9SoNkSGCJroUhbndcCfLfgu_TgyA57y-nNg2m9o8bbUyQXnNGBQ

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 10:33:16 GMT
expires: Mon, 18 Apr 2022 10:33:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6F4E 14 KB
11 KB 144ms
64ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CNbT0dwjjuos6cqqARs7s-RiAKhU7ixjLSI67C0S47eoBC2B93oGK4p5UsstVaT9T_MATwJMqHjfvdchPP5RNWClunL-SK1dceDlFbVPvouFSu80L99b29PcBZoFX8o0xaOzOk_BzibZRi6aEH-xZ5WEW-TQ&dbm_d=AKAmf-ACHitr6NCjRK-sG35_YUnlN8sLUjvEiSPUQ8Cln6IRl7t9o9Z5ZLNZSBMetQWYLScbV0u3Zh-0fFg1SqKM-28sUcpXvlo3yi3eFtgn_K7_yHeI-UZmzM3FQz8Y_jd0QplChhy609RPKOuUNTsR6b57XTCNHUJRtgYs89evzQlYuQZx5qaipcxXE_KClHolxyyWucKOAfIAga6oK5QK4qxX0u4luo23JTLraD6A0NJ7e7Bz1ezNWgpUhhGtRPsRkJ2MX7ys0e9Ehlo9CdJcb82_gZv_5JnJMwBWf90HCMwYDWhq2kn5286eURYchHKj4s9JxY8PaPFIm3hOWyQCf3ylyBLoxcrlseh0sgpXrafAxKiQ1QVUJFvYZHz8-VaHEFpf8Ehua5FAAUSCi09c4wS-oUDM606Ra65AixrGloeUBkoibyV5voLBFaCy65GfSxj4PW2yPLQZkFAOJHhuonx95yWY9CKYI78ki1WDA43X212SBYKLwrNGxGlVcLBOw7M45lvrhzu6DEA-s59bHNhL4sWxHR-v1Kk1eBl6joF88G4GlKU0qC19ttBB60TDnWSj1jdnguCQsIhIIcTv96wzsAdlyM-m0WVyL7AYP7m2L2Msil3PQjmtw4E9M6FpcjJsDPDlIvTXbttstZek8oo0yiABPI1Siv9sBQ1D7xG6bGvwe41JIfiXb-H5eo5yLF4dKuoYb2hcXB8J73PwKrjvnf6Hzzj3x2qlBk-H9LvGRuNwYqIkO7UAJY7ve0IBI0vy_qPJsq1XPGnV5_J8aGCM4ftgbMM0iTJzbYFVURSsvmHE1LeNbTa1WAi7cMZJiTILWQCoKUxOUI-UXZ_6fKg3-T8TU3liJswL9cTv69SJiXU29g2U_KeFBigjf23VnBVG0ycl0oU4Tp6oq5_MMkNUJE9ghak9MdDNgr4-U9dbFq6bmTiHPsx1dYfbIt4ZJaER0r85kD6x3oTeJE5g_EEvQr62WMjptLT-SMezCUvGv56JIpHjcWH4ZcETtOz2-pqZX99ALvx-V3geRATsXowJcM7ZFXbutjQYzE0QkAmDJQtqCl7v42ZJJkns7EiSIPkvaGGRmCG-hn9fIvAIZ_wx8-OVwv3yDikJ9znwfbD3cSRq6WBkzK1r07wdjOj9IdSO6YPsrmGZcKZEgdXy1W11uosJfL3GxAAsOTHCcTvkjtG66ANmKtecCWoXCN9R3kJZxzxzWlJgO19mmaX8VbCCZdf-FGjYeupPaM0nAFMRyUphwRqKeOsGRcjBDKI9EtxDgEJdKr7E4Lk2r7pUXFjAe2YQELHrpp0aMaa4AuIMFFgABPUDVmh9Bt_y5ok1bocakbqHcZ9U87umrJHOXi_oWafEaFFO-lLgIZjSurnIGJo4RtOd1M4m1XH3PR0ivMl_-QsDMPtCa-h3QXFT2ubNHy7cfUEaxbf7XYcTsKd8apnoPJsb-cfVbx4WhsGND2fxw8Ezq2riN-cYDfDZJI7pB4qFpmamzRMQDbKeNS6ACUApA275vOcPXsVz3xN9hL9-sr5zMzVCft62MfKaXsBd6vO1MWL8xHpA7N316OQNLo2izndw9S4H5-WiBeymAkzrKEDWaUIzPHYe9UyK3-6dDojYIG1YtAfpGEkUg_jkqRSjdmFHvRlAGdtgXKVPZg0LRyO_77kCSXfdEQd1OOjnGsbax5-YN8jLW_sq8z5pKovFeeO1kycuogPxPYcftDJR-2T7ab6LpA_uOKyRtQu6a4P4TDEdbgmDRqbt8F4AxY09AcXz5AKwEsuu8EjzNczvYgLXqxSy4MS3Rz84JBhVQQhzqndaRsLG4WDh6xvkVtWz_kArFtygLDY-kRWXva4iBlk_r9l3Pusnm6m2Qy0igh_hoygqRb9bkre2qwwBBiPOX_xf4jWhRbJV7FNwGiYscKoUaE7nYzuzsF382AlWPBJacNOALRVfVNvOq1qT2hPG8kM7UdE0X9M--ZvMtHL9Yb4qmcnjqR8eIvw8Wg9_ipzKumCnIN1BEDDM1SivmyjSHcQor_4I_MbPcAFO_QanGoQe9Xvz7dkWJLz-LkamLXgU81haAfo4UNzKhVuWApTgPFW6JIbXrjp99QSA70J8yUrXRhSFr4cCwjSysuQ8l6ILJoGKFizIvmDEBlLRIBWVGz8KmxIoEnYTX7DMA_BKjPkC5rnzAuYmjjj0aowmayN0Q8vJE2cLeDFApy9WA7xUCffjLZpgeQZiNwtYEugN8gwdpdvlAB09TT_NnRTbh79VGOj4qx_W8AEc6ybWdyGtcoIULFmmeTqZLMkOLXlvv8Q8alwQlORxE-jlQ9iUq5U9zvfI8rxdS2_2E9PUnTrwObEhxeu-D5UETjOEtZFE3HnDBSivsjLXSG-mHYr8CLXU2mfU9ga3tl8cHK8Q1kB5aBhSammvHCXn0UOLwarCu5ox4kEiSGwPQDjIBY2MaU4jeFL58jK_VsqGBpKFOCCVVdwRmcD9eJr9yU1qctVrsEiWw5JOC5aQ9HfeaELH7tWeA6Z1DZJMZ2pjfTNqlLAygJyqMZA8prXWLTJnSx6W_3V-N-EDDFNGjD2hpxB7a27w6raGywGhOn8PlyqFDFVwbhiHyXQLbHfn6GpYk2ZtbnApeYQxbgSwKmkkrOv4Mn2w-0sacV_wb1kQkgDymuOb1lQT3LuFYJDmz4j3D1EhazpaxOeKjcBVFciFAxf9wAcrD547JJAa77AhS5Yvr67DLvA&cid=CAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg&rfl=1%2Chttps%253A%252F%252Flookbook.nu%252F%240

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

161176b4c466fa98c0d4b41d66faaaeeb2723b72f6af7af0f69b460ee337b090

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10795
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F4E 42 B
494 B 152ms
69ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BlLOvXZsvOhHIbwz_QmGW0fq0tofuwZymHDjhAFBwQqGFKf4LFxN9XPOlcKwE8UbNxPYXCFAMDzwZGI-Y5Vpl9c4IQo_-QTydPEQDsCbbBcrJjOPM

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1016769/62197370/xbbe/creative/ Frame 6F4E 238 KB
73 KB 124ms
35ms Script
application/javascript 52.31.65.246
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1016769/62197370/xbbe/creative/adj?p=APEucNVzKBLKM-ojNtGq2ggt7uQHx_c0tr-1bbXRYjsUO0b19nOZKwM&d=CnkAoCZ_4CetQsuZKc71b67o1IwRv_dVKwjqOEpWnY1pq8gVOJ8a5mUC-LgDPTPZBukEU3df1JMSOmSsv0fT9z_e17QzahWuIdhX5P3ADht2laK4IfrctQhpktVPQaGNO8TkTHGNdbSv98CkEu5BO83uXFD8-g-VJXplEtkSAKAmf-Czhu1DnuTgAqcpY1UVegLEj00rMnjdz3UbvEyiahloSKEg0XS71KzlF0n-7aeypz-WvU65ufxF0FCuLXXwvquGwxtuk-cxP-F_oCA1ccsigmuup0p7Z5Cs2f1DRuK28ysMRVBEwC7ou_Fb8QU6a5GUwkNKUEtDQsxxjec_RUh7CWihBf3fck3JSZ76NbAJ2n25A5XcN7MrRjuEp9rjz_qX0-Y4NHotq_xUFJ-R0_Opw8eC46fhuBuzdcevrjRQfd1EfLp3bZ-OQPDuI-C5TSHqCnT96UlwVz2VJBSa5WafiyT6bA4IiFBKzOO9rHOzzlaYgzAjgqPBU4keeTlJ52wHn_Dr5hEU9rO5rIUo6_zibKC6tXxeqYP4BDe2rWl4LtHTf4dcYw-ObuWNOkQKvI8HPUKncGp6BVmjgy4i-BmdQ_0RukyySXYgVPywk1OZk8oVxHEyzZnowZxCSqG1mso-O5iFx9dmoiTViuof7JQLy4wHvd3zbOP15bSLtyNC-ynAqktlWSPakfLlGzcd-FoWKn6eLjUgd2Rze0tzQa_NI3heat4qPhjvosQ9Bel1Q2MjV_ADYcHJEzfk_gQjuh2dbQ0GVTzqw4hqfBZwJ0ZJverBIP1stITDXzJSKa59BHLiL0_FWVdqZ7DISwj7c3zhM2VolpT2txrLkrRtTEZ3SrrJ-KcGXpYR8II_Vg41YxuUSS5GoXzAjp6tRdwTVPEqnvOrGPBSlNpj1BNKUUoL3D6FHzJZbemSUpQ6SB29oFlVSRCsr9gQQoX9lY5YLt7tLUZS5ZBCvsXrzF1_fEOefWYL75b2hsnGgQpcoWkoKN6jNt4mePL5FUD1J-zWhDKYI5gEuK0N4pfIseyqrPZ0RvhbRWAo3CWh5jZpM9w67-O6nqXzxSfjgeWuvOinOPZ9aUCIJjckWHqwaWqc90Qjd4ixvyiv6kAzd05W4HSl3Ryv-r1FQiXGtV4UoXx7XUf1zOZZB6Q30PrmYRl8sa0FrrrWSq5KwlzTQ_j42amM6i2PxGQb-OrqN3SyPKLORtAetv1xFput4Zp8NAJAd4vJnLj5eE619SS2eY58vhtFbotOgE5SKC0tFrdsKPlpS4ndyRlclFZDtTkADvUai_CmtdPTElNvSRc5eRrCGvvKya2iou4MY25vrwxx_rTxK5-leYT9po5fHMeUtl-pfqgDGtOYg-fl4rMYSVniGRhT2j0x6ffMS29D6-BiD6KHgVb5LvcyGsjcMWQL48XJ2TigZcTMcUaYheB-qy7NTmOLYNE_1xqY9M94WiFFVdHl0Zii5Vorsc6FKFk7pmyUpa7FgX_ieblhhV6vrRlobqqtUw9x1W8Ef6klwkABInk82Dh64OtdaSssqo4rKW8j2a0rLhAq3xUL5DPlzqGEpKMHmMNdOsq1LvtFTDYb1jF0STDyMiYdVwGe0o_5g3tg_l32rWgt3F9yOu-ybcx6OAGvJIeuMrEVHl8N_eXHXwdJgSP92WjZoJIeIDhB0mbscKhx1u0pqLCgSqSUsBhEsiCBqIVbBgixfYOnSGj63sPdL1OzwNEMhThLi_rX-GK_pOwFo60thOYfG_fi0tBiVkqMYpkJ1rjDTOqvncsHNSfOmPO041T0UCGQV71rmtROOGxmguqZ9vqZoEpRbD44Eel8CnwzviSiN_5lIDOAq_axtZDg6yjFaiu4XfzxT6LGWGnLoxlYwAOoU5kgnxZuYAuBbPJ7sfwImpqyJ1ANqFDYW0Hv7IitSK0j88yAT4dS06aaMqnzIY5a096b2STDYUFmsv2ChDwg3Rx-QkC3xgWcjXP0TPYY_z4DN7SaSb7L4MQ9aUHyqHCscMShLpPe5n8EmccQTX2HScIQzzLpHwSM2Fu239Mhan4JG8aYgQ3Ba9FSrb3bSpB8lLMF3Z7G7--ZPQ5sjx92QUCXqM3G3V7VZBZvpRUICgjdHtAkqLWGNb2EkC5Az4eDmG5n7h_RJFkAvl1dspbLPTNIspp4RpHeVZc6abkKAbpom_26_vtduQNSlzBoltGOJBeFlsurEQW7aFmT3AKFcpS9_mKzxQ6K7DNx1uyfh37rAJVsTBRMi9ecK7l4_smt_7Msk2IsvqU_VbbnoPYYQogDPO_AqaEasvqIRtAi-BdnPLHy3plUBemNOcvBwAsLyI1nDsxgRsgoG4ZqTNLc7I1Y0Svl5KpNf1TV302xELop6-Q2U_7dbn_9mrDXxTFjwhz81ogNQFA0gYjhxewsynNDEEOFUTQKAsUTlm9d30nET8yWfY2igW3FD1pJ3Jzh_hDDphLGY4VGWXdiR-zKHnKJScGwudNkJXetwwZpvqU7qf__1HUL75GnRO873q_-MShSBgG4IJeD_DVFgLx9VsfUaZoAZyrH8bNfgsXhfGnegoroiNiVxeaPXFQw7FdjM2HjNyabnwu8cvohR6MR6FOqdXsFoe-97JeOzOzDDA3MdWmRta3zRz7pC7FeiLPOnpJGpKSm0X476uTOs81CjjGxnPgdWXuuR8FY7irFtVzlzcKtnyAkgLwEFMLIHGF5Zd9tNp5XABxu0d_FT6PEslh7oGOnCLD1b2yZerVoRwmsudANYw39x8gh2N0EVT3SbgBFsWH7Rztjmy7nKPc28ypiVcvdtfysd3euNmkptfqFSgF-pPtGXhEFLbB2e-o2iIj9BziwD5MWtPDisqdAp_4GLcnChmCdd3JFg62hs18kb6myyZXXY1alqwBiOUMypy2dj0iHrlquvWW4OI1ncJkxeG3g4D2P2X__ZZ2usadedKvG4O1D0fcmOlnmCPc1idEobWJ6ax6XmAOleZZUGgG_kSJlQtpC7gzubWuLnI0v0_hPMVPHEKa3WZ50SLOKbd-sBMVgmMDNlor26aiQCStlUEql6ZpGIwwG11CQsUlxTxUmUkcp26C1JS-IcZumuComA3frHQb7XCchxuTIg9k230aeHFCUI1KEDPBHEP38KEWVVgGcmLseA9Uv49t_IJcwKxE4l-121E-9veGNvUllcRIyojbHJM3ssBfpjaykCRGdMxQwLogizmD_kKxnaQ9kfrhdUczQIuLqYE_sgSst9om_dysAH_NyCVXGmm07_xnCl8MLTulTKzG4bdrw6Bxqdergy6Li1vdcCIApPI-GosI4AGLKABBQKiyZ-By5pHBPR7tejHWOw3NVhykaMQgEEi0AjSKyzBkDHVLwd-e1uT10tkGgXGvA-Bg_sYpF53nDWW7EuzXlUlrCKd_qJwJgAQ&ias_dspID=3&ias_campId=27895355&ias_pubId=pub-0790894148451785&ias_chanId=1&ias_placementId=16903879348&bidurl=https://lookbook.nu/user/9875454-Taari-Maa&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hlXiiBTCLVApZ7yCtxCPdc
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.65.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-65-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 600bfe97fa2e038667ee5ff6d2d8455a5ef46a8950db22624eb7f0de238aa24a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 6F4E 3 KB
1 KB 125ms
47ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:30:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 02 May 2022 10:30:52 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6F4E 119 KB
36 KB 68ms
68ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36909
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649897599747219"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 10:33:16 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 6F4E 15 KB
6 KB 116ms
38ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 02 May 2022 10:13:33 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C101 624 B
560 B 198ms
123ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXCbeB98vKQehvT2GB52g4RMuuAg56UGsogOsC5iPVBg0eOdxxUCBtiqDN-SX9awQDKUCKZKsXONikA2cpg0d3Zn7juvhoBHdLXoupZn1CzdOIck7uCNZRZYsy3n4Wp7_BZECwTbfOPcCyp9PyoJJpntKTQ8ZHiEfmyO0woXzEDW3QSpQk

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 10:33:16 GMT
expires: Mon, 18 Apr 2022 10:33:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B477 14 KB
11 KB 146ms
71ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AgdyhNFGKhfg4Tw_rctf6iWXBHY0-tm9Lrbl0tJ5-vCbyWq-uFyvgiyVb_H_5Wv_8uKmhgf-f5s6Hs2QFDOMPX6FvFZfktOD7DCs6X5FLuc-Z1G5Juub_1CTjXYAMIHMQ9wn5BX-yGbyWbn5dFpfV7wKTZaw&cry=1&dbm_d=AKAmf-CYMxNCNLskQMZPCmgl9tFHYfx6crzPytwkNdoWu7PHD29ZTFBsF9DYksx3H_JlgN5Qg8aFGbK6re1mskVcJ0h4zRiv6cNgW0rmOdyBBwJksqReUq0iSoBm0hCuE5bxfAMesst1Jj2IbugCy7nb41bPerCNAo40W5vDr0_GY1YeHVc2NuRBwo3zlEsPd-jzcLalIl9I1TqeK7DeFKLu4Mon1CrXFBxRTFvz1RDh1PHHf23BORi77DqBI9uvv4X6J9JrdXwIa4MvUsOy7hZTp4P0KppS4KpaIeANARzxjZUd5D6K_VHmg68agQ-i1O48us2fL5IArzXjFq3NvtAwfC4jBt_zsgAl6UADYfnBJtnxyS4nk2x9HTAUD5pUBSoEA_bLfH5Nbbhg_1NSYTdXo8zPVYjVbM39GAhsjvKRw5i6JGYQCrANM8WhHZeQtzm1bsm3z8SKJ0a4v5wEeFJ-yzjhaMXrhMOfjjUP-G9L0w1feJFbUMyrh4OKTpJ9pmiytNy9J54POAPWrMjTDbMZfiL00xks741Bim5l06ur_OmmsMG43OY-IQyhmgf379bgWrSFtuKKZSFqfsJy2qYZnAbJrNDm5rF6j5VOMbT-rSfZ02Gtsz-Zq4s4JPYhUC71gHLSK8JzOdEGp1mns-kPFcezE9S5t3s3krlljOfL95ijttIfSrIGuaixb-4471bIqCohWK5VhL1v7AJjAwwgkmU1x9Qh0ZXIx2DnZ6CXLGqyNaXMELsoDKY0Zm_8uez7p4lmWu5wph7v8wewMZjZJ4sq7slNy7Gv_0S-fCXXOskLwtZQnmsCGha73xbkj4BCj_PKzmXmFUYDzbX1IWvY_a8CXGXzySDc2Z7Vor1KjQ-Xw0UNzEWfD2lcDF4Jl1ZVMTbDi-AkptMT0u_kYy8Y4NyS_JbPGayMNYtFjHitLFeiP_q5REtUxhRd6JgrY7eKoecCbFT5BTQ38ezHH0Y0hzSYJfhlWpwJfySYVvmjzs8omQ1aJBkJYuzdH1ozprs0kaKeKt0UbQXzfi-SvcUpeB7PDr_r3YkMWQLZMTK9gU51M4QAdN1STi_jqqzxv55fa4tHo_QvQpENxtDnFQygnJScVWhM3aTSZiiuEpSgZUagSJTKrg_nOPvHKpWowP-tBbr_wJabCrivFnHJV3YF6gd7_HH0dhI01yFdkEKNOmV-DLO7deqOXBNgKgKMNCYgLAnO2UZAygNbvUyLW1Me1o9pTNiBQd9BsSSbYAM0F6VROXBibwjh9C0lNz7EavK28Fw6oCamJZeo1sVgRjVnVuQLMu_sWv5toVmDHn6wNfuaSeFXOvqTiEnbUCFTb0T8P2h8T-SdsRdKOmqmSzXIEAFkIMy2cW73TeymBs-UNbx72_VQ-3A5j0fvsekBQ7gF2ZobLA2v4gwuAElMvwAIlmzHE_e6TcCcJF1z8C-DslMYRss8n9_ipiSzuQ4dcWiqV3KCn88JrwiQ614UfQCPDjmj5z3Eo4fcEtqlER50oomRKULeaYtNcJaHUplXFKlxyErgvCirFKfnDclZ_bN75PCFpi3qkm6xddp3j_H3D8yWeIWo5yra1Tbez9CATPxNf5_k9XpRtGsT92COBMpcdFwBBVCQN02Cb8i_9YcG6mLJitx77Oprx1W0SHffm3RXQCPpH-y-5HWaC7gJwG0V2TGqQsbFyw6fYw0tcGQ5EhUZa1wCS4rveDErVhu0aCVqyDdlRWneGstRzFrRtGuNBwDOyj78nAVtbFn1agKLTVS6Y28-CbyYjwYlcFO3KHxGF3gsH1EOnMF5__Ohw6UH_AK5kSe7fGhH4ur8hsEnDnS1XV4QSZZj_RAHK82TOFxUeHa5l-4w9OC4_xuImVDkUvynhbUE6C-tFN3rOAmDRwK0HanMGAEHFc_XieiKp6mQd5oLnd39NaiTAVhzk7uvt4MkS_i5aman0rsm_JCV-7NWFIPbC48E7a3bdFlRgwisyRiPNgGjJhA_CEcwuchZuPp9a5jDIO0MXmf_mC1eNNEQDBuHVeX_DLxjIDPR-aNvdXJHX3OoU4AWoRH5f1xEKjA3Ns_UyWFXavqG5RM3bDU-I5djJARmrO2VTf1bGyEU8QRLG_WXqP3sO_Ed0z16BjS4oIc3UWVB8R5QH7a62jubjINAGlHjZDxw7MdOZ5Qqm2Ef1x4N2gUjL_jRlQloW9nCazSnoMU_UrRzAaKUCz36GsNQixM0KM0WeQmGINGlEgrHeWjboKUuNNXfeEc3LgL7dosVpM-m2iS-YGw7V_kZZc2DSqWLllY9Or5xQaPbgiaq9Tp_bGbfmI0f62b7TIKsL1mc-lByCGPXv31oydJbSgYIg2QFZrwoP99X62MGJ_vcRrx3T7DRdU9XwcSnZNjRS8mdJim-l9aVZxNAPMIfP79xqdZsvJeZj0I92PtxXCN1pyD0WdfVWLLX6HO9E3R2nrMuHTvFKvhuV1ZTdKFn57s3dBIxRtFKK8LYFz6YKx1pJUorPxk6T3j-ikNrmQkoUy3Qfzb7yQpHXh-rdu7Jn4MD4ea9Ii8Nm4_GlUMNJIHaT5rez9XzIe2Yif5JJqf8arxwto5CY-QVa-297iJ9JfemBGry0NlGSJhVbCrP8p8YKz7ZRhXAo0ufwZieLjVEew-db8jtQaRdmGM8tBKrY1S41I85TMuXnpZkzZVa0wiBXYEZ8TaoPEpqSd0v2rb4lQ6d-Fz3Vk1vO6gxyBUBFHT-EqtdxFVMfw3ErQaQuuEbbl2Xogn_usmQ-MpwdSvp7OL5_BDtnBR4l0N6p7bKeLu-MS_xLHYcWANd7BoATJmC-VX2ou9v1kUXjisCuhyryAG0CTfjMFbw9EREKPQv8NebI7kUNWmEusDZPhFjQ4kjAfLk5f4lM27TjvSd3LqLLbLOw_XVI-pEwEmOG3BPw8JnN2jOgZu1Ffsdguwzdio2OvKI5M4Ie-K8wvCqQIq7UUAFBmornHfzzQlvnbjtjMb8MTvVLjvzSKvn6yRFaQr19FSSqYTxQpnzen9GUkRk1ZgheyUuFJePRqA6ROIDvcNSIQvwTxr7d4Wi5f1dDEfObFL5d0-BrPlQX2zcNVoUWkRS2GDI_aFvMdD-wIYWKfLAv0M9igd76GvqojlWjZsdqG-OHmBL4Etd0tGbi8STp6A3t0fV9m9bIlxNCV6weR-XeC5tl5kIlZrQ8fkbMjyJt5iGQF5XOUvCVNHGaUGvUxhItmTZfNeeHLrArPO9RWjQELFExZF9usShCNV07zgkm9xknFi84-e6oud4Z4xoD1br7w&cid=CAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg&rfl=1%2Chttps%253A%252F%252Flookbook.nu%252F%240

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

510e1aa361b2d8d8d6e0a3f7c1663569260457ab9da2b457d6edfb7de6c4ddb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10543
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B477 42 B
107 B 148ms
70ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A0aYAF79Vqc7LO1gVq10fj8P0dR-7zZyiyah-Cdb7anX7wbHT2UCHf6_WePE-9RArYzPey4Kb8fmu_l0WHNgmM2Ho6nurQF9Z-b97svK7nfjomudo

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame B477 3 KB
1 KB 142ms
69ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:30:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 02 May 2022 10:30:52 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B477 119 KB
36 KB 77ms
77ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36909
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649897599747219"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 10:33:16 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame B477 15 KB
6 KB 115ms
42ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 02 May 2022 10:13:33 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6F4E 41 KB
15 KB 241ms
36ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CNbT0dwjjuos6cqqARs7s-RiAKhU7ixjLSI67C0S47eoBC2B93oGK4p5UsstVaT9T_MATwJMqHjfvdchPP5RNWClunL-SK1dceDlFbVPvouFSu80L99b29PcBZoFX8o0xaOzOk_BzibZRi6aEH-xZ5WEW-TQ&dbm_d=AKAmf-ACHitr6NCjRK-sG35_YUnlN8sLUjvEiSPUQ8Cln6IRl7t9o9Z5ZLNZSBMetQWYLScbV0u3Zh-0fFg1SqKM-28sUcpXvlo3yi3eFtgn_K7_yHeI-UZmzM3FQz8Y_jd0QplChhy609RPKOuUNTsR6b57XTCNHUJRtgYs89evzQlYuQZx5qaipcxXE_KClHolxyyWucKOAfIAga6oK5QK4qxX0u4luo23JTLraD6A0NJ7e7Bz1ezNWgpUhhGtRPsRkJ2MX7ys0e9Ehlo9CdJcb82_gZv_5JnJMwBWf90HCMwYDWhq2kn5286eURYchHKj4s9JxY8PaPFIm3hOWyQCf3ylyBLoxcrlseh0sgpXrafAxKiQ1QVUJFvYZHz8-VaHEFpf8Ehua5FAAUSCi09c4wS-oUDM606Ra65AixrGloeUBkoibyV5voLBFaCy65GfSxj4PW2yPLQZkFAOJHhuonx95yWY9CKYI78ki1WDA43X212SBYKLwrNGxGlVcLBOw7M45lvrhzu6DEA-s59bHNhL4sWxHR-v1Kk1eBl6joF88G4GlKU0qC19ttBB60TDnWSj1jdnguCQsIhIIcTv96wzsAdlyM-m0WVyL7AYP7m2L2Msil3PQjmtw4E9M6FpcjJsDPDlIvTXbttstZek8oo0yiABPI1Siv9sBQ1D7xG6bGvwe41JIfiXb-H5eo5yLF4dKuoYb2hcXB8J73PwKrjvnf6Hzzj3x2qlBk-H9LvGRuNwYqIkO7UAJY7ve0IBI0vy_qPJsq1XPGnV5_J8aGCM4ftgbMM0iTJzbYFVURSsvmHE1LeNbTa1WAi7cMZJiTILWQCoKUxOUI-UXZ_6fKg3-T8TU3liJswL9cTv69SJiXU29g2U_KeFBigjf23VnBVG0ycl0oU4Tp6oq5_MMkNUJE9ghak9MdDNgr4-U9dbFq6bmTiHPsx1dYfbIt4ZJaER0r85kD6x3oTeJE5g_EEvQr62WMjptLT-SMezCUvGv56JIpHjcWH4ZcETtOz2-pqZX99ALvx-V3geRATsXowJcM7ZFXbutjQYzE0QkAmDJQtqCl7v42ZJJkns7EiSIPkvaGGRmCG-hn9fIvAIZ_wx8-OVwv3yDikJ9znwfbD3cSRq6WBkzK1r07wdjOj9IdSO6YPsrmGZcKZEgdXy1W11uosJfL3GxAAsOTHCcTvkjtG66ANmKtecCWoXCN9R3kJZxzxzWlJgO19mmaX8VbCCZdf-FGjYeupPaM0nAFMRyUphwRqKeOsGRcjBDKI9EtxDgEJdKr7E4Lk2r7pUXFjAe2YQELHrpp0aMaa4AuIMFFgABPUDVmh9Bt_y5ok1bocakbqHcZ9U87umrJHOXi_oWafEaFFO-lLgIZjSurnIGJo4RtOd1M4m1XH3PR0ivMl_-QsDMPtCa-h3QXFT2ubNHy7cfUEaxbf7XYcTsKd8apnoPJsb-cfVbx4WhsGND2fxw8Ezq2riN-cYDfDZJI7pB4qFpmamzRMQDbKeNS6ACUApA275vOcPXsVz3xN9hL9-sr5zMzVCft62MfKaXsBd6vO1MWL8xHpA7N316OQNLo2izndw9S4H5-WiBeymAkzrKEDWaUIzPHYe9UyK3-6dDojYIG1YtAfpGEkUg_jkqRSjdmFHvRlAGdtgXKVPZg0LRyO_77kCSXfdEQd1OOjnGsbax5-YN8jLW_sq8z5pKovFeeO1kycuogPxPYcftDJR-2T7ab6LpA_uOKyRtQu6a4P4TDEdbgmDRqbt8F4AxY09AcXz5AKwEsuu8EjzNczvYgLXqxSy4MS3Rz84JBhVQQhzqndaRsLG4WDh6xvkVtWz_kArFtygLDY-kRWXva4iBlk_r9l3Pusnm6m2Qy0igh_hoygqRb9bkre2qwwBBiPOX_xf4jWhRbJV7FNwGiYscKoUaE7nYzuzsF382AlWPBJacNOALRVfVNvOq1qT2hPG8kM7UdE0X9M--ZvMtHL9Yb4qmcnjqR8eIvw8Wg9_ipzKumCnIN1BEDDM1SivmyjSHcQor_4I_MbPcAFO_QanGoQe9Xvz7dkWJLz-LkamLXgU81haAfo4UNzKhVuWApTgPFW6JIbXrjp99QSA70J8yUrXRhSFr4cCwjSysuQ8l6ILJoGKFizIvmDEBlLRIBWVGz8KmxIoEnYTX7DMA_BKjPkC5rnzAuYmjjj0aowmayN0Q8vJE2cLeDFApy9WA7xUCffjLZpgeQZiNwtYEugN8gwdpdvlAB09TT_NnRTbh79VGOj4qx_W8AEc6ybWdyGtcoIULFmmeTqZLMkOLXlvv8Q8alwQlORxE-jlQ9iUq5U9zvfI8rxdS2_2E9PUnTrwObEhxeu-D5UETjOEtZFE3HnDBSivsjLXSG-mHYr8CLXU2mfU9ga3tl8cHK8Q1kB5aBhSammvHCXn0UOLwarCu5ox4kEiSGwPQDjIBY2MaU4jeFL58jK_VsqGBpKFOCCVVdwRmcD9eJr9yU1qctVrsEiWw5JOC5aQ9HfeaELH7tWeA6Z1DZJMZ2pjfTNqlLAygJyqMZA8prXWLTJnSx6W_3V-N-EDDFNGjD2hpxB7a27w6raGywGhOn8PlyqFDFVwbhiHyXQLbHfn6GpYk2ZtbnApeYQxbgSwKmkkrOv4Mn2w-0sacV_wb1kQkgDymuOb1lQT3LuFYJDmz4j3D1EhazpaxOeKjcBVFciFAxf9wAcrD547JJAa77AhS5Yvr67DLvA&cid=CAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg&rfl=1%2Chttps%253A%252F%252Flookbook.nu%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 17 Apr 2022 13:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 17 Apr 2023 13:57:03 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B477 41 KB
15 KB 205ms
38ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AgdyhNFGKhfg4Tw_rctf6iWXBHY0-tm9Lrbl0tJ5-vCbyWq-uFyvgiyVb_H_5Wv_8uKmhgf-f5s6Hs2QFDOMPX6FvFZfktOD7DCs6X5FLuc-Z1G5Juub_1CTjXYAMIHMQ9wn5BX-yGbyWbn5dFpfV7wKTZaw&cry=1&dbm_d=AKAmf-CYMxNCNLskQMZPCmgl9tFHYfx6crzPytwkNdoWu7PHD29ZTFBsF9DYksx3H_JlgN5Qg8aFGbK6re1mskVcJ0h4zRiv6cNgW0rmOdyBBwJksqReUq0iSoBm0hCuE5bxfAMesst1Jj2IbugCy7nb41bPerCNAo40W5vDr0_GY1YeHVc2NuRBwo3zlEsPd-jzcLalIl9I1TqeK7DeFKLu4Mon1CrXFBxRTFvz1RDh1PHHf23BORi77DqBI9uvv4X6J9JrdXwIa4MvUsOy7hZTp4P0KppS4KpaIeANARzxjZUd5D6K_VHmg68agQ-i1O48us2fL5IArzXjFq3NvtAwfC4jBt_zsgAl6UADYfnBJtnxyS4nk2x9HTAUD5pUBSoEA_bLfH5Nbbhg_1NSYTdXo8zPVYjVbM39GAhsjvKRw5i6JGYQCrANM8WhHZeQtzm1bsm3z8SKJ0a4v5wEeFJ-yzjhaMXrhMOfjjUP-G9L0w1feJFbUMyrh4OKTpJ9pmiytNy9J54POAPWrMjTDbMZfiL00xks741Bim5l06ur_OmmsMG43OY-IQyhmgf379bgWrSFtuKKZSFqfsJy2qYZnAbJrNDm5rF6j5VOMbT-rSfZ02Gtsz-Zq4s4JPYhUC71gHLSK8JzOdEGp1mns-kPFcezE9S5t3s3krlljOfL95ijttIfSrIGuaixb-4471bIqCohWK5VhL1v7AJjAwwgkmU1x9Qh0ZXIx2DnZ6CXLGqyNaXMELsoDKY0Zm_8uez7p4lmWu5wph7v8wewMZjZJ4sq7slNy7Gv_0S-fCXXOskLwtZQnmsCGha73xbkj4BCj_PKzmXmFUYDzbX1IWvY_a8CXGXzySDc2Z7Vor1KjQ-Xw0UNzEWfD2lcDF4Jl1ZVMTbDi-AkptMT0u_kYy8Y4NyS_JbPGayMNYtFjHitLFeiP_q5REtUxhRd6JgrY7eKoecCbFT5BTQ38ezHH0Y0hzSYJfhlWpwJfySYVvmjzs8omQ1aJBkJYuzdH1ozprs0kaKeKt0UbQXzfi-SvcUpeB7PDr_r3YkMWQLZMTK9gU51M4QAdN1STi_jqqzxv55fa4tHo_QvQpENxtDnFQygnJScVWhM3aTSZiiuEpSgZUagSJTKrg_nOPvHKpWowP-tBbr_wJabCrivFnHJV3YF6gd7_HH0dhI01yFdkEKNOmV-DLO7deqOXBNgKgKMNCYgLAnO2UZAygNbvUyLW1Me1o9pTNiBQd9BsSSbYAM0F6VROXBibwjh9C0lNz7EavK28Fw6oCamJZeo1sVgRjVnVuQLMu_sWv5toVmDHn6wNfuaSeFXOvqTiEnbUCFTb0T8P2h8T-SdsRdKOmqmSzXIEAFkIMy2cW73TeymBs-UNbx72_VQ-3A5j0fvsekBQ7gF2ZobLA2v4gwuAElMvwAIlmzHE_e6TcCcJF1z8C-DslMYRss8n9_ipiSzuQ4dcWiqV3KCn88JrwiQ614UfQCPDjmj5z3Eo4fcEtqlER50oomRKULeaYtNcJaHUplXFKlxyErgvCirFKfnDclZ_bN75PCFpi3qkm6xddp3j_H3D8yWeIWo5yra1Tbez9CATPxNf5_k9XpRtGsT92COBMpcdFwBBVCQN02Cb8i_9YcG6mLJitx77Oprx1W0SHffm3RXQCPpH-y-5HWaC7gJwG0V2TGqQsbFyw6fYw0tcGQ5EhUZa1wCS4rveDErVhu0aCVqyDdlRWneGstRzFrRtGuNBwDOyj78nAVtbFn1agKLTVS6Y28-CbyYjwYlcFO3KHxGF3gsH1EOnMF5__Ohw6UH_AK5kSe7fGhH4ur8hsEnDnS1XV4QSZZj_RAHK82TOFxUeHa5l-4w9OC4_xuImVDkUvynhbUE6C-tFN3rOAmDRwK0HanMGAEHFc_XieiKp6mQd5oLnd39NaiTAVhzk7uvt4MkS_i5aman0rsm_JCV-7NWFIPbC48E7a3bdFlRgwisyRiPNgGjJhA_CEcwuchZuPp9a5jDIO0MXmf_mC1eNNEQDBuHVeX_DLxjIDPR-aNvdXJHX3OoU4AWoRH5f1xEKjA3Ns_UyWFXavqG5RM3bDU-I5djJARmrO2VTf1bGyEU8QRLG_WXqP3sO_Ed0z16BjS4oIc3UWVB8R5QH7a62jubjINAGlHjZDxw7MdOZ5Qqm2Ef1x4N2gUjL_jRlQloW9nCazSnoMU_UrRzAaKUCz36GsNQixM0KM0WeQmGINGlEgrHeWjboKUuNNXfeEc3LgL7dosVpM-m2iS-YGw7V_kZZc2DSqWLllY9Or5xQaPbgiaq9Tp_bGbfmI0f62b7TIKsL1mc-lByCGPXv31oydJbSgYIg2QFZrwoP99X62MGJ_vcRrx3T7DRdU9XwcSnZNjRS8mdJim-l9aVZxNAPMIfP79xqdZsvJeZj0I92PtxXCN1pyD0WdfVWLLX6HO9E3R2nrMuHTvFKvhuV1ZTdKFn57s3dBIxRtFKK8LYFz6YKx1pJUorPxk6T3j-ikNrmQkoUy3Qfzb7yQpHXh-rdu7Jn4MD4ea9Ii8Nm4_GlUMNJIHaT5rez9XzIe2Yif5JJqf8arxwto5CY-QVa-297iJ9JfemBGry0NlGSJhVbCrP8p8YKz7ZRhXAo0ufwZieLjVEew-db8jtQaRdmGM8tBKrY1S41I85TMuXnpZkzZVa0wiBXYEZ8TaoPEpqSd0v2rb4lQ6d-Fz3Vk1vO6gxyBUBFHT-EqtdxFVMfw3ErQaQuuEbbl2Xogn_usmQ-MpwdSvp7OL5_BDtnBR4l0N6p7bKeLu-MS_xLHYcWANd7BoATJmC-VX2ou9v1kUXjisCuhyryAG0CTfjMFbw9EREKPQv8NebI7kUNWmEusDZPhFjQ4kjAfLk5f4lM27TjvSd3LqLLbLOw_XVI-pEwEmOG3BPw8JnN2jOgZu1Ffsdguwzdio2OvKI5M4Ie-K8wvCqQIq7UUAFBmornHfzzQlvnbjtjMb8MTvVLjvzSKvn6yRFaQr19FSSqYTxQpnzen9GUkRk1ZgheyUuFJePRqA6ROIDvcNSIQvwTxr7d4Wi5f1dDEfObFL5d0-BrPlQX2zcNVoUWkRS2GDI_aFvMdD-wIYWKfLAv0M9igd76GvqojlWjZsdqG-OHmBL4Etd0tGbi8STp6A3t0fV9m9bIlxNCV6weR-XeC5tl5kIlZrQ8fkbMjyJt5iGQF5XOUvCVNHGaUGvUxhItmTZfNeeHLrArPO9RWjQELFExZF9usShCNV07zgkm9xknFi84-e6oud4Z4xoD1br7w&cid=CAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg&rfl=1%2Chttps%253A%252F%252Flookbook.nu%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 17 Apr 2022 13:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 17 Apr 2023 13:57:03 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame B477 11 KB
4 KB 179ms
13ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC_W8XbD5dYrrlBr6P7_UPotKk2AKm5b2gaa2VnKfJD_AuEAEgoa7VGWCV4pCCoAfIAQmpAl_9NSf3JLI-qAMBqgTkAU_QRbtH8pIx_79_yGRAf2bMKkO0h7lc1sMpGfeBFic_EKb7GHsQFI0qilSpnmQLiAZvVaXwE7Rs3OfKKTylWve96YDXhB6bcIlKv_jQZhDSB1tKiSNtPuUmng3jaVUjvYpA_OmC-7as25Z_dxR4SSjGRaGx9nWCYOVMEheeAUuz59FlYUxGB-ci-AQfaPO181BbWvkvkk2CErChBOav3hWxpo0K5PhaLPCSsvyozn34-6WHA3BnOcmb-fZRlk9jRkmE68P6Vk9I6PlgdSVO7z12UE6FqPz0g00aDrQ0AtLeIfinyMAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg%26sig%3DAOD64_3hpiAYlySnMvDmj4wvHEjE-XQtMA%26client%3Dca-pub-0790894148451785%26dbm_c%3DAKAmf-D5Mn-tHcbspRBz09obCx8WXEo0ev0lOCwa8pVSdZ6yICm0OKKv0VbhQu3Ck6zeHDZkuGIjEWjmVoBn7UTlY1zMdW15RAcf8f-KcYB9yuvmPb_coThDHio5Kbk07b4ktgBcNTGJ1RmITBaoWTUV0PZVad4mUg%26cry%3D1%26dbm_d%3DAKAmf-BgYIMjpSnJBnsikgi0cihBlVqFBLsVt21LPzUK6BJ4z0qNZPlxw1nutDzHjB_pgXtRFVVNoSotjoQYUhzZviG6ANXYpGxItHuBCpQqBnCQg6DHu458kmEAO1x5hY-EdOPmNlwKnNcMenAL1cJ882dGbYEOuy4bG-MzZOlMqHltwd3iDMZDKVuq1blxvcsRnCEGgVV7G0hQqeAieL4zqLvf67fvBa90bRfwGz0b1XGCIkoqqv_LppmHw1-3nTzOrcSKhLhhdVB7tY1imal0m3sw7131fVO9kkRMShkv2dSIaiLAcP-TwVyxbY-9GnCGOID5VdYAYnCmVm9t238A5t9WCCrAWmYtgI47C7-3e2SUhXQKr5pdbmRmDF-oQ7pR3v8qoNL-q0hyT6dJLZgc4HbsmNaubhzo_cIZdQWmwP_4_vZrQ06cEJDyjwkzlz-E7C4TR6gfQnGrlSAvLhLT68Z_rn3VFQ8siGlFGZhynaMJfO70qwg%26adurl%3D
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 61e486abb6b852311d3df4206e1f42ae41e6ebb85c0499df4c35bcf55d074af3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 10:33:16 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3959
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2

200

passback_300x250.js Show response
static.adsafeprotected.com/ Frame 6F4E
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1016769/62197370/xbbe/creative/adj?p=APEucNVzKBLKM-ojNtGq2ggt7uQHx_c0tr-1bbXRYjsUO0b19nOZKwM&d=CnkAoCZ_4CetQsuZKc71b67o1IwRv_dVKwjqOEpWnY1pq8gVOJ8a5mUC-LgDPTP...
https://static.adsafeprotected.com/passback_300x250.js

3 KB
2 KB

7ms
7ms

Script
application/javascript

2600:9000:2156:7400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/passback_300x250.js
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:2156:7400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6005e56ab3043d83726d25b0d17458e35b72355a81ca3230cc9de9058ee8b1f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: vr1Fa3eAVtG7AGe6kPa1Y0WAZAHvQkII
content-encoding: gzip
etag: W/"44f0ac540dc9c11f94344414c879b658"
age: 555144
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:29:42 GMT
server: AmazonS3
date: Tue, 12 Apr 2022 00:20:53 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: pyee67w7Lvo5uDpBJBvPBwOET0Qry--Vc8wxKe_XKTMxHjB0oGsBJw==

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:16 GMT
x-server-name: app06.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/passback_300x250.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 1F73 80 KB
21 KB 115ms
7ms Script
application/javascript 2600:9000:2156:7400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
content-encoding: gzip
age: 5344513
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: AeTClqcfngxxtdlY9crLBj0TQPgHdG0vYPVexAb4F90hwwZeXjMm8w==

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 75CD 106 KB
38 KB 156ms
39ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Origin: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 09:31:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3730
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Apr 2022 09:31:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame 75CD 8 KB
3 KB 86ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C-B5tMit31X2IM7kpjBf_rh56qRvNr6qoavPjaqtCgMWBtPp0JOFRZ1ss-WwgJKwc9wiR5HJRxgR7y74F5SWB6p6vfLLW1ScqChRagysjw34qpKjc9U-kf1guiS6t2LD4NA7Gzk2KeKoF9BUqaTiyMHXHeBg&dbm_d=AKAmf-AZnppAVH7qELRgrB07kUjsL7vobjjOyECjzgbVypq7m8jYSnbIPEXkjdNkv2U6UWwo2JGEl5ZO8Ct_8fa01y59eOVPUcpr-Syk67DU4u37ffsJQSNn2uUkCRFz_DsBNDiDuReWlhWKhGp0kdd_iuGfXFP3FhamGfQHmcbZo-A37GUR9qrtYtzoODX3RXFVi5kwDJME7q3nZOuTWKjpExM96asjoreizmkpXMmH_ysz69xB5Y-W4dq8173dDX4jeKz-58kCFq8PS4XWJp3oEzNjCHlTGGwmnBb1uNPnFWM7-UjIpU47cKxygXn055K-CmEKIM92gxeSlkhU7eqkPhe2-CIwgBhJVxPQylo2c5VGpy9aRbMX9J2pS8ApkO4oh8ftKyJ61rXFjJnMrNCW2JpVFo0kKc5kmcQ9_KTg5d8y4bv0n3j9pE0zVDXYshe64xexEA0cSPWWgyGdE4yfw-JXzSAh4APtQzVURaPJBDtKqeT6q0mryEx546Pa5oYv3EgJSYG23Rnmce51QMwRotlDQsKedkDjP-5Rjmdv4IX0Mbq_0NzNfH-DfFqDDrlYY7sSKAsGG5CQtxU7z2T6-lzI7UWx08kBsEKAYrIFsVJsYrBcRWUyxB-sYIwSIHVYygReiO8--rQjlJDfWHjzxQIvtr5ksf_2P5tf0t0m9XSyw2eTiIgu_IhNMqyAezIJb5WXSpeCFPZJigJv12BzCrjUPaUfvs-rSJ4fQiz-R_ulvPrVRaa5r0zIMtnpOE9vwK1CllvBiJFDw6HYTfSEZe1D188eWo5R2gnEX7jMCM5cUj-5oQly1ekKzHz_FXnFyXN3gcI53PFZt3YnV9uiub52-acNMcAbCuQQZVDdWkefL3v5TU4BcoqpF0gItEJxXBQU8Rey9MqqYt_RhIrwuHeSR06-RBXMCfeT0LVo3p65p1pYfp1Fx9K7uJ2Io9VfCJxwnc9MK7IE8g04O07ToqmJK8Qb9IilEsbvkU-uzVkbJw5Lixcfiltm-twUw292CQIFqkKAPF1ODQG77QO6fK2l1ZGZUttqA2kzI_uiX8wy66wajVmJQUuYg8UiUXSGBbewG5vD6OT1Lk3iAM2j5c4tGAT3MJs5-zLvEf4X-StO52weXdbWzQBAfrapKhIgXCDcliL1k7BD2yJmj5awUt2FirKk536DWwZOVgtQOJZoaWfKbIrkJRHBxKYgs3t4MlFevOrwtCd6AVwWhIlb5zQnQk2ehpwq2wXLxvqH3K7YkHRLmdlw6-wFfqrw8o8SmhPhUykfwGgN6GSs7hzk0ycO1QCjjeOdK-IAts9pAbBQw6kC6WprzFXHso8a6plAnxkUTO-eZJc8P4cb5NhwQ6_0m7fUk6Jvy0DfKuS28_f38JRdQrBEEAXrvVwR52kNFYJObygR5bkUK7-W5yyVjAcQUBHn6Jhw8RMCbT3ZusjWffkOkKZ4yiVgRW0WPI22JzxNnQVLqj5UOUxRbVVSg9SIS3-EBtYVsv9xLrR4Wl7IhNpv2Ikn_fAMnJmBA6h3aTRDt-_GvPR2UzCU7PkiuZxFnkXSAi2B3RwG6JOq_Jbpi4leg73V5sGjPp7QmFdkKULW5BEcYJRKpi7Si7iVbEsLqz-DhsC113uKGGh15my0uFf2Khp8_UYK-DIn3qQQvdpbvDOgucNUCupR35TzqDAHoSd4SM6zob6thtS8CgvVGTpxjltby6biJrkd2_HUw-YzFQkFWmWoFSLR1oH5MuznlG7kvOVRfNSWKTgbB11sqrSQYn1QE_4FiFzhb2PXIuzauKSiQF-YsKizXg__Q-ZZkWi8keTqfdwGkot685XcBFJ9a8jqh4KGy_1FLrAsPy4TerOBYmGSqKF8rvsXyU5p-WzKbQMZd13PD1lXTNZGbTI98QtUK9qLkwX6tjiu7GMgPoYLBrhZs4kuma4oH3iwjXy26T_CruHpnRQT64qAB-TCd97Kft0lWHbgnjwGCXe96TLh9tJfzPgiChF4wypFwJUhomIRTh6KY_Zcf17iFg46eM6-FR2qNNlgtHeNGewPt-TykBq0t-JjcPU3qjcVypoK3sfu37vYms8VOxbmz6Pvpd-NoIdDZKiyEexz-bSuo-NBXGE-FM2claqRwt7rnucQg--X9vSly0og1dzxXXdgFsH5lWCFVGHncPG9vgGfFRbbZNNlyDK8v2BK0MZwKaocGLr_N-BYhemj9JEUpNhF3MbtJSE965pHIqZgiSD-u1RWgd8VIEEAkhFCuy5Bi1mtDIs-2XSx0bA937CZjykzI_b4jj5zPJzCOZrjbQWJgZjyTMurgZCMpnMwhNaxX97Xjwyk8Y6s0ej9GdumrKUGaiAHq1kPSCWbpyPLouv_zAA911CbqLUDbyn7zzH0VdP6kZ2q7cFlvx6eQnKgNDO31jvzcIUYjuT6cVcEPko_b9OigJB3k1KwKNECJJRbtSm-P1pavb9sEItMmc8u2hKQVTruqYkq_AtxaLMMqyqPjeJncibOrdJOTH-MIq7ZhzsU26MLNBemzmvvAEqaRDTpePkI5NFMC32R0NMNTvZSICYJAwBuvPbSW9VM3_-i-j4QB5yf4rk0dnxoKFHUTfqTfdCFhJpD3sH4m9ozTWxKgDZ135SctBUzqJR9nKUh1hD3IVMH1eRhKENUBpOaZZWGxonhNbw50AKBUdo7cKV8XyrT3UejoGODA0Q6lVBfoiqJgAn3TAe7vCDdzuzFgHsUhxOkG35810vMD6mHWVhCA45HekThbB0vOF-bceubeY9WYviFrtZQh8Bk7mCb1YYbt4NUUOVBizlIXo1Xb8bz3f0X8nud-hVARQopxeheBeFOryet8t2XHuMtmPbrp_viF0c6LFsOojRo5Vt56O1haAcQVUygZHezHln_Fxvc9ahMbIdtlIFeOApM8iipOm3LZugD714CYYLTcy2NSe25KY5FyArcVhDvZr9iRRQe8IDPyyj31vgmhJwW__Ggx6aq54gwrcPsjM5gQKYRY_YITRm9qMeJ2CRyA2DW4Z3cTjHrcA&cid=CAASJ-RoC5xsLGXSNlsnk48EyShdAojvTLaEzqTDkZyyikRTovCAjq0LKw&rfl=1%2Chttps%253A%252F%252Flookbook.nu%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:27:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 02 May 2022 10:27:45 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 75CD 25 KB
10 KB 82ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 853
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9777
x-xss-protection: 0
server: cafe
etag: 12512753850102923420
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 02 May 2022 10:19:03 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6F4E 43 B
216 B 555ms
167ms Image
image/gif 52.36.70.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1016769&asId=57c8a358-ae3b-63d4-55f3-b8c8b6520fc0&tv=%7Bc:a8dFvj,pingTime:-3,time:65,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:65,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B55~0%5D,as:%5B55~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t3lQigo+11%7C121%7C13*.1016769-62197370%7C131%7C141,idMap:13*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.36.70.233 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-36-70-233.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6F4E 43 B
215 B 552ms
168ms Image
image/gif 52.36.70.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1016769&asId=57c8a358-ae3b-63d4-55f3-b8c8b6520fc0&tv=%7Bc:a8dFvk,pingTime:-6,time:66,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:66,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B56~0%5D,as:%5B56~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t3lQigo+11%7C121%7C13*.1016769-62197370%7C131%7C141,idMap:13*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:lookbook.nu*&br=c
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.36.70.233 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-36-70-233.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6F4E 43 B
215 B 551ms
168ms Image
image/gif 52.36.70.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1016769&asId=57c8a358-ae3b-63d4-55f3-b8c8b6520fc0&tv=%7Bc:a8dFvp,pingTime:-2,time:71,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:329,beZ:333,mfA:335,cmA:337,inA:337,inZ:341,prA:341,prZ:346,si:351,poA:352,poZ:380,cmZ:380,mfZ:380,loA:395,loZ:399,ltA:400,ltZ:400%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:71,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B61~0%5D,as:%5B61~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t3lQigo+11%7C121%7C13*.1016769-62197370%7C131%7C141,idMap:13*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,sinceFw:48,readyFired:false%7D&br=c
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.36.70.233 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-36-70-233.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E279
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1

43 B
894 B

13ms
13ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMClKRCYniwYusK7wwEwAQ&v=APEucNVqSoi0cjW3zeGugpTNceLwrqWHhJV36rOxV725edXOXPnMVb0JZCd9ayBfsHI07zUJHzLStw0w-FfeZLR3E1FrZP-rFAmsEyuK3X0myRbsL4C8ujTb3we-JLCVhh5uv-49_IwiI-YP0zKxEZolcbmykJ0AQF9W4xdWPaSEZqGCJgDoMZY
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 18 Apr 2022 10:33:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E279
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yl0.bAM12b8B.U1Q11nkOgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2

43 B
894 B

24ms
23ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMClKRCYniwYusK7wwEwAQ&v=APEucNVqSoi0cjW3zeGugpTNceLwrqWHhJV36rOxV725edXOXPnMVb0JZCd9ayBfsHI07zUJHzLStw0w-FfeZLR3E1FrZP-rFAmsEyuK3X0myRbsL4C8ujTb3we-JLCVhh5uv-49_IwiI-YP0zKxEZolcbmykJ0AQF9W4xdWPaSEZqGCJgDoMZY
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 18 Apr 2022 10:33:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame E279
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1

43 B
1020 B

13ms
13ms

Image
image/gif

185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMClKRCYniwYusK7wwEwAQ&v=APEucNVqSoi0cjW3zeGugpTNceLwrqWHhJV36rOxV725edXOXPnMVb0JZCd9ayBfsHI07zUJHzLStw0w-FfeZLR3E1FrZP-rFAmsEyuK3X0myRbsL4C8ujTb3we-JLCVhh5uv-49_IwiI-YP0zKxEZolcbmykJ0AQF9W4xdWPaSEZqGCJgDoMZY

Protocol

HTTP/1.1

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: b4e28c45-7c2f-451b-8a79-1861bebee7d7
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E279
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D

170 B
243 B

41ms
40ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 53847268-9149-4bfa-980b-609f7773dddb
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C101
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1

43 B
894 B

13ms
12ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXCbeB98vKQehvT2GB52g4RMuuAg56UGsogOsC5iPVBg0eOdxxUCBtiqDN-SX9awQDKUCKZKsXONikA2cpg0d3Zn7juvhoBHdLXoupZn1CzdOIck7uCNZRZYsy3n4Wp7_BZECwTbfOPcCyp9PyoJJpntKTQ8ZHiEfmyO0woXzEDW3QSpQk
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 18 Apr 2022 10:33:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C101
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yl0.bAM12b8B.U1Q11nkOgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2

43 B
894 B

12ms
12ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXCbeB98vKQehvT2GB52g4RMuuAg56UGsogOsC5iPVBg0eOdxxUCBtiqDN-SX9awQDKUCKZKsXONikA2cpg0d3Zn7juvhoBHdLXoupZn1CzdOIck7uCNZRZYsy3n4Wp7_BZECwTbfOPcCyp9PyoJJpntKTQ8ZHiEfmyO0woXzEDW3QSpQk
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 18 Apr 2022 10:33:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C101
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1

43 B
1020 B

31ms
28ms

Image
image/gif

185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXCbeB98vKQehvT2GB52g4RMuuAg56UGsogOsC5iPVBg0eOdxxUCBtiqDN-SX9awQDKUCKZKsXONikA2cpg0d3Zn7juvhoBHdLXoupZn1CzdOIck7uCNZRZYsy3n4Wp7_BZECwTbfOPcCyp9PyoJJpntKTQ8ZHiEfmyO0woXzEDW3QSpQk

Protocol

HTTP/1.1

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: bad91161-1ade-4998-a42b-f3453a45ac79
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame C101
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D

170 B
232 B

39ms
39ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0cc65601-ca25-4f77-a191-04f86ad06656
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 55BB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1

43 B
894 B

16ms
16ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC5mpUCGMrhmcgBMAE&v=APEucNWABqW4ARs_ZXvmlFNWDzF6190eRGpuTK2Hu2grk10YzwF6zAfuHrrEXxGV5uWw1nUS4ASLY8ZwtzHbRFZysljvyvRHraMC3cKnUw-iu6Dd9WQc3zE9QaMKZ9W2UHvm9SoNkSGCJroUhbndcCfLfgu_TgyA57y-nNg2m9o8bbUyQXnNGBQ
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 18 Apr 2022 10:33:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 55BB
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yl0.bAM12b8B.U1Q11nkOgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2

43 B
894 B

13ms
13ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC5mpUCGMrhmcgBMAE&v=APEucNWABqW4ARs_ZXvmlFNWDzF6190eRGpuTK2Hu2grk10YzwF6zAfuHrrEXxGV5uWw1nUS4ASLY8ZwtzHbRFZysljvyvRHraMC3cKnUw-iu6Dd9WQc3zE9QaMKZ9W2UHvm9SoNkSGCJroUhbndcCfLfgu_TgyA57y-nNg2m9o8bbUyQXnNGBQ
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 18 Apr 2022 10:33:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENcm9_NWUP9m-qw6nQJc_og&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 55BB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1

43 B
1020 B

15ms
14ms

Image
image/gif

185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC5mpUCGMrhmcgBMAE&v=APEucNWABqW4ARs_ZXvmlFNWDzF6190eRGpuTK2Hu2grk10YzwF6zAfuHrrEXxGV5uWw1nUS4ASLY8ZwtzHbRFZysljvyvRHraMC3cKnUw-iu6Dd9WQc3zE9QaMKZ9W2UHvm9SoNkSGCJroUhbndcCfLfgu_TgyA57y-nNg2m9o8bbUyQXnNGBQ

Protocol

HTTP/1.1

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ccb889a1-900b-4fb1-bb5d-0cc52042ca41
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEP-xtoHKpRCs6nqqi6qxFuU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 55BB
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D

170 B
188 B

78ms
41ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d7a363b4-97f6-460c-bff1-74ece7b64f0f
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MzMzNTkwNzE2MTk2NTM2NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
hal900012.redintelligence.net/ Frame B477
Redirect Chain

https://hal900012.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=0df69568ba&subid=&uid=58c969849cfa8319&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900012.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=0df69568ba&subid=&uid=58c969849cfa8319&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

146ms
117ms

Script
application/x-javascript

94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=0df69568ba&subid=&uid=58c969849cfa8319&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC_W8XbD5dYrrlBr6P7_UPotKk2AKm5b2gaa2VnKfJD_AuEAEgoa7VGWCV4pCCoAfIAQmpAl_9NSf3JLI-qAMBqgTkAU_QRbtH8pIx_79_yGRAf2bMKkO0h7lc1sMpGfeBFic_EKb7GHsQFI0qilSpnmQLiAZvVaXwE7Rs3OfKKTylWve96YDXhB6bcIlKv_jQZhDSB1tKiSNtPuUmng3jaVUjvYpA_OmC-7as25Z_dxR4SSjGRaGx9nWCYOVMEheeAUuz59FlYUxGB-ci-AQfaPO181BbWvkvkk2CErChBOav3hWxpo0K5PhaLPCSsvyozn34-6WHA3BnOcmb-fZRlk9jRkmE68P6Vk9I6PlgdSVO7z12UE6FqPz0g00aDrQ0AtLeIfinyMAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg%26sig%3DAOD64_3hpiAYlySnMvDmj4wvHEjE-XQtMA%26client%3Dca-pub-0790894148451785%26dbm_c%3DAKAmf-D5Mn-tHcbspRBz09obCx8WXEo0ev0lOCwa8pVSdZ6yICm0OKKv0VbhQu3Ck6zeHDZkuGIjEWjmVoBn7UTlY1zMdW15RAcf8f-KcYB9yuvmPb_coThDHio5Kbk07b4ktgBcNTGJ1RmITBaoWTUV0PZVad4mUg%26cry%3D1%26dbm_d%3DAKAmf-BgYIMjpSnJBnsikgi0cihBlVqFBLsVt21LPzUK6BJ4z0qNZPlxw1nutDzHjB_pgXtRFVVNoSotjoQYUhzZviG6ANXYpGxItHuBCpQqBnCQg6DHu458kmEAO1x5hY-EdOPmNlwKnNcMenAL1cJ882dGbYEOuy4bG-MzZOlMqHltwd3iDMZDKVuq1blxvcsRnCEGgVV7G0hQqeAieL4zqLvf67fvBa90bRfwGz0b1XGCIkoqqv_LppmHw1-3nTzOrcSKhLhhdVB7tY1imal0m3sw7131fVO9kkRMShkv2dSIaiLAcP-TwVyxbY-9GnCGOID5VdYAYnCmVm9t238A5t9WCCrAWmYtgI47C7-3e2SUhXQKr5pdbmRmDF-oQ7pR3v8qoNL-q0hyT6dJLZgc4HbsmNaubhzo_cIZdQWmwP_4_vZrQ06cEJDyjwkzlz-E7C4TR6gfQnGrlSAvLhLT68Z_rn3VFQ8siGlFGZhynaMJfO70qwg%26adurl%3D&documentReferer=https%3A%2F%2Flookbook.nu%2F&ancestorOrigins=https%3A%2F%2Flookbook.nu&random=3775906432402&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 406470ce710489a6ef5702ed4b6ed423f568cf3b5cf620fbcd0c71b4ca8c10f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 30638100075181304444554011933012
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1093
Expires: Mon, 18 Apr 2022 11:33:17 +0200

Redirect headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:16 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=0df69568ba&subid=&uid=58c969849cfa8319&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC_W8XbD5dYrrlBr6P7_UPotKk2AKm5b2gaa2VnKfJD_AuEAEgoa7VGWCV4pCCoAfIAQmpAl_9NSf3JLI-qAMBqgTkAU_QRbtH8pIx_79_yGRAf2bMKkO0h7lc1sMpGfeBFic_EKb7GHsQFI0qilSpnmQLiAZvVaXwE7Rs3OfKKTylWve96YDXhB6bcIlKv_jQZhDSB1tKiSNtPuUmng3jaVUjvYpA_OmC-7as25Z_dxR4SSjGRaGx9nWCYOVMEheeAUuz59FlYUxGB-ci-AQfaPO181BbWvkvkk2CErChBOav3hWxpo0K5PhaLPCSsvyozn34-6WHA3BnOcmb-fZRlk9jRkmE68P6Vk9I6PlgdSVO7z12UE6FqPz0g00aDrQ0AtLeIfinyMAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg%26sig%3DAOD64_3hpiAYlySnMvDmj4wvHEjE-XQtMA%26client%3Dca-pub-0790894148451785%26dbm_c%3DAKAmf-D5Mn-tHcbspRBz09obCx8WXEo0ev0lOCwa8pVSdZ6yICm0OKKv0VbhQu3Ck6zeHDZkuGIjEWjmVoBn7UTlY1zMdW15RAcf8f-KcYB9yuvmPb_coThDHio5Kbk07b4ktgBcNTGJ1RmITBaoWTUV0PZVad4mUg%26cry%3D1%26dbm_d%3DAKAmf-BgYIMjpSnJBnsikgi0cihBlVqFBLsVt21LPzUK6BJ4z0qNZPlxw1nutDzHjB_pgXtRFVVNoSotjoQYUhzZviG6ANXYpGxItHuBCpQqBnCQg6DHu458kmEAO1x5hY-EdOPmNlwKnNcMenAL1cJ882dGbYEOuy4bG-MzZOlMqHltwd3iDMZDKVuq1blxvcsRnCEGgVV7G0hQqeAieL4zqLvf67fvBa90bRfwGz0b1XGCIkoqqv_LppmHw1-3nTzOrcSKhLhhdVB7tY1imal0m3sw7131fVO9kkRMShkv2dSIaiLAcP-TwVyxbY-9GnCGOID5VdYAYnCmVm9t238A5t9WCCrAWmYtgI47C7-3e2SUhXQKr5pdbmRmDF-oQ7pR3v8qoNL-q0hyT6dJLZgc4HbsmNaubhzo_cIZdQWmwP_4_vZrQ06cEJDyjwkzlz-E7C4TR6gfQnGrlSAvLhLT68Z_rn3VFQ8siGlFGZhynaMJfO70qwg%26adurl%3D&documentReferer=https%3A%2F%2Flookbook.nu%2F&ancestorOrigins=https%3A%2F%2Flookbook.nu&random=3775906432402&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Mon, 18 Apr 2022 11:33:16 +0200

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 75CD 41 KB
15 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 17 Apr 2022 13:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 17 Apr 2023 13:57:03 GMT

GET
H2 200 IAS_PassbackAds_300x250.png
static.adsafeprotected.com/ Frame 6F4E 14 KB
14 KB 8ms
8ms Image
image/png 2600:9000:2156:7400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/IAS_PassbackAds_300x250.png
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6adb794eda0e31a163ed517d8e63d388dbb762031a189349c72af2bc37bb4f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 5gVOAFoF.BCvnrybv6D.a4lGJXzJNSyO
via: 1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront)
etag: "65a8b98b798ce416d94c2847aca40c71"
age: 161552
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 14233
last-modified: Fri, 18 Feb 2022 23:28:59 GMT
server: AmazonS3
date: Sat, 16 Apr 2022 13:40:45 GMT
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: GKx1PdLMdK2i5FuFARo5RBviayVOUCwv8s-4AUoM6JNaBKKw3mw0cQ==

GET
DATA 200
OK truncated
/ Frame 75CD 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8e6b08089baedc8a3916fd6a26f5379b4ca996dfa159c153538c7a31f6fa868

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6F4E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87a681876b3649821f0fc54ddc42d4f3b1714bc3c364945b370127096862fd54

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1DC5 22 KB
8 KB 37ms
36ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 73734
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 17 Apr 2022 14:04:23 GMT
expires: Mon, 17 Apr 2023 14:04:23 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C736 22 KB
8 KB 38ms
37ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 73734
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 17 Apr 2022 14:04:23 GMT
expires: Mon, 17 Apr 2023 14:04:23 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4133 22 KB
8 KB 40ms
39ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 73734
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 17 Apr 2022 14:04:23 GMT
expires: Mon, 17 Apr 2023 14:04:23 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 12 KB
3 KB 89ms
42ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2a86a8290afaeb2bf36a9ff634eab2e1b9a399edd2a5d50db13b7d8dd166651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 356718
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2838
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 14 Apr 2022 07:27:59 GMT
expires: Fri, 14 Apr 2023 07:27:59 GMT
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 75CD 0
622 B 243ms
77ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstPDZuvbwZ75ev2CJTkHjWpAbar7YzDRZMLplsmCnPlVOSzBjNhMBSquF6pOwWaVnY5fgbSY_6CNQUEmfh9IisCzWW3ccSeYIdwmwh1fPncolmJbWfysGWrrxYersvv3pSkhilN_euFocsjb6RlzRK3wP5xFQFrHCo2rIMrKxLx-jUtDQ7IAgeYnSvR3yljgGnyC1oOO_bjjWU1QFqjsq26y3zphNkw0UxIoSqeb-hzFxs2s3460ak3QU80JO8gTLwarp-z-H8RSIWvzYezwTmFpzzkvn2l1dlDuj6W4mZx5iBQhOtRKyLMdGLwrzeYKjIHGLZMSMTLKuCAB5piEPvF8vCiEg4ho4hUSBYZmRLbPgL0SZKNwcr8Vc6x81h3rScYFQ6ZGe4zxfoBYRx_wwwY28XBPvyO3CRIq2YxMmLymrAkL8Ka7U72LuKcnbZl1g8cI57kVooYOCeqz3mHQ7PIZIWwB2u8nAYV59A_S8lBJ6psM-qHV0Q9sQWlF6hUA34x2hS4tceN8VBBTpk8mNovEy2scHqrrgg17HKcst2ACjBjvJtmyzWdA2Ey2ZE9fnZQU5eBrDwYWyeLp2luhRTpflU7gG15r3zaBtNpjrTks_kN1u6tgYAQME-ud-YRSwWYpD1LWxn3w2nkc4oKXnYmd50jaEzTBP3DXE4avaV1LBpgNF_g7qc7q9cGEjNBPG-CwMYtcfNrOsFI1FxpXRYhMEhbIO92Es8NpmcfboUN0ucnugk6qMxuWXCW0ExLemI0ZXQ9fj9WefhOq9CsxdmvoPPqJQpJEmiyQp1qOoj0MRZJ0SC4pIvimUYH0VHoY_DD5u9570wDFhm8QzgMaqSxCalq_lp0FBrEwNYdoa934uYuBHRJnyAP9E_UYBbjc5YnphBybjPTxvuN_7bGZU_UvDARZUopLQokcXVdvr5RaRHTJRIb_UsFnHwWB7GEAVxHRiYhPwU8YkN_aVirLR3in8dxI3W7CBBNvYpzf9tViUA8OSqeZhiMEQ65KRp7zstxinnDiBlo5tl8ERXJKZL9tRLyNgo2qBxsdE_iVOZPlaKyA7B5YjTiv-EvG7IdtXdKLjD_Z3xiAm7g0XsQplyH-_TOwfvXKX62TQrw19a2v4NNONmCgRw&sai=AMfl-YQSPt4C1SfRoHtVi1-FDRskLf_sRdYy_U8Fd_vwpzhLIqMrUfvbrYfBKhZf5kXV-5cxdmaoRMp9MWaHGV0ijIk0O3q12zh29IdkAgXGc4LzUAHRHs37My8sP_QCMBO-hyybRpXTI9OddTrbx652z_8Y3lmnEyuBnr2weYidA-rZCRcfctWrW4VMMKiCH4vFWSG2OqATX0aVzNKNlgOiBjJrEjZAqR0&sig=Cg0ArKJSzIlp8XSkK2PpEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=225&cbvp=1&cstd=218&cisv=r20220413.93796&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 18 Apr 2022 10:33:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame D552
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=30638100075181304444554011933012&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=30638100075181304444554011933012&actionid=981741&produktid=&dt_url=

0
627 B

170ms
34ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=30638100075181304444554011933012&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=0df69568ba&subid=&uid=58c969849cfa8319&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC_W8XbD5dYrrlBr6P7_UPotKk2AKm5b2gaa2VnKfJD_AuEAEgoa7VGWCV4pCCoAfIAQmpAl_9NSf3JLI-qAMBqgTkAU_QRbtH8pIx_79_yGRAf2bMKkO0h7lc1sMpGfeBFic_EKb7GHsQFI0qilSpnmQLiAZvVaXwE7Rs3OfKKTylWve96YDXhB6bcIlKv_jQZhDSB1tKiSNtPuUmng3jaVUjvYpA_OmC-7as25Z_dxR4SSjGRaGx9nWCYOVMEheeAUuz59FlYUxGB-ci-AQfaPO181BbWvkvkk2CErChBOav3hWxpo0K5PhaLPCSsvyozn34-6WHA3BnOcmb-fZRlk9jRkmE68P6Vk9I6PlgdSVO7z12UE6FqPz0g00aDrQ0AtLeIfinyMAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg%26sig%3DAOD64_3hpiAYlySnMvDmj4wvHEjE-XQtMA%26client%3Dca-pub-0790894148451785%26dbm_c%3DAKAmf-D5Mn-tHcbspRBz09obCx8WXEo0ev0lOCwa8pVSdZ6yICm0OKKv0VbhQu3Ck6zeHDZkuGIjEWjmVoBn7UTlY1zMdW15RAcf8f-KcYB9yuvmPb_coThDHio5Kbk07b4ktgBcNTGJ1RmITBaoWTUV0PZVad4mUg%26cry%3D1%26dbm_d%3DAKAmf-BgYIMjpSnJBnsikgi0cihBlVqFBLsVt21LPzUK6BJ4z0qNZPlxw1nutDzHjB_pgXtRFVVNoSotjoQYUhzZviG6ANXYpGxItHuBCpQqBnCQg6DHu458kmEAO1x5hY-EdOPmNlwKnNcMenAL1cJ882dGbYEOuy4bG-MzZOlMqHltwd3iDMZDKVuq1blxvcsRnCEGgVV7G0hQqeAieL4zqLvf67fvBa90bRfwGz0b1XGCIkoqqv_LppmHw1-3nTzOrcSKhLhhdVB7tY1imal0m3sw7131fVO9kkRMShkv2dSIaiLAcP-TwVyxbY-9GnCGOID5VdYAYnCmVm9t238A5t9WCCrAWmYtgI47C7-3e2SUhXQKr5pdbmRmDF-oQ7pR3v8qoNL-q0hyT6dJLZgc4HbsmNaubhzo_cIZdQWmwP_4_vZrQ06cEJDyjwkzlz-E7C4TR6gfQnGrlSAvLhLT68Z_rn3VFQ8siGlFGZhynaMJfO70qwg%26adurl%3D&documentReferer=https%3A%2F%2Flookbook.nu%2F&ancestorOrigins=https%3A%2F%2Flookbook.nu&random=3775906432402&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 18 Apr 2022 10:33:16 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Mon, 18 Apr 2022 12:33:17 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Mon, 18 Apr 2022 10:33:17 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=30638100075181304444554011933012&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: B9D59BA3:E9E4_91EFC182:01BB_625D3E6D_1F827E0C:F726

GET
H2 200 / Show response
adv.office-partner.de/ Frame A1EE 930 B
931 B 52ms
7ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=0df69568ba&subid=&uid=58c969849cfa8319&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC_W8XbD5dYrrlBr6P7_UPotKk2AKm5b2gaa2VnKfJD_AuEAEgoa7VGWCV4pCCoAfIAQmpAl_9NSf3JLI-qAMBqgTkAU_QRbtH8pIx_79_yGRAf2bMKkO0h7lc1sMpGfeBFic_EKb7GHsQFI0qilSpnmQLiAZvVaXwE7Rs3OfKKTylWve96YDXhB6bcIlKv_jQZhDSB1tKiSNtPuUmng3jaVUjvYpA_OmC-7as25Z_dxR4SSjGRaGx9nWCYOVMEheeAUuz59FlYUxGB-ci-AQfaPO181BbWvkvkk2CErChBOav3hWxpo0K5PhaLPCSsvyozn34-6WHA3BnOcmb-fZRlk9jRkmE68P6Vk9I6PlgdSVO7z12UE6FqPz0g00aDrQ0AtLeIfinyMAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg%26sig%3DAOD64_3hpiAYlySnMvDmj4wvHEjE-XQtMA%26client%3Dca-pub-0790894148451785%26dbm_c%3DAKAmf-D5Mn-tHcbspRBz09obCx8WXEo0ev0lOCwa8pVSdZ6yICm0OKKv0VbhQu3Ck6zeHDZkuGIjEWjmVoBn7UTlY1zMdW15RAcf8f-KcYB9yuvmPb_coThDHio5Kbk07b4ktgBcNTGJ1RmITBaoWTUV0PZVad4mUg%26cry%3D1%26dbm_d%3DAKAmf-BgYIMjpSnJBnsikgi0cihBlVqFBLsVt21LPzUK6BJ4z0qNZPlxw1nutDzHjB_pgXtRFVVNoSotjoQYUhzZviG6ANXYpGxItHuBCpQqBnCQg6DHu458kmEAO1x5hY-EdOPmNlwKnNcMenAL1cJ882dGbYEOuy4bG-MzZOlMqHltwd3iDMZDKVuq1blxvcsRnCEGgVV7G0hQqeAieL4zqLvf67fvBa90bRfwGz0b1XGCIkoqqv_LppmHw1-3nTzOrcSKhLhhdVB7tY1imal0m3sw7131fVO9kkRMShkv2dSIaiLAcP-TwVyxbY-9GnCGOID5VdYAYnCmVm9t238A5t9WCCrAWmYtgI47C7-3e2SUhXQKr5pdbmRmDF-oQ7pR3v8qoNL-q0hyT6dJLZgc4HbsmNaubhzo_cIZdQWmwP_4_vZrQ06cEJDyjwkzlz-E7C4TR6gfQnGrlSAvLhLT68Z_rn3VFQ8siGlFGZhynaMJfO70qwg%26adurl%3D&documentReferer=https%3A%2F%2Flookbook.nu%2F&ancestorOrigins=https%3A%2F%2Flookbook.nu&random=3775906432402&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Mon, 18 Apr 2022 10:33:17 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Mon, 25 Apr 2022 10:33:17 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame B477 1 KB
2 KB 210ms
129ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=30638100075181304444554011933012&nw=1
Requested by: Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: a280a702e60f5a256be577ca707896ed3348c51e5a4dce5b99c8c6cf43d15dca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Last-Modified: Mon, 18 Apr 2022 10:33:17 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1231
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900012.redintelligence.net/ Frame EFB5 7 KB
2 KB 35ms
13ms Document
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request_content.php?s=30638100075181304444554011933012&a=1824eaca
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=0df69568ba&subid=&uid=58c969849cfa8319&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC_W8XbD5dYrrlBr6P7_UPotKk2AKm5b2gaa2VnKfJD_AuEAEgoa7VGWCV4pCCoAfIAQmpAl_9NSf3JLI-qAMBqgTkAU_QRbtH8pIx_79_yGRAf2bMKkO0h7lc1sMpGfeBFic_EKb7GHsQFI0qilSpnmQLiAZvVaXwE7Rs3OfKKTylWve96YDXhB6bcIlKv_jQZhDSB1tKiSNtPuUmng3jaVUjvYpA_OmC-7as25Z_dxR4SSjGRaGx9nWCYOVMEheeAUuz59FlYUxGB-ci-AQfaPO181BbWvkvkk2CErChBOav3hWxpo0K5PhaLPCSsvyozn34-6WHA3BnOcmb-fZRlk9jRkmE68P6Vk9I6PlgdSVO7z12UE6FqPz0g00aDrQ0AtLeIfinyMAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg%26sig%3DAOD64_3hpiAYlySnMvDmj4wvHEjE-XQtMA%26client%3Dca-pub-0790894148451785%26dbm_c%3DAKAmf-D5Mn-tHcbspRBz09obCx8WXEo0ev0lOCwa8pVSdZ6yICm0OKKv0VbhQu3Ck6zeHDZkuGIjEWjmVoBn7UTlY1zMdW15RAcf8f-KcYB9yuvmPb_coThDHio5Kbk07b4ktgBcNTGJ1RmITBaoWTUV0PZVad4mUg%26cry%3D1%26dbm_d%3DAKAmf-BgYIMjpSnJBnsikgi0cihBlVqFBLsVt21LPzUK6BJ4z0qNZPlxw1nutDzHjB_pgXtRFVVNoSotjoQYUhzZviG6ANXYpGxItHuBCpQqBnCQg6DHu458kmEAO1x5hY-EdOPmNlwKnNcMenAL1cJ882dGbYEOuy4bG-MzZOlMqHltwd3iDMZDKVuq1blxvcsRnCEGgVV7G0hQqeAieL4zqLvf67fvBa90bRfwGz0b1XGCIkoqqv_LppmHw1-3nTzOrcSKhLhhdVB7tY1imal0m3sw7131fVO9kkRMShkv2dSIaiLAcP-TwVyxbY-9GnCGOID5VdYAYnCmVm9t238A5t9WCCrAWmYtgI47C7-3e2SUhXQKr5pdbmRmDF-oQ7pR3v8qoNL-q0hyT6dJLZgc4HbsmNaubhzo_cIZdQWmwP_4_vZrQ06cEJDyjwkzlz-E7C4TR6gfQnGrlSAvLhLT68Z_rn3VFQ8siGlFGZhynaMJfO70qwg%26adurl%3D&documentReferer=https%3A%2F%2Flookbook.nu%2F&ancestorOrigins=https%3A%2F%2Flookbook.nu&random=3775906432402&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 9336f1e6ac5e2af89bb1c7e87bd15a5670c7f8a1a0931a3089d1137e011a39a1

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2068
Content-Type: text/html; charset=utf-8
Date: Mon, 18 Apr 2022 10:33:17 GMT
Expires: Mon, 18 Apr 2022 11:33:17 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame B477
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=30638100075181304444554011933012
https://ad-server.eu/wm/pb/native.png

68 B
312 B

155ms
28ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 10:38:35 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Mon, 18 Apr 2022 10:33:17 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA3:E9EE_91EFC182:01BB_625D3E6D_1F8ADD88:F724
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B477 43 B
705 B 64ms
12ms Image
image/gif 23.205.253.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338577&v=11830&q=357066&r=296283&pref1=30638100075181304444554011933012&pv=1

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.205.253.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-253-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame B477 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3103290492cb0ba86b2b25d7b21b1b7d3b702a46b24ac852006a00fea35810db

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js Show response
pagead2.googlesyndication.com/bg/ Frame 1DC5 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 17 Apr 2022 21:02:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13566
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Apr 2023 21:02:46 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6F4E 43 B
215 B 171ms
171ms Image
image/gif 52.36.70.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1016769&asId=57c8a358-ae3b-63d4-55f3-b8c8b6520fc0&tv=%7Bc:a8dFCz,pingTime:-10,time:515,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1650277997263%7C%7C161891c8c06502067b0310adf4790dd7%7C%7Ceb4f03ab9dc867f6a5bdb2294b85db99%7C%7C2a9dc751e5e090a1e07262fb676fbc64%7C%7C65c7dbe0e09dff07497bc9e9e2981b8b%7C%7Cd4330843eeb9fc38419a45ecb3b97749%7C%7C2fdfacfd0588649a4b41155f6dcd6a29%7C%7Cd3bea97cb4c2411ec6d5d82bc648ad13%7C%7C1629390669%7D
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.36.70.233 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-36-70-233.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 css
fonts.googleapis.com/ Frame EFB5 4 KB
1 KB 183ms
48ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=30638100075181304444554011933012&a=1824eaca

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

97efeda8567c33ed3cd7eb616868f1282f50e8ca9ec1ebe3ab632b0913dbdc26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 09:31:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 18 Apr 2022 10:33:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 18 Apr 2022 10:33:17 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame EFB5 16 KB
16 KB 40ms
16ms Image
image/png 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=30638100075181304444554011933012&a=1824eaca
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: b03219b33e3abf2754669fdfa0dc42b00d13944f8eb1c852b9525a8e11f4e0ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 10:33:17 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16464
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame EFB5 14 KB
14 KB 39ms
15ms Image
image/png 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/32783/creativesup/native_ad_globus_baumarkt_1200x627.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=30638100075181304444554011933012&a=1824eaca
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: bda5829cfc533b07db1619edc6d0d8f6173feddfbeb41d39500f0d7428410dba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 10:33:17 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 14131
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame EFB5 16 KB
16 KB 117ms
93ms Image
image/png 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=30638100075181304444554011933012&a=1824eaca
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e0a6dadd9007269312e36d0dab48fc35e3b54e8ada02b3faa5f0847380edf0f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 10:33:17 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16531
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js Show response
pagead2.googlesyndication.com/bg/ Frame C736 35 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 17 Apr 2022 21:02:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13566
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Apr 2023 21:02:46 GMT

GET
H3 200 iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js Show response
pagead2.googlesyndication.com/bg/ Frame 4133 35 KB
13 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 17 Apr 2022 21:02:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13566
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Apr 2023 21:02:46 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6F4E 43 B
215 B 200ms
199ms Image
image/gif 52.36.70.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1016769&asId=57c8a358-ae3b-63d4-55f3-b8c8b6520fc0&tv=%7Bc:a8dFDL,time:589,type:e,im:%7Bpci:%7Btdr:512%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:589,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B579~0%5D,as:%5B579~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t3lQigo+11%7C121%7C13*.1016769-62197370%7C131%7C141,idMap:13*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.36.70.233 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-36-70-233.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame B477 51 KB
51 KB 61ms
10ms Script
application/javascript 143.204.98.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=30638100075181304444554011933012&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-117.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3900c8b5b423944473f2b5735300291c473881985b2e64318b01fd3d7eefcbd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: snQAK.nud_Ry1pExcABmNeZsZtrLXsiU
via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
last-modified: Wed, 23 Mar 2022 11:22:01 GMT
server: AmazonS3
age: 19782
etag: "101c8120dbcfdb729e8ebf54cc77d0cd"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 18 Apr 2022 05:03:35 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 52083
x-amz-cf-id: C2ZyrDvweHxIlvRuadrhHtYQYrRRq3cLEhv-XGkVZjoLVefgOMIdyQ==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame B477 85 B
541 B 69ms
26ms Image
image/gif 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=57257800074083300951425011933026&wglinkid=498343
Requested by: Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 10:33:17 GMT
Last-Modified: Mon, 18 Apr 2022 10:33:17 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/gif
Content-Length: 85
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame A1EE 86 KB
34 KB 136ms
51ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ba81a369f6512abbbaf6b425892c79c4765a55516cd14974960bd6fd05c0f483

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34040
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 18 Apr 2022 10:33:17 GMT

GET
H3 200 main.css
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 34 KB
6 KB 40ms
39ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/main.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

529777ca0d17c2fbdd6c99aecdb66086ac7ec84285279e441135c7eab9c4f255

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356711
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5821
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:06 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 251 KB
36 KB 40ms
40ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95eafc94c9d07d3d2c523f334867189dc3cfa393ac6d5c88a42deb8870851ac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356711
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36761
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:06 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1DC5 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BsB8ZbD5dYsnjJ5aPjuwPxamFYAAAAAA4AeAEAg&bg=!19Sl1JDNAAZvJBiFTyQ7ACkAdvg8WjjSOFXZY9xqhifKmasOgk_Jwjq0Cwou4DaEdXdz9Q8ugXov5wIAAAB4UgAAAAJoAQeZAuor47YNo2EAlyOb-yZpDgP56pP3jzj3B8hHutNgihwnUsxzAj7jYNNJ9NqWlF_oXcCqa8WC-jcwOemvVmS9PUUqrX4haV_6yy6Cvffzu2fUASirKeeGJii0XethcR0vsZvatR9TLGysbaV7MQMrNdraBrUq9jXZQy4EQ9hIW9X7xgMiI6g1iqmkSAHp-4GeuS0Dt92LLnuCTkuFwx3EfWykck7DhVcua1kEHI2mWVPzB6yA7WGT6c5CuOwhmbQfSYsEXRh4Fq27Tht2gRghwo-2_t4U2a_Qveow935s_rs4L8j3TkB6nh4uNpl1CmyB6uSHl9bTnBbcqTmfqSthiCSVkxTSDhedPRMCFnXUOwc4rM9D9Akb3aGPmVu1AZ8D_UBdQuaw9Ks9HUQSheaPYDUD1vZim8EY7Nq_nBCKrOLzECF_PsfNqFXKCpz5W1pjxMufW1LTiKAkhI7USmkKukOYmVAKJAyLfoH2ARoQ3VqI37v2UGvW84VbpYcXNKe-8TYqfrq-33_64FDlZD8nNFizHTV3Y6AZVC9hvxljHtnGaTt3FwYoYK-sUEvHmr-wRdrm4RBxYU72jgG-wAn7nffb8_DXCP3vWMi8fJKxRwsxt2oVT8HjUeYyN2_G0qNzlZSOqOmZ2S6eIP8XurFOWt3W0Vw3jY-jzYE_q7_og4jT6_Gh9SdQUyJszZGfPhtldUUoYsRJy3F5VLl43tpvLguPywxxPIR-Xe4UZUgAKRjaZ4bvT7QWs7lkuf22QDF-_fzvSbpW815nB2kJ9wZQbJOBf9UJVv_5b7WgIJF8_pRbxi2iRORQt2IrJA_vUOOyB_K00x9lqSxEv_Vu1CcDjw_wRbBD8s4omk6rxUhNCtfXFuIrTkrJSFxXul3hdOG-E53Rl2InfaAsftbQbhQTSyuKJpqP3tIRyPPPmdonx4C9A-wb0ggAnnKUIvwyIQ31iTvxWfKVH_HOveph2FnumOec8f8K_N01V4Ic9g

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900012.redintelligence.net/ Frame EFB5 0
150 B 38ms
13ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/viewability?s=30638100075181304444554011933012&a=bc53cf1c&vb=m
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=30638100075181304444554011933012&a=1824eaca
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/request_content.php?s=30638100075181304444554011933012&a=1824eaca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 10:33:17 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 takeaway-sans-bold.woff
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 53 KB
53 KB 41ms
41ms Font
font/woff 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/takeaway-sans-bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fca9344a728a3f070776a1876042e7abcbe564beab7bd8cac06dfc0619f5312e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/main.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:03 GMT
x-content-type-options: nosniff
age: 356714
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54144
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:03 GMT

GET
H3 200 img_621cef52ccb846.29276070.gif
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 580 KB
580 KB 61ms
61ms Image
image/gif 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/img_621cef52ccb846.29276070.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f07e931e7fb8d80774730cc3841ffb2147d1fd7534d43474147e8a91e68b4c29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:07 GMT
x-content-type-options: nosniff
age: 356710
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 594203
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:07 GMT

GET
H3 200 img_621cef52ccb977.80735540.png
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 3 KB
3 KB 58ms
57ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/img_621cef52ccb977.80735540.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d90614b41b3bd267e2201b99cd3ebc741106bdb63a8e5f238ce8a7fb40b0b36a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:02 GMT
x-content-type-options: nosniff
age: 356715
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3459
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:02 GMT

GET
H3 200 logo_DE_v.svg
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 9 KB
4 KB 58ms
58ms Image
image/svg+xml 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/logo_DE_v.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69e35cddf16a399e84c83c45c72e24d4529b9798812015e6fa85887e2dbabfe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356715
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3724
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:02 GMT

GET
H3 200 logo_DE_h.svg
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 9 KB
4 KB 59ms
58ms Image
image/svg+xml 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/logo_DE_h.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a9fac132ba21538ee6a1156e87bab38a8285a6a62f43e93d7018c0c55bdb355

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356715
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3786
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:02 GMT

GET
H3 200 img_621cef52ccbd04.37165583.gif
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 54 KB
54 KB 58ms
56ms Image
image/gif 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/img_621cef52ccbd04.37165583.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16284c6b00ecfe2dd9a9758731323ebf30fa9db78d0fd50be9bc0538b32b1c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 11:07:06 GMT
x-content-type-options: nosniff
age: 602771
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55046
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Apr 2023 11:07:06 GMT

GET
H3 200 img_621cef52ccbda7.11156373.png
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 3 KB
3 KB 55ms
55ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/img_621cef52ccbda7.11156373.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d90614b41b3bd267e2201b99cd3ebc741106bdb63a8e5f238ce8a7fb40b0b36a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:02 GMT
x-content-type-options: nosniff
age: 356715
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3459
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:02 GMT

GET
H3 200 img_621cef52ccc043.91675740.gif
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 54 KB
54 KB 57ms
57ms Image
image/gif 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/img_621cef52ccc043.91675740.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16284c6b00ecfe2dd9a9758731323ebf30fa9db78d0fd50be9bc0538b32b1c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:02 GMT
x-content-type-options: nosniff
age: 356715
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55046
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:02 GMT

GET
H3 200 img_621cef52ccc0d5.65819852.png
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 3 KB
3 KB 58ms
57ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/img_621cef52ccc0d5.65819852.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d90614b41b3bd267e2201b99cd3ebc741106bdb63a8e5f238ce8a7fb40b0b36a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:02 GMT
x-content-type-options: nosniff
age: 356715
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3459
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:02 GMT

GET
H3 200 app-store.png
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 3 KB
3 KB 62ms
61ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/app-store.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b7213f37b63c1fac9900ecd1102259cc0a20544a2d2dbbaa735a6999a27a753

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:02 GMT
x-content-type-options: nosniff
age: 356715
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3019
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:02 GMT

GET
H3 200 google-play.png
s0.2mdn.net/sadbundle/17355885110487226507/ Frame 0C89 8 KB
8 KB 60ms
60ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17355885110487226507/google-play.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed0f81097fe4da2a154a3c1afc95092e037beba15170cd5add01d4518dabcc90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17355885110487226507/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 07:28:02 GMT
x-content-type-options: nosniff
age: 356715
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7895
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 16:47:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 07:28:02 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame EFB5 13 KB
13 KB 134ms
48ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900012.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 18:04:09 GMT
x-content-type-options: nosniff
age: 404948
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:37:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Apr 2023 18:04:09 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame EFB5 13 KB
13 KB 123ms
39ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900012.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 18:03:30 GMT
x-content-type-options: nosniff
age: 404987
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:39:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Apr 2023 18:03:30 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C736 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bmm7TbD5dYsD1J_St9u8PuOuhwA8AAAAAOAHgBAI&bg=!srGlsfXNAAZvJBiFTyQ7ACkAdvg8Wh0n357a76m4JM63LUpN0n2coqHKKeeGZIVZ_EDJ-7rMmMzW_AIAAAE0UgAAAAJoAQeZAvFQm56QWRVf9iw4M1ArumAo-y83QVOjbH4R7nv8qhMuicL4Tw2g24qoY6vJk_jyLkIttlDWyhxN4OqCpGK0UjkcfuKnkBpWcTvfWrvtwFVvEjE1TXposOUQ4TVRxHgdhpJfmy9A79q2lyLzCt7PP_8dJnzBhaR3B37xuiDMagWj5_RmXLT2ytuum3IJH8hbz0I-7yDrstnTeqxm-oP_xoGHERrw0ibiJfzuwO9QZSXusdKn8zlI3bAnjXVg8MHrUyBo_UmM9rSt_FYKaCWpddpBH4IHimVqYQtjfLj7ZcX7G4cv8LJMAUIr5F_i23PoEPQ663MTN68h3PHlHU_sp5WUbuptnH8BotAIEBhBaNRQm0A-79LQWbT5LEbkSO7iZc-KY8atouffxzEslrFmlT-Dbw1-Yr6IfLrQKvf7qsnR3gxS_ZsdnSDgrVSz9D9crV7MoB0LhS9GNPUZYv5tx4zXVvrXkhN2ptOEF7ETUQc_PrwIgJtFr_ukY8EJG-e6SL6DNJi9HK_O3lVsZIpqjLc0GgnUDpoVirVHMESvdqeJoRGd0Ue2t-Api3Y0hPEg8q2glyc1wrbijbHqm0wUsbygLKs8rUmf8a_q7qZRGjH9nPphkPaxdsQfZ2eRdJLxdK5IDMwNtzrFMrdvz9Ymz2yrFLi9IdFahy0g0A6j5p_WbW8YVKgXXazxeS4KsOhXh9K62NL8KEgIjzqAGBRu25wVziVhQS_7b0_w8hnbeHg8HREF6S9fRkSfhgDH1YkeCYbMWX-Xym63kmvPRVgrAN1Ny5l6m3qLnaTelLyOHqXiUXGqdQgqLss8krf7YGVXVNpeg_EZ8_F0VY0pMmzkZRlknj-nxVBZBhY5E4ZrfHYjeV_Yu374J18w6yw0v4NSUehLze99uKuk_ERprzSAK3b4VntUqJIiXNaMPKoZo242PrEcr3tZh8bUhGiakMeiO0-3SbqjLYDXEgTw1q93N6LLoqjM7AroNcxsqXTHL4ZXHk4

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4133 0
20 B 80ms
80ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BjyR3bD5dYqzuJ4bPgAe4tLXoAgAAAAA4AeAEAg&bg=!bW6lbirNAAZvJBiFTyQ7ACkAdvg8WnHiq_ab6SUOt_KfO91xqFIqkwfDn30_59-lQAodUUPehWtMzgIAAAEmUgAAAAFoAQeZAwA0qh31nFhz2oYhGs5KjHbGATDxjCuS2KWLzmMwv0_vmNXkvzfNO3fg_HA2vKP8AjuSew5k6FSghZpf8s2XqXO58-XqIsmu90Y3eOAqQ8TkVWsPSb79s-YcOrWzdr0w0IE_dkLsU2ug1dqfUAi1ULStq3wXkH-u4EsA-vBTQZ7GjxIAi2ckw9JLE55ZPF8Z449Due7rkDlhD5-j_EzWxTwyCTKoTjhuHFSiIuJrzkPfoo6tgbL_zhEm0eZ9ntLYyTyMJgjubdBDdrOxyMsu64TSqyvf_z_I02qh8wt97DqI6hYNxcs2EmNdNDIASKvmdyZVoFhiBBAYdgoAygJz-lRbKn44JnI5gVRoLMEoOBBKcdGwddXkl9A5_Ybby2823S9OaEakm7dH0tDpeIyIa1a2vhL62Y2K-wjSt7QJOKBYCOGH4FfPlLlxITfNA_2RfERAmRbAvZbj1cxcE2nKYRNKzNk5q0m52pwn_xOuBFgRYEXhqwv5DVJi_h6ZnOYs5wqllyaaeAoAkHsKRV5m4dUiv3JAU7c4RsVQy2C2Q5a4qW7mjyb6xJWFYd_H3VJ89c1avfcpCKxrLwvdzIghr_9dBCzk6DEPdKDI0cDv_etcFk6Zy55gAG5-qsNc8Vh-Byk5SNP-Eb2fUzy7FhNadXf_oxyjaqra9yYgF5yPVaMRWeoEqM4K4f8v0KLTi2cwYSN471_J-Y13WyIzXEwLzhd_eIVCyWN_GeCT-wa98ql4hjgiluPA5hMXuTAvnD3IAhOtbrBrDwgdaUNYVGWQYSo7xJsvG9Q9FdFBuFVPfVy4sXxR4XDzap1NiWMgDgsVjKO27aCCOxNdm6z2Mc3tXLhfp1mEXfR7IycscRCxHGZ07XNdPI0IpSCUBPI1WVLnYJfpZRVIWGHPgX1d74d8Q3sRGhXix0OSqTEmcDe1_Mvq7U6raALoWfjNlU-uNEz3BL-V2VRe2aAzx0giIhhdyMrXKtYWATDzos1zCc8WxwjU0V8WdiFqNAGh43v3HMDZyUM

Requested by

Host: 1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
URL: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 75CD 0
26 B 110ms
68ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstPDZuvbwZ75ev2CJTkHjWpAbar7YzDRZMLplsmCnPlVOSzBjNhMBSquF6pOwWaVnY5fgbSY_6CNQUEmfh9IisCzWW3ccSeYIdwmwh1fPncolmJbWfysGWrrxYersvv3pSkhilN_euFocsjb6RlzRK3wP5xFQFrHCo2rIMrKxLx-jUtDQ7IAgeYnSvR3yljgGnyC1oOO_bjjWU1QFqjsq26y3zphNkw0UxIoSqeb-hzFxs2s3460ak3QU80JO8gTLwarp-z-H8RSIWvzYezwTmFpzzkvn2l1dlDuj6W4mZx5iBQhOtRKyLMdGLwrzeYKjIHGLZMSMTLKuCAB5piEPvF8vCiEg4ho4hUSBYZmRLbPgL0SZKNwcr8Vc6x81h3rScYFQ6ZGe4zxfoBYRx_wwwY28XBPvyO3CRIq2YxMmLymrAkL8Ka7U72LuKcnbZl1g8cI57kVooYOCeqz3mHQ7PIZIWwB2u8nAYV59A_S8lBJ6psM-qHV0Q9sQWlF6hUA34x2hS4tceN8VBBTpk8mNovEy2scHqrrgg17HKcst2ACjBjvJtmyzWdA2Ey2ZE9fnZQU5eBrDwYWyeLp2luhRTpflU7gG15r3zaBtNpjrTks_kN1u6tgYAQME-ud-YRSwWYpD1LWxn3w2nkc4oKXnYmd50jaEzTBP3DXE4avaV1LBpgNF_g7qc7q9cGEjNBPG-CwMYtcfNrOsFI1FxpXRYhMEhbIO92Es8NpmcfboUN0ucnugk6qMxuWXCW0ExLemI0ZXQ9fj9WefhOq9CsxdmvoPPqJQpJEmiyQp1qOoj0MRZJ0SC4pIvimUYH0VHoY_DD5u9570wDFhm8QzgMaqSxCalq_lp0FBrEwNYdoa934uYuBHRJnyAP9E_UYBbjc5YnphBybjPTxvuN_7bGZU_UvDARZUopLQokcXVdvr5RaRHTJRIb_UsFnHwWB7GEAVxHRiYhPwU8YkN_aVirLR3in8dxI3W7CBBNvYpzf9tViUA8OSqeZhiMEQ65KRp7zstxinnDiBlo5tl8ERXJKZL9tRLyNgo2qBxsdE_iVOZPlaKyA7B5YjTiv-EvG7IdtXdKLjD_Z3xiAm7g0XsQplyH-_TOwfvXKX62TQrw19a2v4NNONmCgRw&sai=AMfl-YQSPt4C1SfRoHtVi1-FDRskLf_sRdYy_U8Fd_vwpzhLIqMrUfvbrYfBKhZf5kXV-5cxdmaoRMp9MWaHGV0ijIk0O3q12zh29IdkAgXGc4LzUAHRHs37My8sP_QCMBO-hyybRpXTI9OddTrbx652z_8Y3lmnEyuBnr2weYidA-rZCRcfctWrW4VMMKiCH4vFWSG2OqATX0aVzNKNlgOiBjJrEjZAqR0&sig=Cg0ArKJSzIlp8XSkK2PpEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=965&vt=11&dtpt=740&dett=3&cstd=218&cisv=r20220413.93796&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: lookbook.nu
URL: https://lookbook.nu/user/9875454-Taari-Maa

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 10:33:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 99ms
52ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022041201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3567d63e1a53fe3975ffe0bff71e98d5ff359091761ee6e0b2e6441079f366c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 10:33:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10668
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 10:33:17 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 75CD 42 B
64 B 74ms
73ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssBM_G4NtdgqItsOd-oOTKcpGgaaDyrr7RcuB1ZU-wTfp0agRNDhx1Ri2LF80uBzCkf6C4NBoJPSmLMT4697ljD0TaGMeslaZmi9tSanZeAnK5jfHc7FA&sai=AMfl-YRkfhXzC19NvigtRjN-pFMiUoUCO8O8fbNZL7T59Ion-Sm85CjMf7MRqStx1qbYTHql3qj5mtpBxHqoOyzYv-G7RRuRtf8GlpdYXDB1zB6NkyuGE1Hw9T5CKlwsQ60&sig=Cg0ArKJSzAkgtxZo8fS0EAE&cid=CAASJ-RoC5xsLGXSNlsnk48EyShdAojvTLaEzqTDkZyyikRTovCAjq0LKw&id=lidar2&mcvt=1000&p=384,436,474,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3286650984&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650277996390&rpt=580&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F852 13 KB
5 KB 38ms
38ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 10:20:42 GMT
expires: Tue, 18 Apr 2023 10:20:42 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9843 783 B
534 B 98ms
49ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

918a45fce4fa9112e1fd47adb7f12d0eb13e2d2341a58dbb9667e17a2fcec6a6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-piDA6lblcMV5h7oY4urzqw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://lookbook.nu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-piDA6lblcMV5h7oY4urzqw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 10:33:18 GMT
expires: Mon, 18 Apr 2022 10:33:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6F4E 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssuCUv0PwqrnATABm_Tg2hHnri5PA9JNZa-rydb7focolcah5IAtIF8RBx_eVLWVZPVgT_xPr-Ojjb5PsIZ9NDMgdNUFKXgVnae0lfZkvhToUgry6bLEw&sai=AMfl-YRDnSIkUsKN4RamDD8oxQvTM2YZXA917DZNdl0l9vSnUI5CmfmQhog6xTjLPgOelARJWlfppuCtTQ6aknmMe5IC-2fsQKuhCiX15DDA&sig=Cg0ArKJSzPtYrn-_vnEaEAE&cid=CAQSLQCNIrLMGQMdUvB357W5PXS2QaBca8D4GD-xikXnecNZbsS7NeVSWsIp3-onAg&id=lidar2&mcvt=1000&p=488,990,742,1290&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220413&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=1276300409&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650277996423&rpt=592&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame B477 16 B
232 B 87ms
86ms Fetch
application/json 54.76.212.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.76.212.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-76-212-160.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Apr 2022 10:33:18 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 112ms
30ms Preflight 54.76.212.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.212.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-212-160.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 18 Apr 2022 10:33:18 GMT
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9843 0
0 90ms
90ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022041201&jk=2221379032323076&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js Show response
pagead2.googlesyndication.com/bg/ Frame F852 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 17 Apr 2022 21:02:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48632
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13566
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Apr 2023 21:02:46 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F852 0
9 B 37ms
37ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?q34KZg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 10:33:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 107ms
107ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022041201&jk=2221379032323076&bg=!RkWlRQHNAAZvJBiFTyQ7ACkAdvg8WqpJw6SjN-HltePtPlD2FExVh7gwjW9CBAPnqoTtHCbilRDP1AIAAABNUgAAAARoAQcKAGPqoNSMheSOsqCMRi_2Gi_bXh9_l8PyZeelrXINwOmjvIdgAhEw79yzB7lX7oPJ7YVGZkxx3Lf8gSTx6wCiDhkQmbIkCMpNX_lAJIeE-_4i4g0_fBgxWBdpZP5ySs0-QZ1HxVKZAqUysLJ-_FeBxEg7ha11_BfUOce_n0Jsd_v4reULF1dQ2gx_LhEuoend06an9z8WXBQwZUNjhoJb0WQKGrjbCs600rzPe1LrIHEXf_ZBLktUeq-L8S86V-xtQ5uR23kPwWV27uk0vlLLLgxwNRSzxJJYiBCoYdYPRD80Z_ki_d07mzqTZeA9yFKai7p6_WF9pcAvFP3Vit_C9YVZGgBB1-TyOHlv0foLS5W7bpreCg3upN-pS14rErnr9fqIamh-IgC4GBR5Ib9bt1WWmM3jq7pqgqUT9R1ZfvTmdFHS86lrgT3rOQEApSGNFYXL7s9O5r3K8FCPAAbHXZQ8cRJvBGzVKjdW8dmQ9LygbiD8LIsBHuUCOkNg78XYexIFwXPoaEkUwqQHEKWZ0olZRCvYpmmWrku2osA2Pt3kq0K-PehAcDQ4bLcTnIfTkj6tldV65fn8iP8JtTMF9AKQoOCp9LHOe1j17rOv6KYUawmInjEieUSbE3NiPmpPevQq8kkn07DHvrz9ia4XzfK7oxqjBrGqFow2KwHX6xWrxIveEFo5MME2pFm1ghwxYMNU6gQXyJcMiYc-2vRAE8cC33ULLfnYqsIO9sG9gKjryLP9SRgZf0Hzqneb-C9BbKw306d8EbjIbRgGnr2lTqGWtvJAsHvtE5OvR7vaAyOZIxzXRvBz-ewwFhmyCHDxP_72g1mFvmd0SDJxWSxQ3_R7yWXc7dbd1dNZMSAusgjmwliHOdPXk6Ap9mgsJRqnsDmxZt-vAN7etNPR12WtasCPEqCK75WHWqtK3CYPgawloFVqQjsTvcC_v6wxeverlHTvlZEIHPSqXwT0mo_UC9MpY1aaUHzdmy07Wpk1phzYdbk8x1s8G8sIJi9mrAIYSWVEBmVuoKxp_mZ5FA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lookbook.nu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6F4E 43 B
215 B 169ms
168ms Image
image/gif 52.36.70.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1016769&asId=57c8a358-ae3b-63d4-55f3-b8c8b6520fc0&tv=%7Bc:a8dG6g,pingTime:1,time:2356,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:21%7D,%7Bpiv:100,vs:i,r:,t:1355%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1355,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1345~0,0~100%5D,as:%5B1345~300.250%5D%7D%7D,%7Bsl:i,t:1355,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:326,fm:t3lQigo+11%7C121%7C13*.1016769-62197370%7C131%7C141,idMap:13*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.36.70.233 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-36-70-233.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:19 GMT
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6F4E 43 B
215 B 168ms
168ms Image
image/gif 52.36.70.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1016769&asId=57c8a358-ae3b-63d4-55f3-b8c8b6520fc0&tv=%7Bc:a8dG6g,pingTime:1,time:2356,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:21%7D,%7Bpiv:100,vs:i,r:,t:1355%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1355,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1345~0,0~100%5D,as:%5B1345~300.250%5D%7D%7D,%7Bsl:i,t:1355,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:326,fm:t3lQigo+11%7C121%7C13*.1016769-62197370%7C131%7C141,idMap:13*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.36.70.233 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-36-70-233.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 10:33:19 GMT
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

Verdicts & Comments Add Verdict or Comment

188 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
lookbook.nu/user	1969-12-31 23:59:59	Name: bookmark Value: null
lookbook.nu/user	1970-01-20 02:26:04	Name: 1-day Value: 1-1650364395713
lookbook.nu/user	1970-01-20 02:34:42	Name: 7-day Value: 1-1650882795713
lookbook.nu/user	1970-01-20 03:07:49	Name: 30-day Value: 1-1652869995714
lookbook.nu/user	1969-12-31 23:59:59	Name: last_session_at Value: 1650277995713
.lookbook.nu/	1970-01-20 19:55:49	Name: _ga Value: GA1.2.1397857931.1650277996
.lookbook.nu/	1970-01-20 02:26:04	Name: _gid Value: GA1.2.112585449.1650277996
.lookbook.nu/	1970-01-20 02:24:38	Name: _gat Value: 1
.scorecardresearch.com/	1970-01-20 19:41:25	Name: UID Value: 114b52ce8da4227d10d5f911650277995
.quantserve.com/	1970-01-20 11:54:52	Name: mc Value: 625d3e6b-bebd2-e2d8f-b86b1
.lookbook.nu/	1970-01-20 11:49:06	Name: __qca Value: P0-1815704186-1650277995745
.lookbook.nu/	1970-01-20 11:46:13	Name: __gads Value: ID=70e1d8e9c939a47f:T=1650277996:S=ALNI_Mbhw8lKknOPQvLlvTyN8N397nS0yw
.doubleclick.net/	1970-01-20 11:46:13	Name: IDE Value: AHWqTUnlN-uqonBo2hiXE3Hp0RE8UKc2Hw5FEeIK4Qrlsl1YEHMIOPY9gCsHnJ8C
.casalemedia.com/	1970-01-20 04:34:13	Name: CMPS Value: 3268
.casalemedia.com/	1970-01-20 11:10:13	Name: CMID Value: Yl0.bAM12b8B.U1Q11nkOgAA
.redintelligence.net/	1970-01-20 04:34:13	Name: 8lcfmzhxc8d6_uid Value: 65b5a4f0838509f4
.casalemedia.com/	1970-01-20 04:34:13	Name: CMPRO Value: 1172
.casalemedia.com/	1970-01-20 02:26:04	Name: CMST Value: Yl0+bWJdPm0A
.adnxs.com/	1970-01-20 04:34:13	Name: uuid2 Value: 5983335907161965365
.casalemedia.com/	1970-01-20 11:10:13	Name: CMRUM3 Value: 2d625d3e6d2760CAESENcm9_NWUP9m-qw6nQJc_og
.adnxs.com/	1970-01-20 04:34:13	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?hpOFaf!]tbPl1M>e)ZlrFUfJ+tGXvX+HJM15PRh'KJ3WpWD>C%=DB1u#[811TCVI%P3If)y3KL9D3I?-5a2<%F
.awin1.com/	1970-01-20 02:27:30	Name: awpv11830 Value: 296283\|1650277997\|f58cd4d1-bf02-11ec-9b3a-22623ec29485
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357066:2338577
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: cbt5lahvdayjaptjne2zclpv
pb.media01.eu/	1970-01-20 19:57:16	Name: DTU Value: 256515A0D6362E8E21F35229CD2624A0
.office-partner.de/	1970-01-21 02:24:37	Name: source Value: {"webgains_webgains":{"timestamp":1650277997710,"clickCookie":false}}

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1c82f30ebacbf2107cda652be688db78.safeframe.googlesyndication.com
ad-server.eu
adservice.google.com
adservice.google.de
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
api.webgains.io
c.amazon-adsystem.com
cm.g.doubleclick.net
connect.facebook.net
d33veqcui7lu1w.cloudfront.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
edge.quantserve.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900012.redintelligence.net
ib.adnxs.com
lbstatic.nu
lookbook.nu
pagead2.googlesyndication.com
pb.media01.eu
pixel.quantserve.com
pv.medialead.de
rules.quantcount.com
s0.2mdn.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
stats.g.doubleclick.net
tpc.googlesyndication.com
track.webgains.com
wasabi-files.lbstatic.nu
www.awin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
108.157.4.121
142.250.185.66
142.250.186.34
142.250.186.98
143.204.95.188
143.204.98.117
145.239.193.130
185.33.221.13
23.205.253.64
23.35.236.247
2600:9000:2156:3c00:6:44e3:f8c0:93a1
2600:9000:2156:7400:8:48e:53c0:93a1
2600:9000:2156:d000:a:ecd6:9900:21
2606:4700:20::681a:12
2606:4700:3031::ac43:9926
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200a
2a00:1450:4001:811::2004
2a00:1450:4001:812::2002
2a00:1450:4001:813::2006
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::200e
2a00:1450:4010:c07::9b
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a0b:4d07:102::1
46.236.13.147
52.31.65.246
52.36.70.233
54.76.176.197
54.76.212.160
78.46.90.238
88.198.250.30
94.130.102.164
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e6d52cda07540ae13ea2ba6fdf52ab1bd57530880afd1815e8845f041966067
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
161176b4c466fa98c0d4b41d66faaaeeb2723b72f6af7af0f69b460ee337b090
16284c6b00ecfe2dd9a9758731323ebf30fa9db78d0fd50be9bc0538b32b1c9c
1852ec5957212ab1ddc679453216178799dd25a2c75985a885e7d467328795e1
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
1a9fac132ba21538ee6a1156e87bab38a8285a6a62f43e93d7018c0c55bdb355
1b0df5acd41c11fc146d64795aa729d99370a98109ce1e441db4ac0b7f69d025
202f5a44ef1b1fac13c36c93eee29c52cd61f6e4f3f3ccbc35ce23683cc605bd
22453f56e95151d0ddd020f01d8569361a235712871cdcf5e313cefce2faf95a
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
299920669c7ec8c0add3c58f21eea89871a531545df0b8d70c46db2f44ff4cc4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3103290492cb0ba86b2b25d7b21b1b7d3b702a46b24ac852006a00fea35810db
3567d63e1a53fe3975ffe0bff71e98d5ff359091761ee6e0b2e6441079f366c9
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3900c8b5b423944473f2b5735300291c473881985b2e64318b01fd3d7eefcbd2
406470ce710489a6ef5702ed4b6ed423f568cf3b5cf620fbcd0c71b4ca8c10f6
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b7213f37b63c1fac9900ecd1102259cc0a20544a2d2dbbaa735a6999a27a753
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
510e1aa361b2d8d8d6e0a3f7c1663569260457ab9da2b457d6edfb7de6c4ddb0
51d35bffe0aeaa64097b7fdae34d06a35cd66390ebcbb1d9b8d6846a82144580
529777ca0d17c2fbdd6c99aecdb66086ac7ec84285279e441135c7eab9c4f255
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
553678e59fceeacafd5154462c78076454ba407aa61ad43bb7d3537f7145998a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59466fcac8870221eecad5cf85c6ea8b32577e4b2f2660d16fe70ab6935fe105
5eb2e32cbdf541a52377b16f7ea920e5cd43cf518e2c103173ca1de4d8cf67f0
6005e56ab3043d83726d25b0d17458e35b72355a81ca3230cc9de9058ee8b1f0
600bfe97fa2e038667ee5ff6d2d8455a5ef46a8950db22624eb7f0de238aa24a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61e486abb6b852311d3df4206e1f42ae41e6ebb85c0499df4c35bcf55d074af3
69e35cddf16a399e84c83c45c72e24d4529b9798812015e6fa85887e2dbabfe2
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
76b18cd3c46fd946063620646d58828292e07130e3c3ccba798e23ed0718453d
7cfab6a75576c6827a6d5dd7f823e993678ee3161fed858ca4bb51ae8ce96677
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87a681876b3649821f0fc54ddc42d4f3b1714bc3c364945b370127096862fd54
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d7600604cb30e42b1511c91d29c886de204d3f46d8c265b9c35b0960ccf8195
918a45fce4fa9112e1fd47adb7f12d0eb13e2d2341a58dbb9667e17a2fcec6a6
9336f1e6ac5e2af89bb1c7e87bd15a5670c7f8a1a0931a3089d1137e011a39a1
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
95eafc94c9d07d3d2c523f334867189dc3cfa393ac6d5c88a42deb8870851ac4
97efeda8567c33ed3cd7eb616868f1282f50e8ca9ec1ebe3ab632b0913dbdc26
99f73ec26d9716363ea8ea73560d10f91d63cf18e32103bcead35559ba1ac361
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0f1b2e3c59e8ead3c208aefebba198c0dbeb7447ab2025d92b7e7c8f7f8dfc5
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a280a702e60f5a256be577ca707896ed3348c51e5a4dce5b99c8c6cf43d15dca
a39b8a79e766dcc145e36963289cd8b497bd5131542b98c05695f4c09598003d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8e6b08089baedc8a3916fd6a26f5379b4ca996dfa159c153538c7a31f6fa868
a9aab9a81ed9cdb217eefe585e153cc2f64ea8792d5adf9060538a9b0b44ce4f
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
ae1662349ff25bf23f2d8c4d4affd74d2531892eac8dabfd7a05d80459c36583
b03219b33e3abf2754669fdfa0dc42b00d13944f8eb1c852b9525a8e11f4e0ac
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2462753fb71eca62b1057d83432361ad147e80bfb02d4f3ec3fb94655e6dc3e
ba81a369f6512abbbaf6b425892c79c4765a55516cd14974960bd6fd05c0f483
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bda5829cfc533b07db1619edc6d0d8f6173feddfbeb41d39500f0d7428410dba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c1cf81bef2ea82eaa43265a5ff786b7cd74e7d5f4f2de104b586f092ca0fb886
c53cb61e2947d208c306c8680d407115d7663d1920ef125ecdb1ffa417f22fcc
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d2a86a8290afaeb2bf36a9ff634eab2e1b9a399edd2a5d50db13b7d8dd166651
d2c7515288d5d4ed0b1c4606a673614a17300b865f901a0d5932df1d54c20e5e
d6efeec2f34bfbc7fdf5ce29588ae4d4dd021578c1494bec829ef4a5221edc50
d90614b41b3bd267e2201b99cd3ebc741106bdb63a8e5f238ce8a7fb40b0b36a
db513f489ed0426bfdcaf722ba9ddc11e2fa87304744948631d3d03e6b244a59
dd4bc601b2d6cdd261ca5f70037aaefd1766fee638771a12fb8aeb1854e3d76b
e0a6dadd9007269312e36d0dab48fc35e3b54e8ada02b3faa5f0847380edf0f1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
ed0f81097fe4da2a154a3c1afc95092e037beba15170cd5add01d4518dabcc90
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f07e931e7fb8d80774730cc3841ffb2147d1fd7534d43474147e8a91e68b4c29
f6adb794eda0e31a163ed517d8e63d388dbb762031a189349c72af2bc37bb4f2
fa154aae30700d792a088ec67e9e94878f0947772590d3dd49bb69dcdb1fc3d3
fc1e78a5cbe9e37f06546e1b831b08988edba2e09307f726d49eafbdcea25630
fca1fb4990a3abf9e6bba05433ed88ac85bfc8471a273c9c306a7685ace89d26
fca9344a728a3f070776a1876042e7abcbe564beab7bd8cac06dfc0619f5312e
fd66670e33f248ddc8f8accfb0173af1e10af2389bd59f04ff148ed3e7ff3025

lookbook.nu Open in urlscan Pro 2606:4700:3031::ac43:9926 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

153 Requests

90 %HTTPS

57 %IPv6

30 Domains

44 Subdomains

42 IPs

8 Countries

2759 kBTransfer

5669 kBSize

26 Cookies

1 Outgoing links

Redirected requests

153 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

lookbook.nu Open in urlscan Pro
2606:4700:3031::ac43:9926 Public Scan

Screenshot
Live screenshot

Full Image

153
Requests

90 %
HTTPS

57 %
IPv6

30
Domains

44
Subdomains

42
IPs

8
Countries

2759 kB
Transfer

5669 kB
Size

26
Cookies

153 HTTP transactions
3 data transactions