pencil.evolus.vn Open in urlscan Pro
125.212.248.224 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://pencil.evolus.vn/
Submission: On December 07 via api (December 7th 2023, 6:54:19 pm UTC) from US — Scanned from DE

Summary HTTP 208 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 25 IPs in 4 countries across 17 domains to perform 208 HTTP transactions. The main IP is 125.212.248.224, located in Ho Chi Minh City, Viet Nam and belongs to VIETEL-AS-AP Viettel Group, VN. The main domain is pencil.evolus.vn.

This is the only time pencil.evolus.vn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	125.212.248.224 125.212.248.224	7552 (VIETEL-AS...) (VIETEL-AS-AP Viettel Group)
4	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
41	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1 15	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
8 10	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
3 7	2606:4700:440... 2606:4700:4400::ac40:9765	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
3 6	99.81.22.6 99.81.22.6	16509 (AMAZON-02) (AMAZON-02)
40	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
6	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
6	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2600:9000:237... 2600:9000:237d:3600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
23	2600:1f13:800... 2600:1f13:800:7780:5e0e:b54f:841d:a117	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	23.32.185.35 23.32.185.35	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
208	25

8 125.212.248.224 (Ho Chi Minh City, Viet Nam)

ASN7552 (VIETEL-AS-AP Viettel Group, VN)

pencil.evolus.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.18.98 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:4400::ac40:9765 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.171.53 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 99.81.22.6 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-22-6.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:237d:3600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2600:1f13:800:7780:5e0e:b54f:841d:a117 (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.185.35 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-35.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
66	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	677 KB
40	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	503 KB
35	adsafeprotected.com 3 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 900 static.adsafeprotected.com — Cisco Umbrella Rank: 602 dt.adsafeprotected.com — Cisco Umbrella Rank: 567	307 KB
31	doubleclick.net 9 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515	255 KB
8	gstatic.com fonts.gstatic.com www.gstatic.com	100 KB
8	evolus.vn pencil.evolus.vn	240 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	5 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	87 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	4 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	319 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	4 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189	21 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
2	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1299	326 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 491	400 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	82 KB
208	17

	Domain	Requested by
41	pagead2.googlesyndication.com	pencil.evolus.vn pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
40	s0.2mdn.net	pencil.evolus.vn s0.2mdn.net
25	tpc.googlesyndication.com	googleads.g.doubleclick.net pencil.evolus.vn tpc.googlesyndication.com pagead2.googlesyndication.com
23	dt.adsafeprotected.com	googleads.g.doubleclick.net
15	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net pencil.evolus.vn
10	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net
8	pencil.evolus.vn	pencil.evolus.vn
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	www.gstatic.com	googleads.g.doubleclick.net
6	static.adsafeprotected.com	googleads.g.doubleclick.net
6	cdnjs.cloudflare.com	s0.2mdn.net
6	googleads4.g.doubleclick.net	pencil.evolus.vn
6	fw.adsafeprotected.com	3 redirects pencil.evolus.vn
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net pencil.evolus.vn
4	fonts.googleapis.com	pencil.evolus.vn googleads.g.doubleclick.net
2	www.googleadservices.com	pencil.evolus.vn
2	www.google.com	1 redirects tpc.googlesyndication.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	www.google-analytics.com	pencil.evolus.vn www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	www.google-analytics.com
208	24

This site contains links to these domains. Also see Links.

Domain
github.com
evolus.vn

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
teads.tv R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 27 frames:

Primary Page: http://pencil.evolus.vn/
Frame ID: 1CB7EAA7D704A57EA9B0A5EAC9DF5EC6
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
Frame ID: 235F061F33E0B6BB3C51FF02117B5855
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&adk=1812271804&adf=3025194257&lmt=1701975254&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x1080_l%7C308x1080_r&format=0x0&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&dt=1701975254084&bpp=1&bdt=351&idt=183&shv=r20231205&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_slotnames=9118354868&nras=1&correlator=1282805527564&frm=20&pv=1&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=189
Frame ID: 60A7168F3E35DD6082257CEDCB159026
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiN3_QBMAE&v=APEucNVYF9isRC6SqmUlYjUDb7qkaxpbTNaaUzgEfiB3Z3XBVYo3oHqXTh_CJfeEDZ9T6ZuaJlwqIhP-E9a1fwjtgOrNsSIer2oeaCYvxozHmKYgnCiDgsfVPlHTvpCIsl7bWDeuIknCcxXFZxBFXxmwj9k8GNcg8qvjrwHZq7zWYU_2rKvY43k
Frame ID: FC16C3CCF4D06A68117A66BB0F2456A1
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: FA788BAFB2DAE0D6FE7721D7E9C0BACF
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
Frame ID: 0654488B08BC870F890B892E519D75A6
Requests: 15 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 8210FC99DE84AC3D6339AA73ECAC9674
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 4E079BEA5A00925FF660D7965E5E70E1
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 61832A5B9D67DE688E079E91CBB7FCED
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: B76DA850919AE30E43F5848ED2FC58C1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: ED02D077214DA8125484FD4BC590E2FF
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWI0GAM4jobHFPOXHSchW0KytmlCJvFaRnXqdLcND6FucZVbHAOdIUw8L_7GITwDV_wTNCt2Tg1IlK3BpnfTYMpi5yqWrON5DHQUczBestFv-WlMh-_8uwERCl-5vCyRK5-Sp7AgAZyosMo9aSWBijq51pCK-QJh8eTQPdg9ryTupj6SIM
Frame ID: F113BDB31A2BD610429322D76CB4105E
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 06E75E720E93E3581CDABE4D50ECA372
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNW0mzXZJD5YXRkAnH3MRfR-u6RYsd4sfe8wi3wwxjfuouP1uAWM9obILmzCNs_Xxs7R-PHsSLcy_oXra2J7Ckk24OmqNEKSXls94b-wTJaae8BtCFV7E2Nr7YwPhaicW0-a5am0ssaH5ViJAhqbnrQNVN-IVTGD5GMD0Sbbqt8Bu7upAOw
Frame ID: 7B372B7407219A0D2ADCDE8AABE9499D
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 9CFC69CF18B5F3495313431CA69CB3C4
Requests: 28 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Frame ID: E5AE567849C4813C2C0194A3A5FA3B10
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B69885FD228244412E60D6F9831E4801
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js
Frame ID: 3B614252908C52CCE00DC72102BCBCA9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js
Frame ID: 51E55A37D710A6DD708D51F6435A0CEB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 05358D39E8CEA05B8DC68C9CA18C8406
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
Frame ID: 7A56314B559D506E846B8507F1BAE5DA
Requests: 14 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 5253144561FEB823467B69AF6C7DCE4F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 288D1884D0108FA32F532CE22A081785
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
Frame ID: AE03CE105850C12D3B15F3EDED5379D9
Requests: 14 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: BC41FECD334FE958F05468FDEFA67FB4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A92F13D77A8DC6A057FC2B3CF10489A1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 54B240ADE5CA04720514F35C2DB1C5CA
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home - Pencil Project

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Page Statistics

208
Requests

88 %
HTTPS

67 %
IPv6

17
Domains

24
Subdomains

25
IPs

4
Countries

2599 kB
Transfer

6466 kB
Size

16
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/evolus/pencil/blob/master/RELEASE/RELEASE-NOTE-311.md
Title: release notes

Search URL Search Domain Scan URL

URL: https://evolus.vn/
Title: Evolus Website

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1

Request Chain 25

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXIU17yvKiVkuGR5ON4iLgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1

Request Chain 26

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPFGqISFl7Z3qHE7PGXdlsU&google_cver=1

Request Chain 27

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA1NzUxMjQxNjcyOTY5Nzk4Mg%3D%3D

Request Chain 55

https://fw.adsafeprotected.com/rfw/st/1627455/73523875/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-3726015810391051&ias_chanId=1&ias_placementId=20492283353&bidurl=http://pencil.evolus.vn/&ias_dealId=&xsId=ABAjH0hjvYaiqQmYoQf5bCe2W4fb&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hjvYaiqQmYoQf5bCe2W4fb&adContainerId=brand_safety_1xRyZfe0Nq_H1PIPx-GpiAM&cbFunctionName=goog_wrapCb_1xRyZfe0Nq_H1PIPx-GpiAM&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=http%3A%2F%2Fpencil.evolus.vn&adsafe_type=y&adsafe_url=http%3A%2F%2Fpencil.evolus.vn%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-3726015810391051%26output%3Dhtml%26h%3D90%26slotname%3D9118354868%26adk%3D746077752%26adf%3D508246717%26pi%3Dt.ma~as.9118354868%26w%3D728%26lmt%3D1701975254%26url%3Dhttp%253A%252F%252Fpencil.evolus.vn%252F%26ea%3D0%26wgl%3D1%26dt%3D1701975253972%26bpp%3D112%26bdt%3D239%26idt%3D276%26shv%3Dr20231205%26mjsv%3Dm202312050101%26ptt%3D5%26saldr%3Dsd%26abxe%3D1%26correlator%3D1282805527564%26frm%3D20%26pv%3D2%26ga_vid%3D1112030573.1701975254%26ga_sid%3D1701975254%26ga_hid%3D1787559534%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D436%26ady%3D839%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079265%252C31079919%252C31079929%252C42532601%252C31080036%252C44807754%252C44807764%252C44808148%252C44808284%252C95320229%252C31080037%26oid%3D2%26pvsid%3D508794219439035%26tmod%3D974130621%26uas%3D0%26nvt%3D1%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D23%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26dtd%3D287&adsafe_type=d&adsafe_jsinfo=,id:e2c53f99-da34-64e9-89a5-90b2335beb7e,c:w8TmA8,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-594854db75-tqfb4,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tXMuJ2R+11*.1627455-73523875%7C111%7C112%7C113%7C12,idMap:11*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:12,oid:0507455e-9532-11ee-a1b7-3e85b90e60f4,v:19.8.463,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?xsId=ABAjH0hjvYaiqQmYoQf5bCe2W4fb&ias_xappb=&adContainerId=brand_safety_1xRyZfe0Nq_H1PIPx-GpiAM&cbFunctionName=goog_wrapCb_1xRyZfe0Nq_H1PIPx-GpiAM&true_pb=

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1

Request Chain 104

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXIU17yvKiVkuGR5ON4iLgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPFGqISFl7Z3qHE7PGXdlsU&google_cver=1

Request Chain 106

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA1NzUxMjQxNjcyOTY5Nzk4Mg%3D%3D

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHUenAJ5mBIfreQTim8ke5I&google_cver=1

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEBUSCl8i20tgFx0VOIhQsJo&google_cver=1

Request Chain 112

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 126

https://googleads.g.doubleclick.net/pagead/adview?ai=ChCUU1hRyZZjBHc6A29gPtcW30Aar04vPdOb8nfHxEYHVmv6aOhABINuqjSdgleKQgqAHoAH0___pAsgBAakCVUaomQ8hsz6oAwHIA8sEqgTRAU_QEIw7ew_hedLN8RQRuXJgu3jwqLIQPEKc5iNOTcd_-guwKhDEckvh1NuJAME5OUxLIWLSm7lj-_aX2mGIp8V0mGVJS6Fq-vP3ihoIR_v78imXYVJWWUwayFH4rxA5Qc_6AwWTm3Q7E267I0LvLx5kFIMVkAvgNbFv5AZ3zCqV-SRG7H_aZEIGajsDJ_3YSpECGuoV-SKq4uNRhnB_zoEgLrF-XCVa3aQ2tmVE7MFBBxjvEDpKRD5UF7au6iQSaWW4MkUyKYVF-dA7xasyyWr3wATYob_pvQSIBdvk5rpMkgUECAQYAZIFBAgFGASAB_T__5UBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQj9VZ0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOliqz8zz__2CA5oJSGh0dHBzOi8vd3d3Lm1zYy5jb20vZW4vbHAvc2hpcHBpbmctZnJvbS1nZXJtYW55LXRvLXR1cmtpeWU_Z2Nsc3JjPWF3LmRzJoAKAcgLAaIMHCoaChjktLEC7rWxArW4sQKsurEC5LSxAu61sQLYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItMzcyNjAxNTgxMDM5MTA1MRgA&sigh=JfmsafT5hYU&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNkhjqKmWEoy-RgtocTZM6nTY3UB_M8qMRdsZ99oUwfjwc0qthLCs9RbVInd5f0ldTyshJFSCbAhJH-kIj94VldtLFNrTLWI4rLGsYAQ&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215676825149041970782%22,%22debug_reporting%22:true,%22destination%22:%22https://msc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22759169012%22],%224%22:[%2212-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213736791924531397217%22}&andc=true

Request Chain 149

https://fw.adsafeprotected.com/rfw/st/1627455/73523888/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-3726015810391051&ias_chanId=1&ias_placementId=20492285957&bidurl=http://pencil.evolus.vn/&ias_dealId=&xsId=ABAjH0jZfQxIeP89got6oE7AcRF-&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0jZfQxIeP89got6oE7AcRF-&adContainerId=brand_safety_2BRyZeC2JLXtx_APt8K_6A0&cbFunctionName=goog_wrapCb_2BRyZeC2JLXtx_APt8K_6A0&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=http%3A%2F%2Fpencil.evolus.vn&adsafe_type=g&adsafe_url=http%3A%2F%2Fpencil.evolus.vn%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231205%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231205%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-3726015810391051%26fa%3D3%26ifi%3D4%26uci%3Da!4&adsafe_type=be&adsafe_jsinfo=,id:76459858-f7ab-e679-3d9b-03cbe66a9e77,c:w8TmKk,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-594854db75-z9s76,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tXMuJd1+111%7C112%7C113%7C114%7C12%7C1311%7C141*.1627455-73523888%7C1411%7C1412%7C1413%7C1511%7C161%7C162,idMap:141*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:13,oid:056878d1-9532-11ee-a218-be4bf26b5c73,v:19.8.463,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?xsId=ABAjH0jZfQxIeP89got6oE7AcRF-&ias_xappb=&adContainerId=brand_safety_2BRyZeC2JLXtx_APt8K_6A0&cbFunctionName=goog_wrapCb_2BRyZeC2JLXtx_APt8K_6A0&true_pb=

Request Chain 171

https://fw.adsafeprotected.com/rfw/st/1627455/73523888/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-3726015810391051&ias_chanId=1&ias_placementId=20492285957&bidurl=http://pencil.evolus.vn/&ias_dealId=&xsId=ABAjH0gsYNviXHDb4EKlRNTvyvZk&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gsYNviXHDb4EKlRNTvyvZk&adContainerId=brand_safety_2BRyZbaWKvbox_APgsqD8AY&cbFunctionName=goog_wrapCb_2BRyZbaWKvbox_APgsqD8AY&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=http%3A%2F%2Fpencil.evolus.vn&adsafe_type=g&adsafe_url=http%3A%2F%2Fpencil.evolus.vn%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231205%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231205%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-3726015810391051%26fa%3D4%26ifi%3D5%26uci%3Da!5%26btvi%3D1&adsafe_type=be&adsafe_jsinfo=,id:29d4eb7e-4535-aa0e-3d2f-2bc1c641d513,c:w8TmLx,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-594854db75-mkh8t,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tXMuJea+111%7C112%7C113%7C114%7C12%7C1311%7C1411%7C14121%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C1512%7C1513%7C161%7C162,idMap:151*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:17,oid:0578a569-9532-11ee-8882-6a990d96b3e2,v:19.8.463,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?xsId=ABAjH0gsYNviXHDb4EKlRNTvyvZk&ias_xappb=&adContainerId=brand_safety_2BRyZbaWKvbox_APgsqD8AY&cbFunctionName=goog_wrapCb_2BRyZbaWKvbox_APgsqD8AY&true_pb=

208 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
pencil.evolus.vn/ 6 KB
6 KB 1571ms
207ms Document
text/html 125.212.248.224
VIETEL-AS-AP Viet...

General

Check archive.org

Show headers Download Go to

Full URL: http://pencil.evolus.vn/
Protocol: HTTP/1.1
Server: 125.212.248.224 Ho Chi Minh City, Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software: nginx/1.6.3 /
Resource Hash: 47b97a667457b6911eb288cca7d44b0ced54aa252c2f969972b9e1b6d6d79224

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Length: 6325
Content-Type: text/html;charset=UTF-8
Date: Thu, 07 Dec 2023 18:54:13 GMT
Server: nginx/1.6.3

GET
H/1.1 200
OK css
fonts.googleapis.com/ 760 B
993 B 23ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Cantora+One

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

HTTP/1.1

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

682e23f36642df4dd836586267cce3659102851f005c9609adc786b849006832

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 18:54:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Thu, 07 Dec 2023 18:54:13 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 07 Dec 2023 18:54:13 GMT

GET
H/1.1 200
OK common.css
pencil.evolus.vn/styling/ 8 KB
8 KB 219ms
219ms Stylesheet
text/css 125.212.248.224
VIETEL-AS-AP Viet...

General

Check archive.org

Show headers Download Go to

Full URL: http://pencil.evolus.vn/styling/common.css
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/
Protocol: HTTP/1.1
Server: 125.212.248.224 Ho Chi Minh City, Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software: nginx/1.6.3 /
Resource Hash: 10638ff6755524b6693243eb4f8e72ac9b1eb7be5423fd5248ad90d2ce42d273

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 18:54:13 GMT
Last-Modified: Sat, 31 Dec 2022 15:10:32 GMT
Server: nginx/1.6.3
ETag: W/"7958-1672499432000"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7958

GET
H/1.1 200
OK home2.css
pencil.evolus.vn/styling/ 1 KB
2 KB 211ms
210ms Stylesheet
text/css 125.212.248.224
VIETEL-AS-AP Viet...

General

Check archive.org

Show headers Download Go to

Full URL: http://pencil.evolus.vn/styling/home2.css
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/
Protocol: HTTP/1.1
Server: 125.212.248.224 Ho Chi Minh City, Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software: nginx/1.6.3 /
Resource Hash: 4b16d0b1c4572bf6a6c5f75ee43b4d7fc9a9f1786d912b11b853089e3bebf240

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 18:54:13 GMT
Last-Modified: Sat, 31 Dec 2022 11:43:20 GMT
Server: nginx/1.6.3
ETag: W/"1440-1672487000000"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1440

GET
H/1.1 200
OK logo-shadow.png
pencil.evolus.vn/styling/images/ 2 KB
2 KB 493ms
281ms Image
image/png 125.212.248.224
VIETEL-AS-AP Viet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pencil.evolus.vn/styling/images/logo-shadow.png
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/
Protocol: HTTP/1.1
Server: 125.212.248.224 Ho Chi Minh City, Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software: nginx/1.6.3 /
Resource Hash: 6bfa9b09b6361590a6f2b27e80ef96719d3ada4613da35ea1f61f4260a96061f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 18:54:14 GMT
Last-Modified: Tue, 21 Mar 2017 04:40:21 GMT
Server: nginx/1.6.3
ETag: W/"1560-1490071221000"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1560

GET
H/1.1 200
OK Pencil-3.1.1-thumb.png
pencil.evolus.vn/images/ 184 KB
184 KB 482ms
274ms Image
image/png 125.212.248.224
VIETEL-AS-AP Viet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pencil.evolus.vn/images/Pencil-3.1.1-thumb.png
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/
Protocol: HTTP/1.1
Server: 125.212.248.224 Ho Chi Minh City, Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software: nginx/1.6.3 /
Resource Hash: 46381e82326020539235d725ce92f21cacaf97176792e1711f8720313bd7c526

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 18:54:14 GMT
Last-Modified: Sat, 31 Dec 2022 11:51:48 GMT
Server: nginx/1.6.3
ETag: W/"187971-1672487508000"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 187971

GET
H/1.1 200
OK show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 25 KB
11 KB 57ms
48ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

HTTP/1.1

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d9f4bbbd30ff2bd10a1dbd71bca45944cfa0d37c1ba125f347bc78b767a0fc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 18:54:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 7285610353346594755
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Timing-Allow-Origin: *
Content-Length: 10597
X-XSS-Protection: 0
Expires: Thu, 07 Dec 2023 18:54:13 GMT

GET
H/1.1 200
OK grad-bg.png
pencil.evolus.vn/styling/images/ 293 B
537 B 300ms
300ms Image
image/png 125.212.248.224
VIETEL-AS-AP Viet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pencil.evolus.vn/styling/images/grad-bg.png
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/styling/common.css
Protocol: HTTP/1.1
Server: 125.212.248.224 Ho Chi Minh City, Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software: nginx/1.6.3 /
Resource Hash: 38795da747acdd01ca77ffc22bbd54bf4141b61a64e631b8bd4979526204df6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/styling/common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 18:54:14 GMT
Last-Modified: Tue, 26 Jul 2016 11:22:50 GMT
Server: nginx/1.6.3
ETag: W/"293-1469532170000"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 293

GET
H/1.1 200
OK cloudy-bg.jpg
pencil.evolus.vn/styling/images/ 30 KB
30 KB 274ms
274ms Image
image/jpeg 125.212.248.224
VIETEL-AS-AP Viet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pencil.evolus.vn/styling/images/cloudy-bg.jpg
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/styling/common.css
Protocol: HTTP/1.1
Server: 125.212.248.224 Ho Chi Minh City, Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software: nginx/1.6.3 /
Resource Hash: c279aad751e75337d72fbe0e933070548356902f02835c87aeeaddc4187f8903

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/styling/common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 18:54:14 GMT
Last-Modified: Tue, 26 Jul 2016 11:22:50 GMT
Server: nginx/1.6.3
ETag: W/"30365-1469532170000"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30365

GET
H/1.1 200
OK footer-art.jpg
pencil.evolus.vn/styling/images/ 8 KB
8 KB 301ms
301ms Image
image/jpeg 125.212.248.224
VIETEL-AS-AP Viet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pencil.evolus.vn/styling/images/footer-art.jpg
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/styling/common.css
Protocol: HTTP/1.1
Server: 125.212.248.224 Ho Chi Minh City, Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software: nginx/1.6.3 /
Resource Hash: 8a85ce098d47416bdab2461386cd628c1c1dce5b0abb37e00484b11886ee574c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/styling/common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 18:54:14 GMT
Last-Modified: Tue, 26 Jul 2016 11:22:50 GMT
Server: nginx/1.6.3
ETag: W/"7945-1469532170000"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7945

GET
H/1.1 200
OK gyB4hws1JdgnKy56GB_JX5zabYo.woff2
fonts.gstatic.com/s/cantoraone/v19/ 25 KB
25 KB 17ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/cantoraone/v19/gyB4hws1JdgnKy56GB_JX5zabYo.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Cantora+One

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b18cbc41fec05b757879a8e64ed1db352ae59c718789782cc5cddfe26b7fa14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://pencil.evolus.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Sun, 03 Dec 2023 22:31:16 GMT
X-Content-Type-Options: nosniff
Age: 332577
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 25296
X-XSS-Protection: 0
Last-Modified: Tue, 08 Nov 2022 19:59:12 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Mon, 02 Dec 2024 22:31:16 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
51 KB 85ms
58ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1bec2801ae919931c586109ab108570f1acc488933599c7cd490c6c7aca7d5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52105
x-xss-protection: 0
server: cafe
etag: 9764863583079342609
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 37ms
11ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 07 Dec 2023 17:22:33 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5501
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 07 Dec 2023 19:22:33 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
221 B 14ms
13ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1787559534&t=pageview&_s=1&dl=http%3A%2F%2Fpencil.evolus.vn%2F&ul=en-us&de=UTF-8&dt=Home%20-%20Pencil%20Project&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=774008234&gjid=1620413512&cid=1112030573.1701975254&tid=UA-103189874-1&_gid=535636076.1701975254&_r=1&_slc=1&z=147291724

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6278db0371189e40f5fb76efc91aa24678b6ad6c4cdccb3f8d49e925e3dd6b5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://pencil.evolus.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://pencil.evolus.vn
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 230 KB
82 KB 61ms
34ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-605EH76LKC&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be4a1b0cd706863189816eced9f8c4901adb94848a1d84e17b506b30cf0f5954

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83420
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 07 Dec 2023 18:54:14 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/ 398 KB
135 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3726015810391051&plah=pencil.evolus.vn&bust=31080036

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fcc747d6dc12532a43c17505db2a633156a1a16c225d0dd94f05806bb84d1f41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137717
x-xss-protection: 0
server: cafe
etag: 199500365598268711
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:14 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 294ms
16ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-605EH76LKC&gtm=45je3bt0v9111125690&_p=1701975254037&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=1112030573.1701975254&ir=1&_eu=EBAI&_s=1&dl=http%3A%2F%2Fpencil.evolus.vn%2F&dt=Home%20-%20Pencil%20Project&sid=1701975254&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1999
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-605EH76LKC&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:14 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://pencil.evolus.vn
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 235F 22 KB
10 KB 1513ms
1489ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3726015810391051&plah=pencil.evolus.vn&bust=31080036

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d750f2559883b02c6aca9cd6cf16d07b50c73032fb7dbbddac3d3c499747ebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pencil.evolus.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10065
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 18:54:15 GMT
expires: Thu, 07 Dec 2023 18:54:15 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 60A7 434 KB
102 KB 1849ms
1838ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&adk=1812271804&adf=3025194257&lmt=1701975254&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x1080_l%7C308x1080_r&format=0x0&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&dt=1701975254084&bpp=1&bdt=351&idt=183&shv=r20231205&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_slotnames=9118354868&nras=1&correlator=1282805527564&frm=20&pv=1&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=189

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f68795b23883694cae517d536a7e782a760cf045638fa6b5540ac912f819b230

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pencil.evolus.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 104570
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 18:54:16 GMT
expires: Thu, 07 Dec 2023 18:54:16 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 235F 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AjlbP5UFTfFm2mjAXHWld3Q1pEz9xajn7yJ6lSc0vSiW4ytM8BcDGFISL6CAf6etpvTEx0Qxu7xdWDLv4Rml59iVZgqgcBHK1dvu2sYkfKnP9SmEI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 235F 89 KB
31 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:15 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 235F 3 KB
1 KB 24ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 12:17:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23833
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 12:17:02 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 235F 20 KB
9 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11593
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:41:02 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 235F 202 KB
64 KB 67ms
44ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:15 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FC16 624 B
508 B 55ms
54ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiN3_QBMAE&v=APEucNVYF9isRC6SqmUlYjUDb7qkaxpbTNaaUzgEfiB3Z3XBVYo3oHqXTh_CJfeEDZ9T6ZuaJlwqIhP-E9a1fwjtgOrNsSIer2oeaCYvxozHmKYgnCiDgsfVPlHTvpCIsl7bWDeuIknCcxXFZxBFXxmwj9k8GNcg8qvjrwHZq7zWYU_2rKvY43k

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 18:54:15 GMT
expires: Thu, 07 Dec 2023 18:54:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame FC16
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1

43 B
352 B

23ms
22ms

Image
image/gif

2606:4700:4400::ac40:9765
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiN3_QBMAE&v=APEucNVYF9isRC6SqmUlYjUDb7qkaxpbTNaaUzgEfiB3Z3XBVYo3oHqXTh_CJfeEDZ9T6ZuaJlwqIhP-E9a1fwjtgOrNsSIer2oeaCYvxozHmKYgnCiDgsfVPlHTvpCIsl7bWDeuIknCcxXFZxBFXxmwj9k8GNcg8qvjrwHZq7zWYU_2rKvY43k
Protocol: H2
Server: 2606:4700:4400::ac40:9765 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9g13ATU6rQ2Wpmv1lKtxbIVARTV7xtH0OTogufG2PrtJ1X3Qsx7%2BMY%2F4NGWTFxSxniGnx%2FH7hXtB6adw0CpZN0AElKKR6YT%2Bi7JY963FqN%2BYC9AXZfz6izhc7Q4UJf0Br1Ucv1nLDApllV9ZQoBU9hphhxuTHg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831ef9e56ad23645-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame FC16
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXIU17yvKiVkuGR5ON4iLgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1

43 B
786 B

33ms
33ms

Image
image/gif

2606:4700:4400::ac40:9765
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiN3_QBMAE&v=APEucNVYF9isRC6SqmUlYjUDb7qkaxpbTNaaUzgEfiB3Z3XBVYo3oHqXTh_CJfeEDZ9T6ZuaJlwqIhP-E9a1fwjtgOrNsSIer2oeaCYvxozHmKYgnCiDgsfVPlHTvpCIsl7bWDeuIknCcxXFZxBFXxmwj9k8GNcg8qvjrwHZq7zWYU_2rKvY43k
Protocol: H3
Server: 2606:4700:4400::ac40:9765 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJjSQT6tzeLIRXO%2BZw558zmublrquWz8%2F5xU53w0uLXpOuE3NzlpAQFYtHxZBzBdf%2BcFeA09GwIFvyL6Z9qko9YdlVSsykx3XVoayopN7%2Fab2wQgIPfCihqocYLLYT7YI069DO6pOZWMWzy3vgcOd4Tx%2FXaeSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831ef9e598c39a11-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame FC16
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPFGqISFl7Z3qHE7PGXdlsU&google_cver=1

43 B
843 B

19ms
19ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPFGqISFl7Z3qHE7PGXdlsU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiN3_QBMAE&v=APEucNVYF9isRC6SqmUlYjUDb7qkaxpbTNaaUzgEfiB3Z3XBVYo3oHqXTh_CJfeEDZ9T6ZuaJlwqIhP-E9a1fwjtgOrNsSIer2oeaCYvxozHmKYgnCiDgsfVPlHTvpCIsl7bWDeuIknCcxXFZxBFXxmwj9k8GNcg8qvjrwHZq7zWYU_2rKvY43k

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
an-x-request-uuid: 69dc9a8a-bb3d-47c0-b4e0-e57415c881c7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.133; 138.199.38.133; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPFGqISFl7Z3qHE7PGXdlsU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FC16
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA1NzUxMjQxNjcyOTY5Nzk4Mg%3D%3D

170 B
243 B

16ms
16ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA1NzUxMjQxNjcyOTY5Nzk4Mg%3D%3D

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
an-x-request-uuid: 5557e290-29fb-4a75-91c9-466563850086
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA1NzUxMjQxNjcyOTY5Nzk4Mg%3D%3D
x-proxy-origin: 138.199.38.133; 138.199.38.133; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 235F 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2718170832160&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 235F 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2718170832160&version=m202309260101&ct=76&x=1&cor=16134307524362535000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 235F 110 KB
41 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CIydp7hIfxEA7xppy_aRWwV5K2X-3i0asvJMm-YsNj8lhOLCOQpFf5Z5b5scHwZJMwab3BpoMuromZ3lzMrstgxvQlaH_WpVdipRvlJSEECeYuOxFliccQC8m20SCXuhP3GIEk6N0e3Lg0t6jvp6obnG56upYHdPbT1xjrYNxs0N_Qkh4&dbm_d=AKAmf-B3f2Cvyx8sS6JKaLCh4htgTctk5yDY7JpOP5qd49nvei2OwRgxpl_1yybno6Z1fIIBPrBIawILWijbrpIbHeo5veEWvrKnCY6up43GPY4rFRUvxOnxcA6LL3MHV7WyBfDVNd4M75VHIlLNOeIza8aILINefTgiZKAywcMpKKdCRjaHlYAsLb2fJFG7yOwagFuy4AZG_yqTKfFwvblZpZQJsPFRdqL2Jg8dYNRcu4r6TObV2pQhFP20y5Fm25UJjGOfY8304pCNZbDJV_cjsWQDe42QPcHddqwS_6_SzJiOZM6uaSmFZxtkvOXmpHVy4ALRCM7KGpEVHusIl35nzvOzg85U3xE6-kVOvsAbNBdAo6htpuS7TV0gyj_MKfxAs6aN5NND4rZNeUKjkUkywDET20P1cYJ-mcVuLrnKeNBigdWRMYIDyUpzYKyXuP4zm2Zva098GCNWgAhagBUH0OJAYiCnlJMXwTmlB8PUBY37bQdylFzl6F8T8orgEvQbHEElgxhEK5oNKfqvGWWi90GiDH3G7A55wlnYLYZBNpcfR91kJB-zZlDg5udgvWpCtUd_zU_E4W1cKmteOu8eyHWCyT4UnOnx_wtBAENJJYAmcUR0kGkrSgYc6zp6k_UHxwzFreRTeXuINFcE_-d2wutSW4cyw6v0nxMEbh_hSRoANBdCclSziRRZTfnhSWG4Vt-Kx_gt8lxAv7FZOjlqZSJXOD6hhn-DXvbrHv79Pd877TMtgvkWNjAldsUePPYqC_WZOCSqd2fA1LAcmcrnBt3Gdk3NLelSzUt50FvgYZPnKgIsA4vT1A75fnwIvH-GMUZwwlkCGoejO4fLPttwG-qMYleS1F_hyZWneCCgQFBLHsZY5pbQBKcYz8oEsPrhDtURiUKCOtetXyE6LQWfD_XybJcs8e2dnFsf5wFSUU90EKGNOMNV5qIXwzzywKdf-oDLdI5m_vmcFE4i33LnjvuxDTJ_78LlEolTnaKV1tAXuTvym4vsogW9-zKzgvBVfp-DBtV-5Hj1MQ3_tHTsMCrBkxn4-DOf2ymBfgX5HWPhPLm_GsnC9Q3ZwUTAxlPpSl-4KdCMQG1sjPHMNCjX0do6QfWtD8OrUrQL2nzvafDKx26mGCJ2pJOwR-kiLnDyhEoByI3zqNBHl2uMcZ40hdah3tDA-UWBhKwS4CSgZ7gQiwkDxEiAplwOdnF4rMLtMeSSQjM2u7ET1EsjLT3zu5ySRedR4qyaK4rF8pt4mKz7Pmj97iB5oAsYdKE4wzZI7S1sfWLgBCTyTstR-wlYi26NnWFpnHR1cLSHvPvi3ciNc7m6LxbfPqie85zCrGgDG8rrdRN1Rbj15tOcc61EYjLbZOIPIqPy_3OCIUPoBwgmteuuTVQeRgNFpSEowR4Rio9f3JOppd_lOXs7_jRTJVR2sCazVhb1wQDBYDcywjCOUjJL6_Y72RydZtznWzU95g26NGOEG99hPCaHJUA3wLQ07NuIWljebLnS9RANmAEoNOT8-qPYuidV1AsAjB4gm-4P-u0l_cayMCbVGKvA1ddNDfKTUUmEnktr-vW_oav3BZlA5ntLMTGCQ9rGdHZKyf_9bFaDw3p1bgSaWlmqFJXhZkc5yh_4q1viRDl4AoQSrCFxGXRKEp_ZUocwkQJgbpfi3mKsEptsM2t2uiV5UdimsOMPXY-ehroc0ckITlS2KcSWHimY2zvP_1LBj7cDK7BD04t4nIWLs55qYNFvQMkoJfTpCzWPIRgutCFFiajSo3hP6cvibreXGaj2Qg0QgubjlJVcJJaTCpAJoUE3xDjI9jvI5KKVFanjV3VfOgUwDTg5Ty0w4tEajdOhIGRl5PHSNKc8oOhdtRc320MKXPTFJCCGMLeL065_uZmQbtSManjhKcEHSDmubzkCafwA-f45RsK2Q7IkH5QVJ7lg6xsXEaYsaq1Fvevz7nQL2PstL116ysxsi1WGha_4u3w_1Jxc0CarNLnvAybV2_NnnylmilyDKnACBd8rjX2aBIWAI5p-x3ALl4W43g-OjcITFJcykbIhBiP2devUovnetOZywtnFtrbczA3ZQK-x4m_Pqbm4T2YKpVKt_NulvAyQA1FHZxF9kUUUPztAB3TXzXBVdb63WMKIKPYGp8oPXjoXZfIGf6t9RC3wqL4kjhVn5Ve3oa06yA5UmHkDst9xa5fkYaX82CRFXSmp-aRgjf9yKMKL74yOQQ61Isrj-1rpO4rcSxC6baQCZFoeMl_tKbStxWrNx6YBc5sdgikxgkPP0DdA41fNCmEU2aw6v9V-4ax9nsl3Z1s0OCeYPuyK5i8lEoUf4qyGY_7DvdjAujsVH-wNq4ILM4L3vdm4BEnuAUOZkgiFCLLeVXaWseAhA4rz64F9k_BLBqcuqWhqxxHbmyRJq_7A-NoWTDG9F_QX5FrL_sK01qccSR21RGwRHLz_Xmk3F9omiIWLORgC5GVW9wNoII1JNAzNZnbzvRXrefXXYmvgwziRoEKWhWHDpIgDlocg6VrrWE8abikUfynOUFe5yMROoAc5qniDvelypCJxudYcmE5PpdLoe7ulbDBj0xSWwkzIwJ1ymnzV_my-xO6mX-soYFfLFrwSRaVz9Rltqzn8Gwdl7fGkoj2pwdk-xVB9pPu1dt4o1pVpBjK1_NvuGqX1mY82TtFfKN0xcMx57IeTd62k8ScU2nA8QbseZXQH1a36k7Gl2MeCgpz5TrtBxojPveW42tTrIsnfn6F2Lh3MzUAE_g50vEAbrp480jJ_8N6MfKbwhs6DuHsbwjT7HY4Sl3UDKkkyOR0y0U9FqX-hTC_jMuV0sYn4daJB61YaAqPWzjEb9rdkngRTVJnP2n8KXxw89hKseyc9kHgQLvIvMeK7E3RlWnWhx9w7qxRr3ALf2MAwpvDD3i6vy5uk7xlvjS0pI7u6FHvMvpvDsOMfjRzH-zP88lsG7NB6lkMPZ7YAoRp9QaB7ZiFtNtXV7vDgXuIDrAPRZiEDSak5y_9e2xr42qCP9NAe0pOI1dfVgKfVf4G5J-OVs8tLpgcOUwd1qpoMbJXbaeRbp3S4G6uQV0sRMxbGZ8A1kD1ZjmYmnZ-M_wRJdegPz2bywndooWKuumUP9B5PRrg79Omo1nVtuhmFuA6S3VoPUof5l4-V9XWaeKtLTwLU-fJpOmOhTpMlcyTri_5w06FzAbKgceSLWBoHaLysLudbqyo4sgAvL_rU0L4WnaZbmYpn9pQ-bcjnjHEWJ3LmxxjqzO0_vt6VWvx1TMwnlzvEWbeOKPTQC0uUb5d1DkfzBS9_kyXNBqf8W1oXETy9sAX38lgqPRg8KYyEthwGq1NFRnOWTkOqv_ggihirXt8Zx8SbTHEB44WAAmVg432w2cuXAB73WnRy5bW5aDmjBUgOMk4PKpfOQDEyS0aQuyzVJz0FhzEFy674Q0x7py_goYzETp4kag06f7ipJdjG_UamxmPfgx1GFj0qGyU1yP64MhK2ATEm3EsYNgmhiZtOBzrV3B8GdfSGobPjExfqrEj7Vm3ltJd_Bec1OW4S-Hp7Z0_elhk74yZsXPN-qARQssUhz66Zx59tSMxCkV9P2FJ6_BamRyrMDg&cid=CAQSTgDICaaNBgn25nXoUdqtm064VVlfwF8ZDt3-b_2S_UarBOnVnMoLk0W1wFQX5Qi0eFbZJCk0heS9_nyhIxshHLXdcSpVIIjhmAcx8YzNGRgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fpencil.evolus.vn%2F&ds=l&xdt=1&iif=1&cor=16134307524362535000&adk=3476589349&idt=79&cac=0&dtd=15

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8493e17a645ccf4239ec0ec24c878ce9d25b62e27361a364ad9f5ddc9da1d6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42292
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523875/ Frame 235F 255 KB
77 KB 117ms
40ms Script
application/javascript 99.81.22.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523875/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-3726015810391051&ias_chanId=1&ias_placementId=20492283353&bidurl=http://pencil.evolus.vn/&ias_dealId=&xsId=ABAjH0hjvYaiqQmYoQf5bCe2W4fb&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hjvYaiqQmYoQf5bCe2W4fb
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.22.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-22-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b36a214a8891ae5c72ecf65fd51eb22104c319f68c981d05244c045544dccf20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 235F 111 KB
39 KB 55ms
8ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:51:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82969
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:51:26 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/ Frame 235F 11 KB
4 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CIydp7hIfxEA7xppy_aRWwV5K2X-3i0asvJMm-YsNj8lhOLCOQpFf5Z5b5scHwZJMwab3BpoMuromZ3lzMrstgxvQlaH_WpVdipRvlJSEECeYuOxFliccQC8m20SCXuhP3GIEk6N0e3Lg0t6jvp6obnG56upYHdPbT1xjrYNxs0N_Qkh4&dbm_d=AKAmf-B3f2Cvyx8sS6JKaLCh4htgTctk5yDY7JpOP5qd49nvei2OwRgxpl_1yybno6Z1fIIBPrBIawILWijbrpIbHeo5veEWvrKnCY6up43GPY4rFRUvxOnxcA6LL3MHV7WyBfDVNd4M75VHIlLNOeIza8aILINefTgiZKAywcMpKKdCRjaHlYAsLb2fJFG7yOwagFuy4AZG_yqTKfFwvblZpZQJsPFRdqL2Jg8dYNRcu4r6TObV2pQhFP20y5Fm25UJjGOfY8304pCNZbDJV_cjsWQDe42QPcHddqwS_6_SzJiOZM6uaSmFZxtkvOXmpHVy4ALRCM7KGpEVHusIl35nzvOzg85U3xE6-kVOvsAbNBdAo6htpuS7TV0gyj_MKfxAs6aN5NND4rZNeUKjkUkywDET20P1cYJ-mcVuLrnKeNBigdWRMYIDyUpzYKyXuP4zm2Zva098GCNWgAhagBUH0OJAYiCnlJMXwTmlB8PUBY37bQdylFzl6F8T8orgEvQbHEElgxhEK5oNKfqvGWWi90GiDH3G7A55wlnYLYZBNpcfR91kJB-zZlDg5udgvWpCtUd_zU_E4W1cKmteOu8eyHWCyT4UnOnx_wtBAENJJYAmcUR0kGkrSgYc6zp6k_UHxwzFreRTeXuINFcE_-d2wutSW4cyw6v0nxMEbh_hSRoANBdCclSziRRZTfnhSWG4Vt-Kx_gt8lxAv7FZOjlqZSJXOD6hhn-DXvbrHv79Pd877TMtgvkWNjAldsUePPYqC_WZOCSqd2fA1LAcmcrnBt3Gdk3NLelSzUt50FvgYZPnKgIsA4vT1A75fnwIvH-GMUZwwlkCGoejO4fLPttwG-qMYleS1F_hyZWneCCgQFBLHsZY5pbQBKcYz8oEsPrhDtURiUKCOtetXyE6LQWfD_XybJcs8e2dnFsf5wFSUU90EKGNOMNV5qIXwzzywKdf-oDLdI5m_vmcFE4i33LnjvuxDTJ_78LlEolTnaKV1tAXuTvym4vsogW9-zKzgvBVfp-DBtV-5Hj1MQ3_tHTsMCrBkxn4-DOf2ymBfgX5HWPhPLm_GsnC9Q3ZwUTAxlPpSl-4KdCMQG1sjPHMNCjX0do6QfWtD8OrUrQL2nzvafDKx26mGCJ2pJOwR-kiLnDyhEoByI3zqNBHl2uMcZ40hdah3tDA-UWBhKwS4CSgZ7gQiwkDxEiAplwOdnF4rMLtMeSSQjM2u7ET1EsjLT3zu5ySRedR4qyaK4rF8pt4mKz7Pmj97iB5oAsYdKE4wzZI7S1sfWLgBCTyTstR-wlYi26NnWFpnHR1cLSHvPvi3ciNc7m6LxbfPqie85zCrGgDG8rrdRN1Rbj15tOcc61EYjLbZOIPIqPy_3OCIUPoBwgmteuuTVQeRgNFpSEowR4Rio9f3JOppd_lOXs7_jRTJVR2sCazVhb1wQDBYDcywjCOUjJL6_Y72RydZtznWzU95g26NGOEG99hPCaHJUA3wLQ07NuIWljebLnS9RANmAEoNOT8-qPYuidV1AsAjB4gm-4P-u0l_cayMCbVGKvA1ddNDfKTUUmEnktr-vW_oav3BZlA5ntLMTGCQ9rGdHZKyf_9bFaDw3p1bgSaWlmqFJXhZkc5yh_4q1viRDl4AoQSrCFxGXRKEp_ZUocwkQJgbpfi3mKsEptsM2t2uiV5UdimsOMPXY-ehroc0ckITlS2KcSWHimY2zvP_1LBj7cDK7BD04t4nIWLs55qYNFvQMkoJfTpCzWPIRgutCFFiajSo3hP6cvibreXGaj2Qg0QgubjlJVcJJaTCpAJoUE3xDjI9jvI5KKVFanjV3VfOgUwDTg5Ty0w4tEajdOhIGRl5PHSNKc8oOhdtRc320MKXPTFJCCGMLeL065_uZmQbtSManjhKcEHSDmubzkCafwA-f45RsK2Q7IkH5QVJ7lg6xsXEaYsaq1Fvevz7nQL2PstL116ysxsi1WGha_4u3w_1Jxc0CarNLnvAybV2_NnnylmilyDKnACBd8rjX2aBIWAI5p-x3ALl4W43g-OjcITFJcykbIhBiP2devUovnetOZywtnFtrbczA3ZQK-x4m_Pqbm4T2YKpVKt_NulvAyQA1FHZxF9kUUUPztAB3TXzXBVdb63WMKIKPYGp8oPXjoXZfIGf6t9RC3wqL4kjhVn5Ve3oa06yA5UmHkDst9xa5fkYaX82CRFXSmp-aRgjf9yKMKL74yOQQ61Isrj-1rpO4rcSxC6baQCZFoeMl_tKbStxWrNx6YBc5sdgikxgkPP0DdA41fNCmEU2aw6v9V-4ax9nsl3Z1s0OCeYPuyK5i8lEoUf4qyGY_7DvdjAujsVH-wNq4ILM4L3vdm4BEnuAUOZkgiFCLLeVXaWseAhA4rz64F9k_BLBqcuqWhqxxHbmyRJq_7A-NoWTDG9F_QX5FrL_sK01qccSR21RGwRHLz_Xmk3F9omiIWLORgC5GVW9wNoII1JNAzNZnbzvRXrefXXYmvgwziRoEKWhWHDpIgDlocg6VrrWE8abikUfynOUFe5yMROoAc5qniDvelypCJxudYcmE5PpdLoe7ulbDBj0xSWwkzIwJ1ymnzV_my-xO6mX-soYFfLFrwSRaVz9Rltqzn8Gwdl7fGkoj2pwdk-xVB9pPu1dt4o1pVpBjK1_NvuGqX1mY82TtFfKN0xcMx57IeTd62k8ScU2nA8QbseZXQH1a36k7Gl2MeCgpz5TrtBxojPveW42tTrIsnfn6F2Lh3MzUAE_g50vEAbrp480jJ_8N6MfKbwhs6DuHsbwjT7HY4Sl3UDKkkyOR0y0U9FqX-hTC_jMuV0sYn4daJB61YaAqPWzjEb9rdkngRTVJnP2n8KXxw89hKseyc9kHgQLvIvMeK7E3RlWnWhx9w7qxRr3ALf2MAwpvDD3i6vy5uk7xlvjS0pI7u6FHvMvpvDsOMfjRzH-zP88lsG7NB6lkMPZ7YAoRp9QaB7ZiFtNtXV7vDgXuIDrAPRZiEDSak5y_9e2xr42qCP9NAe0pOI1dfVgKfVf4G5J-OVs8tLpgcOUwd1qpoMbJXbaeRbp3S4G6uQV0sRMxbGZ8A1kD1ZjmYmnZ-M_wRJdegPz2bywndooWKuumUP9B5PRrg79Omo1nVtuhmFuA6S3VoPUof5l4-V9XWaeKtLTwLU-fJpOmOhTpMlcyTri_5w06FzAbKgceSLWBoHaLysLudbqyo4sgAvL_rU0L4WnaZbmYpn9pQ-bcjnjHEWJ3LmxxjqzO0_vt6VWvx1TMwnlzvEWbeOKPTQC0uUb5d1DkfzBS9_kyXNBqf8W1oXETy9sAX38lgqPRg8KYyEthwGq1NFRnOWTkOqv_ggihirXt8Zx8SbTHEB44WAAmVg432w2cuXAB73WnRy5bW5aDmjBUgOMk4PKpfOQDEyS0aQuyzVJz0FhzEFy674Q0x7py_goYzETp4kag06f7ipJdjG_UamxmPfgx1GFj0qGyU1yP64MhK2ATEm3EsYNgmhiZtOBzrV3B8GdfSGobPjExfqrEj7Vm3ltJd_Bec1OW4S-Hp7Z0_elhk74yZsXPN-qARQssUhz66Zx59tSMxCkV9P2FJ6_BamRyrMDg&cid=CAQSTgDICaaNBgn25nXoUdqtm064VVlfwF8ZDt3-b_2S_UarBOnVnMoLk0W1wFQX5Qi0eFbZJCk0heS9_nyhIxshHLXdcSpVIIjhmAcx8YzNGRgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fpencil.evolus.vn%2F&ds=l&xdt=1&iif=1&cor=16134307524362535000&adk=3476589349&idt=79&cac=0&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:50:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11034
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:50:21 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/ Frame 235F 31 KB
12 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:54:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10780
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11943
x-xss-protection: 0
server: cafe
etag: 4141415479739543000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:54:35 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 235F 41 KB
14 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 521347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

GET
DATA 200
OK truncated
/ Frame 235F 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97c6b43afd945d3ef00fe347b2518af5cb40c6c19b2cca025cf1aff2e5881caa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame FA78 38 KB
13 KB 8ms
8ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 207771
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 09:11:25 GMT
expires: Wed, 04 Dec 2024 09:11:25 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/1064608057035189096/ Frame 0654 6 KB
2 KB 50ms
16ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3477a72ef1db732762ffb13ba55d7df867b64c2abf5f88a1fdff29e6dbe374d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 245351
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1879
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 22:45:05 GMT
expires: Tue, 03 Dec 2024 22:45:05 GMT
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 235F 0
0 157ms
64ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsurfnUchiK7tPeywLD4mQmn1ueQKXu8WoBnoJ34qMlF77DyRky90dsvcpTGEyOcUGgPKEO3FLn8WPVX0mS7n-3oOkB90NcaDt_Wi_M5NoP82cOCywQbFPW5wvDNWdpszEbp4HwgkQ1XBQVHMqrGAyfq9CiJAcYbnQ8N0omPwipbBy1Vj5eI39wOL8Zht72fhuapXoA78Z8dyPjBbFQLKGCfaDTMVJAA13F2XYvH6Rpn3cQMT5u8ZjyhRglaoER9h_nFwb9k4BBdMZ8DUXLmJUgk6Mn0yxz9Tb1Zlg3m9YopcEkh-dl-zWG50YLg4sqTtDC39Ct6Oigq3mVMuL0WCc-hVII1XSP0pe5DCHw6PyFZbwb7E3A0BPhi9g14mJNGjaJSjJyxnyG7v3nRqzYUo8rG0CLuwIHoBQ255w6wWqD6HOKkup0-E31JHB2jmnoWVRpNLNURgBD0_2DA5Kt_kyVYWqXsdgdriy3QJVp0B2C33VDKJBXiQs8143vexn0VGw_RRzKB4rNbGjTSYekBuP65tgD6Hqzzxl5cfe9s1fV3C1JFtoiZRjNpNqeO8TTlULMpy9iyGgvaPD-oakk9F5xh1UBa3NgECDz94axweTeDhK9C-cT7L5wL_WhYVPEQCiYHtvNf-9GvVNRQbQ6jWUVu1vr53TqbQwhSjVh9o_rZoFLjrckOfj7wRgU5AONveIRJdYY9PSDAVYUf2a687G6OgxaixbN34SfKo-T8WRNhOEu6C-i7Z4sQf0z9DNEZ5XG4kA5sUf6Qdd8yIsULEYCj50r6WYDJmdpODzkosRBhRhhoqUVMLk3NGeor_Xo2RuEczkd3Z4xi76Te61V9-nefcXCPz3-W8U8F8OXXI-FQQoLyxixtNsRwgOOejV4aQkANMfgltARDRvDXlLqdXi-Llu-UIlWAa0oX5JQYlhPVl6caYu9j2wK_CihimGoCb1bXeCOXtyj-G_38gQRB6ulfCfCrrjFSbwtqHXWC-mrTzXN5nQn0fgrA2ZmyO6P4A5s9LxiRv_JBTfmZBDXt_Hhp42vuTJw21MoRZxkIsW1WphE7qa9tQdq-lzKSZVPOi4RKZllfLrH_1dLPfNOmbYFmqd3gi5u4o2NdbG0lui9UUvywjfwWDDHa9fECe6mqUZKG5qwH5MUqNVem6kU5_j21ohtLuv_Vx0If_8j41cNz66zhqmOgBnfd0IZ5z3bRaekublCwj5j5n5mgCSSEAP5bwVWmxL6-Ag9mkA_GPzkD_q51PGCtpGkNYSv7Ka8OOZyHrUn3r1-_6XU-utRp3waPRt_Hf2UU03n1QOlVoOH8hQsUwpg&sai=AMfl-YQ5ozoF4BUZhC1WUawrn7m36eZMGTc5D3RruYX7NQ6dBFkNiaDho-VBNY2gXTjNMmkJdxCtvBM-JhbNJt5cvf-jR4_7DyEKoDYYs8rPear7HinK_MiNC9YApcR-LAg_VgmhLT1j-nGxyEiQ9mSMN7Gf16JSu_YZ2TE8sTOqnybsGtAAl14tVb2H1MPAvPtip2HUkMR27mzdXdbNnx1o-qh2O1VQB-2VQVmMQq2GgIHiE6QW-ytdy-a0iti5WvlNbv7hL_tpAee9Gej4qBn1S0SbdptgLWZ8oqlcTQ&sig=Cg0ArKJSzClS_7O9QqbjEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=75&cbvp=1&cstd=74&cisv=r20231205.94428&arae=0&ftch=1&adurl=

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame FA78 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:17:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 13:17:21 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/1064608057035189096/css/ Frame 0654 6 KB
2 KB 26ms
25ms Stylesheet
text/css 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2b61e64a17f1488f20bafee5aa20a8d8ec897b990f709634f5bd1cc620e6b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 12:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 367136
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2000
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 02 Dec 2024 12:55:20 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 0654 70 KB
25 KB 66ms
21ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 653259
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sbGKBavYDaNafygXr00izUtd4oFsDkm%2BbePf%2BUcEH8i89tM2nXjetabRqTCk8btmcanj7PwWPgWSRn2S443PNnqP4QAtiHGXne%2Be1OyNvOAJNQluZXUGiShzCIOlG4Zmj3BGa%2B7LbMAKuqS6luZmEJiS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 831ef9e6c84e37ce-FRA
expires: Tue, 26 Nov 2024 18:54:16 GMT

GET
H2 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 0654 7 KB
4 KB 68ms
24ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 819313
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EplpFRR7WVWUujnik0HrondoG0IiSN1qf4hd%2Bx0kdeyUpozU9%2BEVaaU6fAYQP53JCH%2B%2Frt5juAosgQxHZF8CRHI4L3gmdV250I1Wn9jZdGdt7F7yJ%2FfeQjLLOc7kEu37o89VPWctMmjllXXOXjTQyn5L"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 831ef9e6c84d37ce-FRA
expires: Tue, 26 Nov 2024 18:54:16 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 2 KB
1 KB 27ms
26ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84084
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Dec 2024 19:32:52 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 2 KB
800 B 28ms
28ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:16:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 272266
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 15:16:30 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 429 B
349 B 20ms
20ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ace6c1d1cccc4686d29e81c0821be209d2e2d8b7ba44ee24649a698a5230f6ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 13:53:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190850
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 320
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 13:53:26 GMT

GET
H3 200 dyson-v15s-submarine.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 25 KB
8 KB 20ms
20ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/dyson-v15s-submarine.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69e1767c60e702480b7a4604f7a71a344e3e03caa6e21f6a352a9f63908dc500

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 12:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 367136
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8356
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 02 Dec 2024 12:55:20 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 33 KB
33 KB 17ms
17ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

539cc993691ac34295a0b8e0b720aa3db63a2e80c78d49e1c4c4132bb4a5dc09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 02:04:14 GMT
x-content-type-options: nosniff
age: 233402
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33567
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 02:04:14 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 33 KB
33 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8833293f6762feb57c976e996042e2dcf201b282c034504008e2bf0a98dd3527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 17:17:43 GMT
x-content-type-options: nosniff
age: 178593
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33601
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 17:17:43 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 25 KB
25 KB 24ms
24ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e3479d14727cf6b6581add352dad3c9fb8a89b1586d49dc0e606249e7abe437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:45:40 GMT
x-content-type-options: nosniff
age: 245316
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25911
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 22:45:40 GMT

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 9 KB
9 KB 25ms
25ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f430ad6611692180cc5bfba88afb989ac5cde063c2e929a28026be4c2c3e9f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:45:15 GMT
x-content-type-options: nosniff
age: 83341
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8971
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Dec 2024 19:45:15 GMT

GET
H3 200 5-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 12 KB
12 KB 27ms
26ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/5-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d60255211b63ebd7ab57221ffe52ae073eab1c1c3a93c48df42b224e7f7c527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:45:15 GMT
x-content-type-options: nosniff
age: 83341
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12054
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Dec 2024 19:45:15 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/1064608057035189096/script/ Frame 0654 4 KB
959 B 25ms
25ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc757f9ba6603eb9913106a4cd83c7a7c0a8a4f845a0aceb1103606bc324ad00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 23:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243019
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 930
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 23:23:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA78 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BDHvP1xRyZfe0Nq_H1PIPx-GpiAMAAAAAOAHgBAI&bg=!NzSlNHvNAAY3kmNgF5I7ADQBe5WfOPu1mHUMZ5OkypPfT62okre0kALpndaAOA2-kbKpqPxsljYujJQf9kjBVRsMryXaAgAAACpSAAAAAmgBB5kDG3OcnUAcuGEOMVwlP13z4pbJQt7iGSOeJ2BVwygMz96Pn52ya1vpGEQwpw5jaZSpCz75Aol80-yIWUvjyvNoc2dF2XwkGuR5pHsroqtFKbu-Rj4d-tK9NnRqprY5_oIbfjG218nWOSRg6RWvuoyqumZVL0_NWi1pVVOtPkUKOGvzVUhkSrrGZ3o67cpWl1ykg_K0upAzbqv2nNSzoG-zszBqFXCA5v0yIig74My6NjnAbyvFlPBT5MZ9lXeokvdixzv32hnBoxLR8oE1-hfdCA1KRL34En3lWMUVnlhwld3p_X1qxrN4EbC5tgbQj1ZRG0872tciA8dTcCAVch-9zCk7FYlsEorYr2W8oAATLFGdwtNQjwCeUNwXPjmgAg1vVeo5vh3ZLKW7j_pIeDAm7GVYFwSNYoDiSxJsPMuEV8EEqFy4g9lBOQZmu4bNPY6I6JkW7Lm_F9KvXuTSlCCpGJs7org4p-hI8cl6qToZbZNdy60b0eIvWCI5tyyk6fKl48Aarwraw4M5DsJ4o1szD25N9TRXwiK-VNySfWtfaeth9pCXmiC-QBD2DrBr-D5MugpsqJ4EAOi7KxV597WFZDkzRheP0-ZU6NboE50IAWkvJoL-A62lciIs1NdjfXHyyr_ETyXMtGWxRf6zO3N3YAJLsgum3wUmHFAUYA-lahdJAicWhPFXAt1kUw3XKrj5bTVlvMG4VN9sPe7ZLmIbGj6LEhBumzsGZz0njUBuJmDF9NN8McMdvoxsPtGeRTaNs6QgjumjhrqUkdHYZXuuMWUhbptuOYToDA76GPqtY_EoMYB59MV3s1T0yawIBYBX9pfFNsJ9iT8pDJgYaYXmkmYOkSQyBQWXZovPcZ0bZSpew_jouwqZZ8P7RHxWilZ5nR9MyVQ_G7duVavCwBayhmbZI6DYAeUavxAhYquk-GRDUai1sWPq0mXAE-1ucl6VPQP8f263wDYl3g5vGKVX9ypiEjTaWkzvBh2-JdHSh1PPPI2I94KE5LdZqIFK8cUMQ_b-TxsAAk92xfURxmXMmNpaVGExBeGdiCMHHQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 235F
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523875/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-3726015810391051&ias_chanId=1&ias_placementId=20492283353&bidurl=http://pencil.evolus.vn/...
https://static.adsafeprotected.com/4.js?xsId=ABAjH0hjvYaiqQmYoQf5bCe2W4fb&ias_xappb=&adContainerId=brand_safety_1xRyZfe0Nq_H1PIPx-GpiAM&cbFunctionName=goog_wrapCb_1xRyZfe0Nq_H1PIPx-GpiAM&true_pb=

1 KB
1 KB

40ms
15ms

Script
application/javascript

2600:9000:237d:3600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?xsId=ABAjH0hjvYaiqQmYoQf5bCe2W4fb&ias_xappb=&adContainerId=brand_safety_1xRyZfe0Nq_H1PIPx-GpiAM&cbFunctionName=goog_wrapCb_1xRyZfe0Nq_H1PIPx-GpiAM&true_pb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
Protocol: H2
Server: 2600:9000:237d:3600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:45:50 GMT
x-amz-version-id: dZV1qYWLtZJQETG4KzZq1jUYDpTMrU_G
content-encoding: gzip
via: 1.1 beaace02cc7004781239800a1c484ca0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 507
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 07 Dec 2023 18:45:48 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: mgLIs4dDEtwAiZ_XYAgwOBJGVXq84dBuYkKLNvZR1hsFqg782kQdqg==

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?xsId=ABAjH0hjvYaiqQmYoQf5bCe2W4fb&ias_xappb=&adContainerId=brand_safety_1xRyZfe0Nq_H1PIPx-GpiAM&cbFunctionName=goog_wrapCb_1xRyZfe0Nq_H1PIPx-GpiAM&true_pb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 8210 91 KB
23 KB 98ms
13ms Script
application/javascript 2600:9000:237d:3600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:237d:3600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 beaace02cc7004781239800a1c484ca0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 6720306
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: KXiR9EaFIHtRfF8UgnrRZpkWNWpsiyOI3fZHdxymiZL6PnV-ULK0lA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 235F 43 B
215 B 738ms
352ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=e2c53f99-da34-64e9-89a5-90b2335beb7e&tv=%7Bc:w8TmAp,pingTime:-3,time:28,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:11%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:28,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B23~0%5D,as:%5B23~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJ2R+11*.1627455-73523875%7C111%7C112%7C113%7C12,idMap:11*,rmeas:1,rend:0,renddet:na,siq:12%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 235F 43 B
215 B 561ms
179ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=e2c53f99-da34-64e9-89a5-90b2335beb7e&tv=%7Bc:w8TmAr,pingTime:-6,time:30,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:30,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B25~0%5D,as:%5B25~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJ2R+11*.1627455-73523875%7C111%7C112%7C113%7C12,idMap:11*,rmeas:1,rend:0,renddet:na,siq:12%7D&tpiLookup=ao:pencil.evolus.vn&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 235F 43 B
216 B 555ms
176ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=e2c53f99-da34-64e9-89a5-90b2335beb7e&tv=%7Bc:w8TmAw,pingTime:-2,time:35,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1888,beZ:1889,mfA:1891,cmA:1892,inA:1892,inZ:1894,prA:1894,prZ:1896,si:1900,poA:1900,poZ:1913,cmZ:1913,mfZ:1913,loA:1918,loZ:1920,ltA:1923,ltZ:1923%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:11%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:35,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B30~0%5D,as:%5B30~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJ2R+11*.1627455-73523875%7C111%7C112%7C113%7C12,idMap:11*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:na,siq:12,sinceFw:23,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 dysonfutura-book.woff
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 0654 8 KB
8 KB 21ms
21ms Font
font/woff 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/dysonfutura-book.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 12:55:21 GMT
x-content-type-options: nosniff
age: 367135
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7928
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 02 Dec 2024 12:55:21 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 235F 0
0 49ms
49ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsurfnUchiK7tPeywLD4mQmn1ueQKXu8WoBnoJ34qMlF77DyRky90dsvcpTGEyOcUGgPKEO3FLn8WPVX0mS7n-3oOkB90NcaDt_Wi_M5NoP82cOCywQbFPW5wvDNWdpszEbp4HwgkQ1XBQVHMqrGAyfq9CiJAcYbnQ8N0omPwipbBy1Vj5eI39wOL8Zht72fhuapXoA78Z8dyPjBbFQLKGCfaDTMVJAA13F2XYvH6Rpn3cQMT5u8ZjyhRglaoER9h_nFwb9k4BBdMZ8DUXLmJUgk6Mn0yxz9Tb1Zlg3m9YopcEkh-dl-zWG50YLg4sqTtDC39Ct6Oigq3mVMuL0WCc-hVII1XSP0pe5DCHw6PyFZbwb7E3A0BPhi9g14mJNGjaJSjJyxnyG7v3nRqzYUo8rG0CLuwIHoBQ255w6wWqD6HOKkup0-E31JHB2jmnoWVRpNLNURgBD0_2DA5Kt_kyVYWqXsdgdriy3QJVp0B2C33VDKJBXiQs8143vexn0VGw_RRzKB4rNbGjTSYekBuP65tgD6Hqzzxl5cfe9s1fV3C1JFtoiZRjNpNqeO8TTlULMpy9iyGgvaPD-oakk9F5xh1UBa3NgECDz94axweTeDhK9C-cT7L5wL_WhYVPEQCiYHtvNf-9GvVNRQbQ6jWUVu1vr53TqbQwhSjVh9o_rZoFLjrckOfj7wRgU5AONveIRJdYY9PSDAVYUf2a687G6OgxaixbN34SfKo-T8WRNhOEu6C-i7Z4sQf0z9DNEZ5XG4kA5sUf6Qdd8yIsULEYCj50r6WYDJmdpODzkosRBhRhhoqUVMLk3NGeor_Xo2RuEczkd3Z4xi76Te61V9-nefcXCPz3-W8U8F8OXXI-FQQoLyxixtNsRwgOOejV4aQkANMfgltARDRvDXlLqdXi-Llu-UIlWAa0oX5JQYlhPVl6caYu9j2wK_CihimGoCb1bXeCOXtyj-G_38gQRB6ulfCfCrrjFSbwtqHXWC-mrTzXN5nQn0fgrA2ZmyO6P4A5s9LxiRv_JBTfmZBDXt_Hhp42vuTJw21MoRZxkIsW1WphE7qa9tQdq-lzKSZVPOi4RKZllfLrH_1dLPfNOmbYFmqd3gi5u4o2NdbG0lui9UUvywjfwWDDHa9fECe6mqUZKG5qwH5MUqNVem6kU5_j21ohtLuv_Vx0If_8j41cNz66zhqmOgBnfd0IZ5z3bRaekublCwj5j5n5mgCSSEAP5bwVWmxL6-Ag9mkA_GPzkD_q51PGCtpGkNYSv7Ka8OOZyHrUn3r1-_6XU-utRp3waPRt_Hf2UU03n1QOlVoOH8hQsUwpg&sai=AMfl-YQ5ozoF4BUZhC1WUawrn7m36eZMGTc5D3RruYX7NQ6dBFkNiaDho-VBNY2gXTjNMmkJdxCtvBM-JhbNJt5cvf-jR4_7DyEKoDYYs8rPear7HinK_MiNC9YApcR-LAg_VgmhLT1j-nGxyEiQ9mSMN7Gf16JSu_YZ2TE8sTOqnybsGtAAl14tVb2H1MPAvPtip2HUkMR27mzdXdbNnx1o-qh2O1VQB-2VQVmMQq2GgIHiE6QW-ytdy-a0iti5WvlNbv7hL_tpAee9Gej4qBn1S0SbdptgLWZ8oqlcTQ&sig=Cg0ArKJSzClS_7O9QqbjEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=267&vt=11&dtpt=192&dett=3&cstd=74&cisv=r20231205.94428&arae=0&ftch=1&adurl=

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/ 160 KB
55 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/reactive_library_fy2021.js?bust=31080036

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b40c66ad96d833d99b061c0b7bf37c101a9b8f359d6ed4915119dfcc7f4ccb9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55996
x-xss-protection: 0
server: cafe
etag: 11863870356843327689
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 235F 43 B
215 B 486ms
177ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=e2c53f99-da34-64e9-89a5-90b2335beb7e&tv=%7Bc:w8TmBE,time:105,type:e,im:%7Bpci:%7Btdr:60%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:105,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B100~0%5D,as:%5B100~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJ2R+11*.1627455-73523875%7C111%7C112%7C113%7C12,idMap:11*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:12%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/ Frame 4E07 9 KB
4 KB 9ms
9ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pencil.evolus.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79542
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 20:48:34 GMT
etag: 5585625838579639069
expires: Wed, 20 Dec 2023 20:48:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/ Frame 6183 9 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pencil.evolus.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79542
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 20:48:34 GMT
etag: 5585625838579639069
expires: Wed, 20 Dec 2023 20:48:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/ Frame B76D 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pencil.evolus.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79542
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 20:48:34 GMT
etag: 5585625838579639069
expires: Wed, 20 Dec 2023 20:48:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/ Frame ED02 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pencil.evolus.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79542
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 20:48:34 GMT
etag: 5585625838579639069
expires: Wed, 20 Dec 2023 20:48:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 4E07 4 KB
1 KB 44ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 17:14:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4E07 205 B
296 B 34ms
12ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 17:58:29 GMT
x-content-type-options: nosniff
age: 262547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 03 Dec 2024 17:58:29 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4E07 604 B
920 B 33ms
11ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 03:38:28 GMT
x-content-type-options: nosniff
age: 227748
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 04 Dec 2024 03:38:28 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/ Frame 4E07 16 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 16:33:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8417
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6766
x-xss-protection: 0
server: cafe
etag: 14924840246271906451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 16:33:59 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/ Frame 4E07 22 KB
9 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 16:26:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8838
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9210
x-xss-protection: 0
server: cafe
etag: 13914886398874665762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 16:26:58 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F113 624 B
245 B 64ms
63ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWI0GAM4jobHFPOXHSchW0KytmlCJvFaRnXqdLcND6FucZVbHAOdIUw8L_7GITwDV_wTNCt2Tg1IlK3BpnfTYMpi5yqWrON5DHQUczBestFv-WlMh-_8uwERCl-5vCyRK5-Sp7AgAZyosMo9aSWBijq51pCK-QJh8eTQPdg9ryTupj6SIM

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 18:54:16 GMT
expires: Thu, 07 Dec 2023 18:54:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 06E7 89 KB
31 KB 154ms
154ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 06E7 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/window_focus_fy2021.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 12:17:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 12:17:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 06E7 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:41:02 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 06E7 202 KB
64 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06E7 42 B
63 B 57ms
56ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DQjOeKPaVdhg2cC76RQv7QcftLeVCL20x4oFhk18u_qDAWElOCiotS_5OriMgsT4b7NlBPqnwPP4rkVonWWEa55MpEbfDs_x0GhqRLtigc64wdTMg

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7B37 640 B
265 B 70ms
69ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNW0mzXZJD5YXRkAnH3MRfR-u6RYsd4sfe8wi3wwxjfuouP1uAWM9obILmzCNs_Xxs7R-PHsSLcy_oXra2J7Ckk24OmqNEKSXls94b-wTJaae8BtCFV7E2Nr7YwPhaicW0-a5am0ssaH5ViJAhqbnrQNVN-IVTGD5GMD0Sbbqt8Bu7upAOw

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 18:54:16 GMT
expires: Thu, 07 Dec 2023 18:54:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9CFC 89 KB
31 KB 218ms
218ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 9CFC 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/window_focus_fy2021.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 12:17:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 12:17:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 9CFC 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:41:02 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9CFC 202 KB
64 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CFC 42 B
63 B 55ms
55ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AYlN6d9uECsrNQ6LGHCNTdc_AB-n_-0JEPosh377-1D1qVUviDMVomwakDejJnnmVivg0MTjjqRHRx2dJAk7ZUwcL5QHUuNgS8Nu11s8a2MUT_vR4

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 b1fdc9f83bbec90a172a8086cc6d7abe.js Show response
www.gstatic.com/mysidia/ Frame ED02 9 KB
4 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b1fdc9f83bbec90a172a8086cc6d7abe.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbde0fd637840b04806e70ee7610047e1cfe5568854929dc58c310a861d93ca6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 07:58:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125763
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4047
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 21:30:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 05 Mar 2024 07:58:13 GMT

GET
H2 200 280465d6b51993ac6d052e033b440ef2.js Show response
www.gstatic.com/mysidia/ Frame ED02 11 KB
5 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/280465d6b51993ac6d052e033b440ef2.js?tag=text/vanilla_highlight_ms

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3e4cdbb12defe352221c7446f538206d487f314187f7883e6f261d9246ab3af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4756
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 19:10:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 04 Mar 2024 15:25:39 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame ED02 14 KB
1 KB 26ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 17:52:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame ED02 2 KB
822 B 9ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:41:02 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/ Frame ED02 24 KB
9 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:41:02 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame ED02 3 KB
1 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 12:17:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 12:17:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame ED02 20 KB
8 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:41:02 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame ED02 202 KB
64 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H2 200 7a8419aef3683f04c437bd15cecf843d.js Show response
www.gstatic.com/mysidia/ Frame ED02 37 KB
15 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7a8419aef3683f04c437bd15cecf843d.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221331
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 19:10:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 04 Mar 2024 05:25:25 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E5AE 6 KB
779 B 39ms
38ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 17:58:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame E5AE 2 KB
822 B 29ms
29ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:41:02 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/ Frame E5AE 24 KB
9 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:41:02 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame E5AE 3 KB
1 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 12:17:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 12:17:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame E5AE 20 KB
8 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:41:02 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E5AE 202 KB
64 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 18:54:16 GMT

GET
H2 200 7a8419aef3683f04c437bd15cecf843d.js Show response
www.gstatic.com/mysidia/ Frame E5AE 37 KB
15 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7a8419aef3683f04c437bd15cecf843d.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221331
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 19:10:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 04 Mar 2024 05:25:25 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B698 143 B
166 B 33ms
32ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 949
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 18:38:27 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame ED02 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abc664dea79c033f217ed2c3202b86135fd2dbc307306ecb7cfbd54f4041ec16

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F113
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1

43 B
751 B

167ms
167ms

Image
image/gif

2606:4700:4400::ac40:9765
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWI0GAM4jobHFPOXHSchW0KytmlCJvFaRnXqdLcND6FucZVbHAOdIUw8L_7GITwDV_wTNCt2Tg1IlK3BpnfTYMpi5yqWrON5DHQUczBestFv-WlMh-_8uwERCl-5vCyRK5-Sp7AgAZyosMo9aSWBijq51pCK-QJh8eTQPdg9ryTupj6SIM
Protocol: H3
Server: 2606:4700:4400::ac40:9765 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ii5Xmu97WGFJ02%2FDtO4zgKPP1ASxnhj7Po6x3TY%2Fe%2FKnW3qzEAPE2KgPozFeNJxcjrH%2BtdDeYTIAR6l2%2F5BDMRiO5XODOgCLy0GDYbTU4t5qYGwkYOR9WwmwHupVPQmiWMdYQd7sk5BIzF%2FXeMWpciYEk80xFA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831ef9e92cf49a11-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F113
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXIU17yvKiVkuGR5ON4iLgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1

43 B
747 B

123ms
123ms

Image
image/gif

2606:4700:4400::ac40:9765
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWI0GAM4jobHFPOXHSchW0KytmlCJvFaRnXqdLcND6FucZVbHAOdIUw8L_7GITwDV_wTNCt2Tg1IlK3BpnfTYMpi5yqWrON5DHQUczBestFv-WlMh-_8uwERCl-5vCyRK5-Sp7AgAZyosMo9aSWBijq51pCK-QJh8eTQPdg9ryTupj6SIM
Protocol: H3
Server: 2606:4700:4400::ac40:9765 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ay4LW639p475qpbF3lqF%2FOUmIb27AVPjM%2BfWsqpR0ND4GhwW9D%2FkjwRhKpn0ubqLT0eRypWFs8p5EwqKhStNfy6NoSnGvikD%2FdAWobsVMRWCgajuZ77ejPwhHW5TKXXlipwtUxUgY3LQnNzn6Vxe1uLu5hkspA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831ef9e98dde9a11-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKM_kpNytCNGiRLdZZbHP80&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame F113
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPFGqISFl7Z3qHE7PGXdlsU&google_cver=1

43 B
845 B

41ms
41ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPFGqISFl7Z3qHE7PGXdlsU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWI0GAM4jobHFPOXHSchW0KytmlCJvFaRnXqdLcND6FucZVbHAOdIUw8L_7GITwDV_wTNCt2Tg1IlK3BpnfTYMpi5yqWrON5DHQUczBestFv-WlMh-_8uwERCl-5vCyRK5-Sp7AgAZyosMo9aSWBijq51pCK-QJh8eTQPdg9ryTupj6SIM

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
an-x-request-uuid: b54b6780-2804-400d-95a6-c4087daa613d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.133; 138.199.38.133; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPFGqISFl7Z3qHE7PGXdlsU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F113
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA1NzUxMjQxNjcyOTY5Nzk4Mg%3D%3D

170 B
188 B

48ms
48ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA1NzUxMjQxNjcyOTY5Nzk4Mg%3D%3D

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
an-x-request-uuid: 390b769f-0a42-4d91-88cb-9fb925f958a6
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA1NzUxMjQxNjcyOTY5Nzk4Mg%3D%3D
x-proxy-origin: 138.199.38.133; 138.199.38.133; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 7B37
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHUenAJ5mBIfreQTim8ke5I&google_cver=1

43 B
264 B

104ms
69ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHUenAJ5mBIfreQTim8ke5I&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNW0mzXZJD5YXRkAnH3MRfR-u6RYsd4sfe8wi3wwxjfuouP1uAWM9obILmzCNs_Xxs7R-PHsSLcy_oXra2J7Ckk24OmqNEKSXls94b-wTJaae8BtCFV7E2Nr7YwPhaicW0-a5am0ssaH5ViJAhqbnrQNVN-IVTGD5GMD0Sbbqt8Bu7upAOw
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHUenAJ5mBIfreQTim8ke5I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 7B37 43 B
136 B 387ms
313ms Image
image/gif 35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNW0mzXZJD5YXRkAnH3MRfR-u6RYsd4sfe8wi3wwxjfuouP1uAWM9obILmzCNs_Xxs7R-PHsSLcy_oXra2J7Ckk24OmqNEKSXls94b-wTJaae8BtCFV7E2Nr7YwPhaicW0-a5am0ssaH5ViJAhqbnrQNVN-IVTGD5GMD0Sbbqt8Bu7upAOw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 7B37
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEBUSCl8i20tgFx0VOIhQsJo&google_cver=1

23 B
163 B

207ms
54ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEBUSCl8i20tgFx0VOIhQsJo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNW0mzXZJD5YXRkAnH3MRfR-u6RYsd4sfe8wi3wwxjfuouP1uAWM9obILmzCNs_Xxs7R-PHsSLcy_oXra2J7Ckk24OmqNEKSXls94b-wTJaae8BtCFV7E2Nr7YwPhaicW0-a5am0ssaH5ViJAhqbnrQNVN-IVTGD5GMD0Sbbqt8Bu7upAOw
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Thu, 07 Dec 2023 18:54:16 GMT
pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEBUSCl8i20tgFx0VOIhQsJo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 7B37 23 B
163 B 247ms
55ms Image
image/gif 23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNW0mzXZJD5YXRkAnH3MRfR-u6RYsd4sfe8wi3wwxjfuouP1uAWM9obILmzCNs_Xxs7R-PHsSLcy_oXra2J7Ckk24OmqNEKSXls94b-wTJaae8BtCFV7E2Nr7YwPhaicW0-a5am0ssaH5ViJAhqbnrQNVN-IVTGD5GMD0Sbbqt8Bu7upAOw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Thu, 07 Dec 2023 18:54:16 GMT
pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame ED02 33 KB
34 KB 106ms
34ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 21:01:51 GMT
x-content-type-options: nosniff
age: 78745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Dec 2024 21:01:51 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B698
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

29ms
28ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 18:54:16 GMT
expires: Thu, 07 Dec 2023 18:54:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 18:54:16 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 235F 43 B
215 B 188ms
178ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=e2c53f99-da34-64e9-89a5-90b2335beb7e&tv=%7Bc:w8TmGs,pingTime:-10,time:403,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjcxIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.6.2v222222220002022202222222000020222222202022222220222202000022000220222220000000202202002222202222222220222222220000020022022200022222220200000222200022020002022022022222202002220222022222022220000000200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022020000000020000000000000000000020220202220000022200202202220022000200222022200200022220222200202222020002200002222022222202222000002002002222222202220022202200022002220202202,asp:1701975256551%7C%7C4f4ffc05491981e89a1c0bb8825339a8%7C%7C81fa84b75a8024ba76b34e57df459f31%7C%7C9a6ada18a1a164877954d38d1d3016d9%7C%7Cfa9cdbfeb736c4702f35a9c957379c2f%7C%7C9b65af3bb439495fad83d855971caf11%7C%7C89b7133f3baf7279b6544874aa1571a0%7C%7C3a7b834396e2e7dcf1480abc94a8f262%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3726015810391051&output=html&h=90&slotname=9118354868&adk=746077752&adf=508246717&pi=t.ma~as.9118354868&w=728&lmt=1701975254&url=http%3A%2F%2Fpencil.evolus.vn%2F&ea=0&wgl=1&dt=1701975253972&bpp=112&bdt=239&idt=276&shv=r20231205&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=1282805527564&frm=20&pv=2&ga_vid=1112030573.1701975254&ga_sid=1701975254&ga_hid=1787559534&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=839&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079919%2C31079929%2C42532601%2C31080036%2C44807754%2C44807764%2C44808148%2C44808284%2C95320229%2C31080037&oid=2&pvsid=508794219439035&tmod=974130621&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=287
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt22.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06E7 0
20 B 59ms
59ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2568266635220&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06E7 0
20 B 59ms
58ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2568266635220&version=m202309260101&ct=76&x=1&cor=2294999739871168500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 06E7 109 KB
41 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DD2lGwbA_vDQifMtRCB7aatXkHikH61r1-57W2oS24yviU1GnJUKPt8PaX6JKUpvT91zfKsoP7QNvZuUBv7mn2eeqCLarWiHf7A1r4Cb4lbFnd6U1oBM-oRUyFqfnrEfssdOFB2I49pM0VFzZWjvU9g6OhwKN9z6XDEqvHOnvQMD3vfFQ&dbm_d=AKAmf-AdW1tinbqkWB24Y1eCMMdwzn-JWhIdOUAt0RdyMeoZb7aGJSvqPXqig1kDfy-uPRlsEwfKaFmsRthy1AqRfWKNPgL3SXpkZqK7Jbif_vttnXPDqpglyh5C0VK66WJm04RSyUQH2ISBuhhjsPa3vBpkhj-dX796AWMsD_FXp-GKPWMSZIBBIpCHNE0AircyU_m7EAtT0PKluqpln-XRRUhlGmXv6M3anXunTOeujVTppEy0docTPastiNVVQ-8DQWrSJS8quBvsBwexaboIzzE-L9hdqUlf-o0Xai632KeK7XcpsjAyQPn-5zljG_yUl8nM2yhuWr8KWC5M3BmSC4eRiDxYElDoY-pjW6-yZor_fDs-105xKS7IR4H6AB5hJFoNnF50xt3Yrr-f9Ge10bgKp27nD3FfjixMlyudM54NyW8oPhh6N-8wiz9qsvqaowmjR9f20ygXbso2uHe6TI66z9vhFlvCJ4TSHvfVrLtmDxM2ibW-51ak-a4d1B7NAS9epe9D3bKlTTnjmt3MqUceIbVMfU_SJvaaDF7ryIq-kDIuIB_U8FuZ0m33LtA5g84mV3p22uOFQU6Rgb6ZAteN1QueG9HADOVvulPLPyBUFQILVZniMq94j60s18FjQpY58G6ZM9JXWt3QhUf97wEZJn_6ENDmRr56Y1IU1bEGpy1KZFUAGPoC6Ph1tkO2Nu7xYDD4dxD_xhAPCNToFjxafTuYJNfvsV4mWVl4WzDwulWXPe8Bp4BxLaJy0nnEoMeMF-I4ZLawj5ZhXmOHcBp8PHjfL1luIXVs-F2_tOX_22BLWVWRpmJROVmUqw_qB2Vrf3NWhJp8C_lAQR0jli0zyJI1i5Jleh6JmTKJUujG7H9tEeL-0Ymqgg526cSBtgjVNKjRpIon_m4yy_bvACpz47mlGruIF6zFxooRxHkBj_e05Y5foZZfUYtwTMUlDjYvYnY_HMjIzDDhu7hQSPwNu1-cIP67VGT15TKI0LXUegkS11oZd8JC7a8mL2k9qZxBsLDPcYhnZnj_1uYs5xhpqaLFElNldrztSG3L6Wzqk6sdm4SdsBoyjqaAlPCksOJQrx7wD-mQLVsxZSohgKJwO4jvRPGGRSTICzd3ZdzmrLXW4nf3c9XQqkYrF75bLg6oM5xLjY24rm0UXxiRnHGrtu2l0DFOBLQlX1bmN0RD2R9lYBRgsvJuGipgrf0EL7vtYmCjQXXEjWhzrGR66C5W8PHH9O0S3KiHeAkkI9-xL48sneKYJNo6DLn1H33o8OH61wqfWgML2-jltpkF5Rwi4FWy5ewHPi2E7c7ZTNNFUCIcHBilKMQ4RCHL0mKvB-SHX6xlleaTSyrNklkh0YerSe9BcZsi3MOsg6bqwAIhCkoimXwofywzaaEqiFalt4j_Ne5h4GpHyQv59LIK4doNS0L1jETSFY7VJ9Zfk2p1_vOeCnBOkCL5mdNRZs0eYZHpfvJbSDQUaNhxLhuOtHKOKxYTtJnAFPKkup-vZJxzkevCPs-aLCHpn6dZMApHE_fuVTV-Ms8aneiCat9jy9Zgtz0fzDeUzMEvgo-nbqnjzo8WZb7gNSczkDxtQP_mvyi5WXrvI_JEb9yOUrbhWj95Lmxcw8fun3xH9k8gg88uNpAoE6IXNRA7vKUJEK3OldRiKOrh9I7QRxCa34BRH4lwKneHIej8VMOHFd5R6R1S8O0OCR3ahAX7gOiwSZUTGv2cqNkT5gS40_-_QndiEdJoI6wHl71T8328rZ-uOGJJSrnCQ7HpF7qK3GKOnkUVv6Qs2WTbIe5Lt4ehj-H49eX4xeCNqxCP28u6NTIEyjS2uwEIujlkO7mJfI8Fo_Ens7zfcjIUiKSjxOc-w_67rxk7ZpAaZMkfVL6C0u4O6DLgYxAt2l6SO6lV6_17za6DFQEfaNvWZEnWeOIIhNUzVFy1QoSqBzdZ2M0HitXXMsn9onw3ADj3VIrJ5kBubmS6V0jajYoExpVKaapdeIbmJVN1uDnXZkQGxq85lPptihIdNknXTpbb41LB9OhL5TrJFI0jQ4OH5aT2gLEMniz-K-YpkUQAGZKC4pI3Qr7XU989Glr3IH0XjFEaN5FqrDuVNwQKd11_ZiEJehezvNlH3Iky5eU0youx-NYPRkqRQ8ZbZ_G1_580lO_p3Hcd1FMKE4XVe1Zik3fv32k_tXEfgSSxjtNDQxP7h5qIOFCp4-p4xYvMXF-03x8L2aFtzju0vlgBtZp-4zD8lMkewrz91MikmQoL3G7_5stTRGyKZPPJHkZM4AS4X6E5OvyKGdc0ehd2vzzBeHLJ7DCfKg1BGKZw-ARQ1Sd8oPopkJMCPVvHYrLXS-_YJJgFMFjij48z69YlGcKCNEXEpbVmHTukZFuz_SWj_iGY4WvPMe1ajASA0YjcRU7wWXmF-9FZv_KI8mctMQeN-Bpgxgf5yCD-fzXW2-R43VSf6t2OUjPQOtxcvuYFNl3v7lNYc8xW1E3w4XMUumWRAWGlIE4odlvHBqzxTwhZnAlHYbMBJify7eFHzcrZY20UuOak0ot_qMhDqIUa2sEsNPXMNwN3VD8AaGFGPT91Q7gBprjVr9RyQxiyZwqeFztWm0u6SMlgPnjh1JCTxJBDBuz9BPlphEAaE6MzlMvH_8qUwFbiCzh0trB5oRtjMMZdGzuRkifGkZqoHCtvwNxxXPBxFIb4vvPHZqSB0p4JROGN4JopULtViXJ_L1BHKRRNB_SiEFb4SBfQEYToHj2eY7jd3DHdkbLhDG5A27sNgFVKq9PssMnKW5eXvMPY00SlszcZjOorOqoYCmKdzBra45Tt-M3fbSTOAsob9cwDgyEDSbrg1T4A9gzB3j7VPKe4_bEUsjuRwx00hKlNNIM0jr3oB1Q-BzylmdVnTiH-H0Ksm1uPczpb1ttWYh-EdA8V8eKmSlh6sbnekhglrM3FMdVI_HVNO-G34SbvtmQujs3fjBaHUJsEFTldhECqT_PrjjAd7yeZgzCw9z_ofUsFEMOn-1pHrqKQcqPks0VvEcnm8PzWlzWNgpxRENvJcvK7Bke6mN0STGerYoivZvUhJpUlbzWVhVaFT_V7lR4AWIdcEEY4ept15CZULIma5NGWzU9xZwI_qYG7m-6cEI9WAZ-t1k8XgNIsSK6S0gkHXAEt7NOHSP81b358xNlDIBtebUrIgqW_Qp-1pOX-GzNI6spHUwBcHDe2ImrCjGY9rNqEb7T42GUETu2YlPobwyiSWy3-K-6nPU8NzlkHPpyaiUZK5hz7MtHDvAzq0E35BXC9D4gJc2sE1VCtECskdZj2821MnlALP4NQNfbGf7n-kBifT0WSkIl5u7SgNMKq9PiBvcExXiXEeK__pbkQENapD-6ygPDIohB_er18GcmHQzUmUTZJbxetyi_4BvtSYVinqr6vUn8VbK22SiMIzanbCcLI7BoJMn56HozvnlDIY4yFY1i2jRglETSZRhvIBXsIsi3JwZ8RsBBYiIgdjbuTS-vOYMtGEaCacHSwjWdUHQcujHlAay-mqbsxfH-MPPGrMCaamDeFs0JLLzSfhcZcowxkRC3-4Ju2kvg1aWRdhwUihwrQVzMRe1lq1D4jBH5cEFjdw3KexO2A4NZvnftQ5WAzRMq1x1SNFRXRL8Oc&cid=CAQSTwDICaaNkhjqKmWEoy-RgtocTZM6nTY3UB_M8qMRdsZ99oUwfjwc0qthLCs9RbVInd5f0ldTyshJFSCbAhJH-kIj94VldtLFNrTLWI4rLGsYAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fpencil.evolus.vn%2F&ds=l&xdt=1&iif=1&cor=2294999739871168500&adk=497053792&idt=156&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b046c76798755db3823f505ac1d0d030db7783d6e41d8813a032a02d7f676ad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42323
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js Show response
pagead2.googlesyndication.com/bg/ Frame 3B61 51 KB
19 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e61a5274401d098ca96cd8b36e4030f75bcb644047b18cf0deb1f916c863f126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 09:13:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 207632
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19933
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 09:13:44 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523888/ Frame 06E7 255 KB
77 KB 44ms
44ms Script
application/javascript 99.81.22.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523888/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-3726015810391051&ias_chanId=1&ias_placementId=20492285957&bidurl=http://pencil.evolus.vn/&ias_dealId=&xsId=ABAjH0jZfQxIeP89got6oE7AcRF-&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0jZfQxIeP89got6oE7AcRF-
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.22.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-22-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: fe18a10c1113e33eb3e00a49196eb8513743049e0cfeac5b8066d0545ad2c216

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 06E7 111 KB
39 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:51:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82970
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:51:26 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/ Frame 06E7 11 KB
4 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DD2lGwbA_vDQifMtRCB7aatXkHikH61r1-57W2oS24yviU1GnJUKPt8PaX6JKUpvT91zfKsoP7QNvZuUBv7mn2eeqCLarWiHf7A1r4Cb4lbFnd6U1oBM-oRUyFqfnrEfssdOFB2I49pM0VFzZWjvU9g6OhwKN9z6XDEqvHOnvQMD3vfFQ&dbm_d=AKAmf-AdW1tinbqkWB24Y1eCMMdwzn-JWhIdOUAt0RdyMeoZb7aGJSvqPXqig1kDfy-uPRlsEwfKaFmsRthy1AqRfWKNPgL3SXpkZqK7Jbif_vttnXPDqpglyh5C0VK66WJm04RSyUQH2ISBuhhjsPa3vBpkhj-dX796AWMsD_FXp-GKPWMSZIBBIpCHNE0AircyU_m7EAtT0PKluqpln-XRRUhlGmXv6M3anXunTOeujVTppEy0docTPastiNVVQ-8DQWrSJS8quBvsBwexaboIzzE-L9hdqUlf-o0Xai632KeK7XcpsjAyQPn-5zljG_yUl8nM2yhuWr8KWC5M3BmSC4eRiDxYElDoY-pjW6-yZor_fDs-105xKS7IR4H6AB5hJFoNnF50xt3Yrr-f9Ge10bgKp27nD3FfjixMlyudM54NyW8oPhh6N-8wiz9qsvqaowmjR9f20ygXbso2uHe6TI66z9vhFlvCJ4TSHvfVrLtmDxM2ibW-51ak-a4d1B7NAS9epe9D3bKlTTnjmt3MqUceIbVMfU_SJvaaDF7ryIq-kDIuIB_U8FuZ0m33LtA5g84mV3p22uOFQU6Rgb6ZAteN1QueG9HADOVvulPLPyBUFQILVZniMq94j60s18FjQpY58G6ZM9JXWt3QhUf97wEZJn_6ENDmRr56Y1IU1bEGpy1KZFUAGPoC6Ph1tkO2Nu7xYDD4dxD_xhAPCNToFjxafTuYJNfvsV4mWVl4WzDwulWXPe8Bp4BxLaJy0nnEoMeMF-I4ZLawj5ZhXmOHcBp8PHjfL1luIXVs-F2_tOX_22BLWVWRpmJROVmUqw_qB2Vrf3NWhJp8C_lAQR0jli0zyJI1i5Jleh6JmTKJUujG7H9tEeL-0Ymqgg526cSBtgjVNKjRpIon_m4yy_bvACpz47mlGruIF6zFxooRxHkBj_e05Y5foZZfUYtwTMUlDjYvYnY_HMjIzDDhu7hQSPwNu1-cIP67VGT15TKI0LXUegkS11oZd8JC7a8mL2k9qZxBsLDPcYhnZnj_1uYs5xhpqaLFElNldrztSG3L6Wzqk6sdm4SdsBoyjqaAlPCksOJQrx7wD-mQLVsxZSohgKJwO4jvRPGGRSTICzd3ZdzmrLXW4nf3c9XQqkYrF75bLg6oM5xLjY24rm0UXxiRnHGrtu2l0DFOBLQlX1bmN0RD2R9lYBRgsvJuGipgrf0EL7vtYmCjQXXEjWhzrGR66C5W8PHH9O0S3KiHeAkkI9-xL48sneKYJNo6DLn1H33o8OH61wqfWgML2-jltpkF5Rwi4FWy5ewHPi2E7c7ZTNNFUCIcHBilKMQ4RCHL0mKvB-SHX6xlleaTSyrNklkh0YerSe9BcZsi3MOsg6bqwAIhCkoimXwofywzaaEqiFalt4j_Ne5h4GpHyQv59LIK4doNS0L1jETSFY7VJ9Zfk2p1_vOeCnBOkCL5mdNRZs0eYZHpfvJbSDQUaNhxLhuOtHKOKxYTtJnAFPKkup-vZJxzkevCPs-aLCHpn6dZMApHE_fuVTV-Ms8aneiCat9jy9Zgtz0fzDeUzMEvgo-nbqnjzo8WZb7gNSczkDxtQP_mvyi5WXrvI_JEb9yOUrbhWj95Lmxcw8fun3xH9k8gg88uNpAoE6IXNRA7vKUJEK3OldRiKOrh9I7QRxCa34BRH4lwKneHIej8VMOHFd5R6R1S8O0OCR3ahAX7gOiwSZUTGv2cqNkT5gS40_-_QndiEdJoI6wHl71T8328rZ-uOGJJSrnCQ7HpF7qK3GKOnkUVv6Qs2WTbIe5Lt4ehj-H49eX4xeCNqxCP28u6NTIEyjS2uwEIujlkO7mJfI8Fo_Ens7zfcjIUiKSjxOc-w_67rxk7ZpAaZMkfVL6C0u4O6DLgYxAt2l6SO6lV6_17za6DFQEfaNvWZEnWeOIIhNUzVFy1QoSqBzdZ2M0HitXXMsn9onw3ADj3VIrJ5kBubmS6V0jajYoExpVKaapdeIbmJVN1uDnXZkQGxq85lPptihIdNknXTpbb41LB9OhL5TrJFI0jQ4OH5aT2gLEMniz-K-YpkUQAGZKC4pI3Qr7XU989Glr3IH0XjFEaN5FqrDuVNwQKd11_ZiEJehezvNlH3Iky5eU0youx-NYPRkqRQ8ZbZ_G1_580lO_p3Hcd1FMKE4XVe1Zik3fv32k_tXEfgSSxjtNDQxP7h5qIOFCp4-p4xYvMXF-03x8L2aFtzju0vlgBtZp-4zD8lMkewrz91MikmQoL3G7_5stTRGyKZPPJHkZM4AS4X6E5OvyKGdc0ehd2vzzBeHLJ7DCfKg1BGKZw-ARQ1Sd8oPopkJMCPVvHYrLXS-_YJJgFMFjij48z69YlGcKCNEXEpbVmHTukZFuz_SWj_iGY4WvPMe1ajASA0YjcRU7wWXmF-9FZv_KI8mctMQeN-Bpgxgf5yCD-fzXW2-R43VSf6t2OUjPQOtxcvuYFNl3v7lNYc8xW1E3w4XMUumWRAWGlIE4odlvHBqzxTwhZnAlHYbMBJify7eFHzcrZY20UuOak0ot_qMhDqIUa2sEsNPXMNwN3VD8AaGFGPT91Q7gBprjVr9RyQxiyZwqeFztWm0u6SMlgPnjh1JCTxJBDBuz9BPlphEAaE6MzlMvH_8qUwFbiCzh0trB5oRtjMMZdGzuRkifGkZqoHCtvwNxxXPBxFIb4vvPHZqSB0p4JROGN4JopULtViXJ_L1BHKRRNB_SiEFb4SBfQEYToHj2eY7jd3DHdkbLhDG5A27sNgFVKq9PssMnKW5eXvMPY00SlszcZjOorOqoYCmKdzBra45Tt-M3fbSTOAsob9cwDgyEDSbrg1T4A9gzB3j7VPKe4_bEUsjuRwx00hKlNNIM0jr3oB1Q-BzylmdVnTiH-H0Ksm1uPczpb1ttWYh-EdA8V8eKmSlh6sbnekhglrM3FMdVI_HVNO-G34SbvtmQujs3fjBaHUJsEFTldhECqT_PrjjAd7yeZgzCw9z_ofUsFEMOn-1pHrqKQcqPks0VvEcnm8PzWlzWNgpxRENvJcvK7Bke6mN0STGerYoivZvUhJpUlbzWVhVaFT_V7lR4AWIdcEEY4ept15CZULIma5NGWzU9xZwI_qYG7m-6cEI9WAZ-t1k8XgNIsSK6S0gkHXAEt7NOHSP81b358xNlDIBtebUrIgqW_Qp-1pOX-GzNI6spHUwBcHDe2ImrCjGY9rNqEb7T42GUETu2YlPobwyiSWy3-K-6nPU8NzlkHPpyaiUZK5hz7MtHDvAzq0E35BXC9D4gJc2sE1VCtECskdZj2821MnlALP4NQNfbGf7n-kBifT0WSkIl5u7SgNMKq9PiBvcExXiXEeK__pbkQENapD-6ygPDIohB_er18GcmHQzUmUTZJbxetyi_4BvtSYVinqr6vUn8VbK22SiMIzanbCcLI7BoJMn56HozvnlDIY4yFY1i2jRglETSZRhvIBXsIsi3JwZ8RsBBYiIgdjbuTS-vOYMtGEaCacHSwjWdUHQcujHlAay-mqbsxfH-MPPGrMCaamDeFs0JLLzSfhcZcowxkRC3-4Ju2kvg1aWRdhwUihwrQVzMRe1lq1D4jBH5cEFjdw3KexO2A4NZvnftQ5WAzRMq1x1SNFRXRL8Oc&cid=CAQSTwDICaaNkhjqKmWEoy-RgtocTZM6nTY3UB_M8qMRdsZ99oUwfjwc0qthLCs9RbVInd5f0ldTyshJFSCbAhJH-kIj94VldtLFNrTLWI4rLGsYAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fpencil.evolus.vn%2F&ds=l&xdt=1&iif=1&cor=2294999739871168500&adk=497053792&idt=156&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:50:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11035
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:50:21 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/ Frame 06E7 31 KB
12 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:54:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10781
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11943
x-xss-protection: 0
server: cafe
etag: 4141415479739543000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:54:35 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 06E7 41 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 521348
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CFC 0
20 B 46ms
45ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8879441816948&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CFC 0
20 B 46ms
46ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8879441816948&version=m202309260101&ct=76&x=1&cor=9031662042013054000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9CFC 109 KB
41 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bdy-ZdixeUvPQgBOe9cfSTfRl4Q_0fEvP2mBwYY2_NsN03bTXhAMmZ4odg-vKhyqlka-7rgGxRp9u6Wy9ATZaK4Dq5st8Js8bCU_40kCO5IRYFjdyWDqmICPrB4QB6LezjPQPuk13ERAI9xjamEF8MFrCshe96PNrYgaNzF_lkO9A7X1U&dbm_d=AKAmf-DuFApOnAV1eAo5a9Ds5T2HENIx2dxfU9kLG7__AxH1r_sG-R3mCDnpjUET4uz1kFKWUWknBRucKT7fUa1KC2o7PiDS5ab3FLbOkdmAD8suGD7OHTskzqLoSnOa6s3F_t5x6HNn_v968j32i72ZqhXUB8Eqx67dGOk_nUfxNRkDvhvEHHOmYahU5Riqnsi74M87FlsYWJe_P0jfPXfoQRMF7R4SWHw9wUdcquVPuFwwm1o2_CWQOgpiemLmJzxEWfXGGaVvW0ZNce1NvkkKhMd87XohgyfKclJy0QHoAWpWPZeavFj2kU_8bhMUuVMQyk_xSfPx85ALVbxYBd2ViKvBTEqKwXrHtV4C3nrJRQp9Ww1GQx_ztO7KAlWWmyV0ksxZWbd91LvGQIPlPVYQ23Zex0GiYkcAs96nFejPNyg6skxUf2MW4hLTFsHrTgKvwfUfOLxvsZKIPDL50DS3WBDyUOuoRfiG0XwVIfq3HZTEsvydlPoPmqTQuK0qJZp68Qxj1r4WNw8CeEFvbpsfxZJc4tv98UFENBkWFaIaVM1vVTD6M1r65n_A_8TJ5ayO78l4v32Kk7TweA6YTiXr-8kSe1CVE5wheFKwD38D-CBTbRTT8V6Wu3s5XxCNCA3NxYlSdypp4XT30aPGUMc-rEB0uU2RQIZ4xt3HQ7CC4CGQCWapiOgS-VUxNjxFMpjLW2LOeXdajOliICRD6CdutERtNLBX9A19F2q1ztsU16Pt6WwaCH_BBe4JdBFTD7yozPQr6G_Bx8GGw6gcT0yPsHxIINIIB1veg6oA5wm40ir8AMI5-ACYrLNXyQ7pORR2P6IrCezwR0VjGdrJiEiBbxAp32geXFtNJMdb83yOobtNtNXdp65RplALU8a6mV8txp5gK8OE_Q78oNiybLssxdLr9xFfMuZXyvjW2GtoVit6LVg46_PnxyhDaOhtXp2L4CZs-fUapCJwHYCjE_LkcPR2ykr4IYNTjVpv5-LZP-ZEMX8pJYmga9hdh4PL0xomiVQdn3pNdjJDBHnhliyOt96aKvY07IoAdXeULzHQkbQPjOneCgHgpKUKtiuIxHrBITZA2oH1ogg4RlWeL-JEmC0xsarXIDAXGW8DnTCEVz9sMM3DD21syH0raHXpg-rqLkYlFJoG5LGuMsOmrDgPLyxzKpdLMgX7atMjgFFjgJqOfpXIadxJeT056DN3E1zlnHatdLYURKg9Fz9hDJi77k39Eje3u1Mc3NjzWN32u6AjUvfC5RPKJbaKhRIagnYxqkhzHcxg4TF0cOctqKo0f7exvTSbLVaPbPajubKAwehR-zFV8EyPFYNsOcspoCF07dWn8NAY-ZVZWDbKEu7MVfxGH4mnYg8d9VZPO7NnJGFCRSBhLsqfi3H_phg6KVzkyrn4GDwIe6BuA7nLIXwuwvs7Q0UzfnLis3ZJkrh2TDzNIAz0AswInEtTPsAqGneytEvbAeSWCBoRtvE-5dVsQEAPgRzWXsYUrlW3MC7GvqAM5Wa0WVuDBQycf2QLwsiVd6FRsnJWtwxihRxpVe3xWpWS0NrCadC1M6aav-LlyaOYScu7R00qLhuKhwLdKFKS4qNkeT6LAc9zLtM3f0_VYvv_SxmfmLvDJd6Xxl34WpxKA_E6N2Yb0BHspYKQtRqk7EvSqPbWqwMNYbD7a6IXP2_j8tJdlP7A8hHvXNGgyayJtPoSpLk52Vx2GUk0WwxSzJLc252_Kzhf1_4Sy-dL_hr7UxPnq83OIK-JqsP62nEugrs18E1vdTGBgekS5Guap6evXdNauyUVxuFcmK612qvf2azN_frn7NoGYn8Fzat6m4zpaUwoZ6WkD0v6zWhZsafypAJsUcbcuDyXiwwAfPkqQGt4ZruXhQfP7MICMjM7etgrbD19jphk93DD_FUJabLOaCdmVoC2BZeuRAeRFDngPrUGKwJvNH7uybsCJwNtt5bkJKBe_Ck3y45vF1gJb0oIZQtUiMaJ2N4vDW-ZaIUxYDckWxrrmjIn8sqXJ9KRNjDEmjcd-d1Cnwr6COqdSEoS_2njg48zx2iW7SL39Mbqdqe2SB1BxksKHFylq0L0KqwpWeG7ge1eiP9sEVMBV0mzLl-H51ijgs7Rsu0D4JtTYvS5luUfZkTf2v3zTi9g4ehLiDkUOCdlBJ4BDzm_KbKL-Vv_iXLdWIj8H9gTQzCTV4GlkYZeimHwWSkCKsx1e_oAHWv2Rw17nt1fu6KUTdvrpdJVRSA1iPXXsXaePgABsKUsVUekpLkQ7rKrIChHTi2LgZ6TfKMp4eSoCSBD5k2v8ZJpYpO9U2bdpY7DQoUkLyd2sGwzkM0YtzmTB-jy4ccAKwqGLJrgIHmIqB_CfGsCFSheY0UG-8JSjGkXuDbV7STY3163yuUikJ8vl0FA-U5-ylnrxSr8ccoQdIaa1kzmsbrE_UHIPBFbkVyMueLZ0rsv9aWjDts6JnY4WPGy7M9Nbf5Y0Zz9amPr9dprAt-fhb6csZLX30PTrBzMFNFUKPhHg28z_vlC1qEJTcW9xR6ISntmIPsFhVI722lRZm0xIgFHHETOY1OVH83IOHMXM2Ok8vsyt8fDfB59QH8pzcJ8fNh7ZWlkwJhRc7R3wXKdrnY6elQUjQSJcJLV0NnZbDnN6Ai03ABvB0atyeVKBpWAze7HKJCMUmiQ3HDD6TeO5AYh9eRRi0z1JdhdMDWuOU2E1i4OhJ-mzaJIXMHiFxQlcgRZB9xuLZS_tZ9DHZ_RB1VcmBeDu9XaCYoZz4CbnjWRNXgZe-4_6LVO2cfkRhAhJ8l7Auq-iZbNeaXR5FDWkWW6IKNMasdnmuLQQd52JWw0B3V0zonGbAZ0C8qN-Gy-As-UeT_BLi5TB7E3u-3e9_y6kLxFjTdWIHbas3pFgSWC6W0y2CgSJv9VXycb9fAZ60X8Sb0EoV1gw_f2N1SqzNModaFeabuaVQ9_mDJHI7DpLj6SrkUZrQ40k4ROYA6WYS9Z9Lv_4-5MdWngaeM74yDIHB2UfYe4ZkHHX9UeF_ZIfAvL3hOyNwqFD1Hv6FQV3FZ-63Q8GMvCF56wivOc4HqAl13sruyxZg6IWZq1TniU9LanvEo5YOCbbAv7EyU2UVYoUq0JixEDD5ncycub6h8pRROjEiFtLbgWfRBq253hGXxFlsSPiz1agrKNlyi6tizjEx5rM8hpkkHAYy8CLLA9TGb6Wpw_dGNtG4wI2hScrbJJP1SYP0F9gpzVtCKeg1NYBzYOz5GsDPV2q2zPmEllMJXxXC3u5W_NFOIU99G6fdSLrjXO-uVl6xVv1CGcUsLrm0pcA5X1rIdiRx9CizBkqJXJxLY53GRMeQ-Hm-t91KPBpc9f-fW0MbVXLrZV8WEDWWL-D-50olLoTD_ItxSkWP7EpcZxCR2FufkDaxUgBUsYvEvOl4bTcuB15Xejc8wvHwRgmce6n2kr37AZd7rbtZuXVAKo4JpPA47LcHn0sMvrM7BNJhUjhZgHQ2PTHft8WM-E7QMObwCBhov0Oc6qrNtiI_3XMIzTkqOiMczWGlL6JGNOrXTxrnC2allJX5SwEsLxVUuwa4FBNStXuHjxQ7U4HVNEsY2hruVrNsyHtOI0pHielAe7U9xFN39L9wjfqpqhPMgUf1b2xWyursD6&cid=CAQSTwDICaaNkhjqKmWEoy-RgtocTZM6nTY3UB_M8qMRdsZ99oUwfjwc0qthLCs9RbVInd5f0ldTyshJFSCbAhJH-kIj94VldtLFNrTLWI4rLGsYAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fpencil.evolus.vn%2F&ds=l&xdt=1&iif=1&cor=9031662042013054000&adk=1761367584&idt=222&cac=0&dtd=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da53407f9d2f34a4cf3c61979d897f4dfdefdf961aa928f4280212183e1c7643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42256
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame ED02
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=ChCUU1hRyZZjBHc6A29gPtcW30Aar04vPdOb8nfHxEYHVmv6aOhABINuqjSdgleKQgqAHoAH0___pAsgBAakCVUaomQ8hsz6oAwHIA8sEqgTRAU_QEIw7ew_hedLN8RQRuXJgu3jwqLIQPEK...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215676825149041970782%22,%22debug_reporting%22:true,%22destination%22:%22https://msc.com%22,%22event_report_window%22:%2225...

0
0

57ms
41ms

Fetch
text/css

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215676825149041970782%22,%22debug_reporting%22:true,%22destination%22:%22https://msc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22759169012%22],%224%22:[%2212-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213736791924531397217%22}&andc=true

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"15676825149041970782","debug_reporting":true,"destination":"https://msc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["759169012"],"4":["12-07"],"6":["true"]},"priority":"500","source_event_id":"13736791924531397217"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 07 Dec 2023 18:54:16 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"15676825149041970782","debug_reporting":true,"destination":"https://msc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["759169012"],"4":["12-07"],"6":["true"]},"priority":"500","source_event_id":"13736791924531397217"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js Show response
pagead2.googlesyndication.com/bg/ Frame 51E5 51 KB
19 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e61a5274401d098ca96cd8b36e4030f75bcb644047b18cf0deb1f916c863f126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 09:13:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 207632
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19933
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 09:13:44 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 0535 38 KB
13 KB 17ms
17ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 207771
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 09:11:25 GMT
expires: Wed, 04 Dec 2024 09:11:25 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17864851622750576224/ Frame 7A56 6 KB
2 KB 17ms
17ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca212a6d45038b16f7e2ee85414d0f67362985095eac9dc26a34e96d1ea529b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 84065
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1847
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 19:33:11 GMT
expires: Thu, 05 Dec 2024 19:33:11 GMT
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 06E7 0
0 57ms
57ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssajNTHQ3zQ1VXaQyJGa1eqKKvh4g6ni2YpJh14ybUSdIwShSumiJ3Q76fK1xlzmVHF_3HeWlefLrZ8VcORdr4qQAyMDoaUobMj_d6jAbZ-P5AiPyfWMMjbKBnY9cXj6YO6r9ZKDBOuHnnZL4SzDmZmguxNN1TjumFRHBdLFiNQwePwcWjAmoSjEGU1AwLqTKmzsbnaABF5owKALtPikneBFlmrbkqwUho4IHVz3Vm4uxUW-ZV86PNtOBpAL0SRB3KlIxUqYtnak0FIkWGr7xcv7bG2XqHzTY55q2W-X97vcF9ncDc_sAuXAGV9PU0ALUXHrVVAivyEVujvys0BmvHoVg4loBzqEYLn5ZtCKLw2_7xqw3HGBSnXmgOM8vcaZGwr0MdnMSyGtxVi4AwYaa9X96tloGB9SUZ7-hUlCWIP675VoQ2eSDUQ-y53H9xT3ZSF0VkhslO0TGz6SQoLTNDzPH_Wc7d7OwpUVwZ25jcjMwSrUlkz0TWHf8Lus2oswpESL2cAQiPy0UzN9Xw-wmVzBvKLYpYuTtJcFrH6YgD1KfyhcpS77_wOchVCwRgnTyzD3O4i1CZaRgBohtUSHIbx-ZSPZzifL8exp3CXv_YXA6jAxXhIlmGJVHHQWoBdl9CPtgG_RSdKfFclMidTAOs8zlSV6INmH-o7kA6wSF0UtKsrY_nX2X_7XYRJ-8S7N2Ix0zMLSp-W7VCenQAWJr91eLE0s8bRpg3mpePML5FgVCo0dcS1AUCuBIyP8goloFS6WykkLYyQuvikHYig9a0MrRiD3Gw4d5VIp0OTr47bluyzqYFbhQSlYffY3zlQEmFCkbzScylJMF88oyIoC4l6eXUOJhwlqDUCYtGFdlYuibFJgkdgzpiWdm2E3v49PKQnnL_n1uTbHd5vl-2ginmJzrJpMEvKVdCbZD70a9n75IJsgSrzSFWDWTKBfAJx4Bxx7kl1NNZh7-uIDygxlk-UxtpbQEhD9569Xf-eyVerp-zF-VaUy7_HkiBkad5Dfl0rIFLfcbYnXyrM3d7eNOEoFmp--CZ2y0m4Qci-w0TEZbckacW8lHrakzxpb6slBZ3XBfnctQOaBUh4puq8sbO3cXjGoFHfR_b7IkR4mLFOm3VM59cCLhrlAiY1Cf-TetcH-cvDmCIP8y5glL4MYqhGBdcMiyDPOZTkt3WcVgefLrdUp3a-bVIhJfjuNonWjAmlfumzlnb5-WEt32jvoAz5FGCQU2Zv9-MFQW9Xk14dgrwb4X5VDhCJEVBGlLuGrRM-_1pN7hDfdoVe7EMl7KTGuc4pTNxAc7YXscfN42xAJq1JafNId0cnl-k&sai=AMfl-YRoyfF_5j1-kAbtBaPZAgDxjCsWz2v70SG5DNEaMAHAs2zYlD2kkkqr_AiTAVUpl6e7sr9ugLo4BtJMKdp9KQFj8VVXZbwxbOg3_48zdfC_K5xejmoEjDPA-wB_tee9KmCAlYOdcqmJkCC6tnbVpNvWxo1fAioxwcwseDrnzUSwsgIAj241onTedZwmaeBKVf4yNlBgSRs7LdA_r1Ui7mjl57HlSfNMzXGvNuAo3BZ7aGnAMJPbTvht4E8RsyVwsXXxCxWTkdUCYU27pfZcFiQvnkVdCO0EdTroxW0GdQ&sig=Cg0ArKJSzOk4_5e9XmiMEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=39&cbvp=1&cstd=38&cisv=r20231205.75757&arae=0&ftch=1&adurl=

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/17864851622750576224/css/ Frame 7A56 5 KB
2 KB 11ms
11ms Stylesheet
text/css 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d74871f1d66e7c0230449ab708d05f088e33d578275cfbc2e0d95529b689cfcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173478
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1854
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 18:42:58 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 7A56 70 KB
25 KB 18ms
17ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 653259
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2zuO385B59KVq3OG56ldiU84bPQk0SMA5RvB6LE4tPuuwJlp3Sjao17F86VHgJWqySFW%2BVv2K4wudjfxGn04zBJfKFBLH%2FjdUGNj3IQa9fF%2BRQ4y4JV7dWx8RsXlTYqoljksfQhizlIXYoFNyAfYvcO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 831ef9eaae8d37ce-FRA
expires: Tue, 26 Nov 2024 18:54:16 GMT

GET
H2 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 7A56 7 KB
4 KB 20ms
20ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 819313
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T9%2Bq2qOznvbsPxHVrWg%2Bz88hMgUDJpYS5oKOkfhHmu7n5Jl9x2TwSkqIzZ0Htw1o8xmw1qUvnce5XvkV2okubrwHlwFIoY0xMZy0kII72zxaPMcnIFBLiHbmiRn5TEyagbdWjWWXBX4IzSmfnDxF3EQz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 831ef9eaae8e37ce-FRA
expires: Tue, 26 Nov 2024 18:54:16 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 7A56 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 21:48:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 248776
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 21:48:00 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 7A56 2 KB
806 B 13ms
13ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 13:32:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278479
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 13:32:57 GMT

GET
H3 200 dyson-v15s-submarine-stack.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 7A56 13 KB
4 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson-v15s-submarine-stack.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12ff2ec39651e02b34ee26ae91b66614f3b981e5b8db58feb16115c2b6b201f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:25:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185308
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3980
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 15:25:48 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 7A56 31 KB
31 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dee119ee49ab8771cf531190b1b186a092c709f799baf9ab566a3ca9778ea0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:44:09 GMT
x-content-type-options: nosniff
age: 83407
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31326
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Dec 2024 19:44:09 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 7A56 21 KB
21 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d66ba6bc03128cc3ce96e393fc2b3f7c8bd2e73af8258ae6d6a5e6f2efb9848

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:38:55 GMT
x-content-type-options: nosniff
age: 245721
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21613
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 22:38:55 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 7A56 25 KB
25 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de63bf5ecaf8695bae42a604e9808a63c55b0d62bdb3b4462c1530950772fc27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 13:53:57 GMT
x-content-type-options: nosniff
age: 277219
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25605
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 13:53:57 GMT

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 7A56 30 KB
30 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

263403e6cea55abd488e73b1a3ed6fac18d6b3136572570953b3392504715123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 08:54:08 GMT
x-content-type-options: nosniff
age: 208808
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30924
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 08:54:08 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 7A56 192 B
199 B 10ms
10ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd99a285d81a12f549b741db9604416a669e2ee8accf00cd40c0b0344e9ba63f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:43:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 245419
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 22:43:57 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/17864851622750576224/script/ Frame 7A56 4 KB
981 B 10ms
10ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e24e46459c7d6e73401ab03d015d9819826b4d7e01d5dacb37c0264ebf8f069a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169958
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 944
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 19:41:38 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 80ms
41ms Preflight
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 07 Dec 2023 18:54:16 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523888/ Frame 9CFC 255 KB
76 KB 39ms
34ms Script
application/javascript 99.81.22.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523888/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-3726015810391051&ias_chanId=1&ias_placementId=20492285957&bidurl=http://pencil.evolus.vn/&ias_dealId=&xsId=ABAjH0gsYNviXHDb4EKlRNTvyvZk&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gsYNviXHDb4EKlRNTvyvZk
Requested by: Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.22.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-22-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0387fa979fd13621f1c120729dc0ab30f073adf2aced8f1c88df789ea0c7e0eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 9CFC 111 KB
39 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:51:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82970
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:51:26 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/ Frame 9CFC 11 KB
4 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bdy-ZdixeUvPQgBOe9cfSTfRl4Q_0fEvP2mBwYY2_NsN03bTXhAMmZ4odg-vKhyqlka-7rgGxRp9u6Wy9ATZaK4Dq5st8Js8bCU_40kCO5IRYFjdyWDqmICPrB4QB6LezjPQPuk13ERAI9xjamEF8MFrCshe96PNrYgaNzF_lkO9A7X1U&dbm_d=AKAmf-DuFApOnAV1eAo5a9Ds5T2HENIx2dxfU9kLG7__AxH1r_sG-R3mCDnpjUET4uz1kFKWUWknBRucKT7fUa1KC2o7PiDS5ab3FLbOkdmAD8suGD7OHTskzqLoSnOa6s3F_t5x6HNn_v968j32i72ZqhXUB8Eqx67dGOk_nUfxNRkDvhvEHHOmYahU5Riqnsi74M87FlsYWJe_P0jfPXfoQRMF7R4SWHw9wUdcquVPuFwwm1o2_CWQOgpiemLmJzxEWfXGGaVvW0ZNce1NvkkKhMd87XohgyfKclJy0QHoAWpWPZeavFj2kU_8bhMUuVMQyk_xSfPx85ALVbxYBd2ViKvBTEqKwXrHtV4C3nrJRQp9Ww1GQx_ztO7KAlWWmyV0ksxZWbd91LvGQIPlPVYQ23Zex0GiYkcAs96nFejPNyg6skxUf2MW4hLTFsHrTgKvwfUfOLxvsZKIPDL50DS3WBDyUOuoRfiG0XwVIfq3HZTEsvydlPoPmqTQuK0qJZp68Qxj1r4WNw8CeEFvbpsfxZJc4tv98UFENBkWFaIaVM1vVTD6M1r65n_A_8TJ5ayO78l4v32Kk7TweA6YTiXr-8kSe1CVE5wheFKwD38D-CBTbRTT8V6Wu3s5XxCNCA3NxYlSdypp4XT30aPGUMc-rEB0uU2RQIZ4xt3HQ7CC4CGQCWapiOgS-VUxNjxFMpjLW2LOeXdajOliICRD6CdutERtNLBX9A19F2q1ztsU16Pt6WwaCH_BBe4JdBFTD7yozPQr6G_Bx8GGw6gcT0yPsHxIINIIB1veg6oA5wm40ir8AMI5-ACYrLNXyQ7pORR2P6IrCezwR0VjGdrJiEiBbxAp32geXFtNJMdb83yOobtNtNXdp65RplALU8a6mV8txp5gK8OE_Q78oNiybLssxdLr9xFfMuZXyvjW2GtoVit6LVg46_PnxyhDaOhtXp2L4CZs-fUapCJwHYCjE_LkcPR2ykr4IYNTjVpv5-LZP-ZEMX8pJYmga9hdh4PL0xomiVQdn3pNdjJDBHnhliyOt96aKvY07IoAdXeULzHQkbQPjOneCgHgpKUKtiuIxHrBITZA2oH1ogg4RlWeL-JEmC0xsarXIDAXGW8DnTCEVz9sMM3DD21syH0raHXpg-rqLkYlFJoG5LGuMsOmrDgPLyxzKpdLMgX7atMjgFFjgJqOfpXIadxJeT056DN3E1zlnHatdLYURKg9Fz9hDJi77k39Eje3u1Mc3NjzWN32u6AjUvfC5RPKJbaKhRIagnYxqkhzHcxg4TF0cOctqKo0f7exvTSbLVaPbPajubKAwehR-zFV8EyPFYNsOcspoCF07dWn8NAY-ZVZWDbKEu7MVfxGH4mnYg8d9VZPO7NnJGFCRSBhLsqfi3H_phg6KVzkyrn4GDwIe6BuA7nLIXwuwvs7Q0UzfnLis3ZJkrh2TDzNIAz0AswInEtTPsAqGneytEvbAeSWCBoRtvE-5dVsQEAPgRzWXsYUrlW3MC7GvqAM5Wa0WVuDBQycf2QLwsiVd6FRsnJWtwxihRxpVe3xWpWS0NrCadC1M6aav-LlyaOYScu7R00qLhuKhwLdKFKS4qNkeT6LAc9zLtM3f0_VYvv_SxmfmLvDJd6Xxl34WpxKA_E6N2Yb0BHspYKQtRqk7EvSqPbWqwMNYbD7a6IXP2_j8tJdlP7A8hHvXNGgyayJtPoSpLk52Vx2GUk0WwxSzJLc252_Kzhf1_4Sy-dL_hr7UxPnq83OIK-JqsP62nEugrs18E1vdTGBgekS5Guap6evXdNauyUVxuFcmK612qvf2azN_frn7NoGYn8Fzat6m4zpaUwoZ6WkD0v6zWhZsafypAJsUcbcuDyXiwwAfPkqQGt4ZruXhQfP7MICMjM7etgrbD19jphk93DD_FUJabLOaCdmVoC2BZeuRAeRFDngPrUGKwJvNH7uybsCJwNtt5bkJKBe_Ck3y45vF1gJb0oIZQtUiMaJ2N4vDW-ZaIUxYDckWxrrmjIn8sqXJ9KRNjDEmjcd-d1Cnwr6COqdSEoS_2njg48zx2iW7SL39Mbqdqe2SB1BxksKHFylq0L0KqwpWeG7ge1eiP9sEVMBV0mzLl-H51ijgs7Rsu0D4JtTYvS5luUfZkTf2v3zTi9g4ehLiDkUOCdlBJ4BDzm_KbKL-Vv_iXLdWIj8H9gTQzCTV4GlkYZeimHwWSkCKsx1e_oAHWv2Rw17nt1fu6KUTdvrpdJVRSA1iPXXsXaePgABsKUsVUekpLkQ7rKrIChHTi2LgZ6TfKMp4eSoCSBD5k2v8ZJpYpO9U2bdpY7DQoUkLyd2sGwzkM0YtzmTB-jy4ccAKwqGLJrgIHmIqB_CfGsCFSheY0UG-8JSjGkXuDbV7STY3163yuUikJ8vl0FA-U5-ylnrxSr8ccoQdIaa1kzmsbrE_UHIPBFbkVyMueLZ0rsv9aWjDts6JnY4WPGy7M9Nbf5Y0Zz9amPr9dprAt-fhb6csZLX30PTrBzMFNFUKPhHg28z_vlC1qEJTcW9xR6ISntmIPsFhVI722lRZm0xIgFHHETOY1OVH83IOHMXM2Ok8vsyt8fDfB59QH8pzcJ8fNh7ZWlkwJhRc7R3wXKdrnY6elQUjQSJcJLV0NnZbDnN6Ai03ABvB0atyeVKBpWAze7HKJCMUmiQ3HDD6TeO5AYh9eRRi0z1JdhdMDWuOU2E1i4OhJ-mzaJIXMHiFxQlcgRZB9xuLZS_tZ9DHZ_RB1VcmBeDu9XaCYoZz4CbnjWRNXgZe-4_6LVO2cfkRhAhJ8l7Auq-iZbNeaXR5FDWkWW6IKNMasdnmuLQQd52JWw0B3V0zonGbAZ0C8qN-Gy-As-UeT_BLi5TB7E3u-3e9_y6kLxFjTdWIHbas3pFgSWC6W0y2CgSJv9VXycb9fAZ60X8Sb0EoV1gw_f2N1SqzNModaFeabuaVQ9_mDJHI7DpLj6SrkUZrQ40k4ROYA6WYS9Z9Lv_4-5MdWngaeM74yDIHB2UfYe4ZkHHX9UeF_ZIfAvL3hOyNwqFD1Hv6FQV3FZ-63Q8GMvCF56wivOc4HqAl13sruyxZg6IWZq1TniU9LanvEo5YOCbbAv7EyU2UVYoUq0JixEDD5ncycub6h8pRROjEiFtLbgWfRBq253hGXxFlsSPiz1agrKNlyi6tizjEx5rM8hpkkHAYy8CLLA9TGb6Wpw_dGNtG4wI2hScrbJJP1SYP0F9gpzVtCKeg1NYBzYOz5GsDPV2q2zPmEllMJXxXC3u5W_NFOIU99G6fdSLrjXO-uVl6xVv1CGcUsLrm0pcA5X1rIdiRx9CizBkqJXJxLY53GRMeQ-Hm-t91KPBpc9f-fW0MbVXLrZV8WEDWWL-D-50olLoTD_ItxSkWP7EpcZxCR2FufkDaxUgBUsYvEvOl4bTcuB15Xejc8wvHwRgmce6n2kr37AZd7rbtZuXVAKo4JpPA47LcHn0sMvrM7BNJhUjhZgHQ2PTHft8WM-E7QMObwCBhov0Oc6qrNtiI_3XMIzTkqOiMczWGlL6JGNOrXTxrnC2allJX5SwEsLxVUuwa4FBNStXuHjxQ7U4HVNEsY2hruVrNsyHtOI0pHielAe7U9xFN39L9wjfqpqhPMgUf1b2xWyursD6&cid=CAQSTwDICaaNkhjqKmWEoy-RgtocTZM6nTY3UB_M8qMRdsZ99oUwfjwc0qthLCs9RbVInd5f0ldTyshJFSCbAhJH-kIj94VldtLFNrTLWI4rLGsYAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fpencil.evolus.vn%2F&ds=l&xdt=1&iif=1&cor=9031662042013054000&adk=1761367584&idt=222&cac=0&dtd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:50:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11035
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:50:21 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/ Frame 9CFC 31 KB
12 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:54:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10781
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11943
x-xss-protection: 0
server: cafe
etag: 4141415479739543000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 15:54:35 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 9CFC 41 KB
14 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 521348
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 06E7
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523888/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-3726015810391051&ias_chanId=1&ias_placementId=20492285957&bidurl=http://pencil.evolus.vn/...
https://static.adsafeprotected.com/4.js?xsId=ABAjH0jZfQxIeP89got6oE7AcRF-&ias_xappb=&adContainerId=brand_safety_2BRyZeC2JLXtx_APt8K_6A0&cbFunctionName=goog_wrapCb_2BRyZeC2JLXtx_APt8K_6A0&true_pb=

1 KB
1 KB

16ms
15ms

Script
application/javascript

2600:9000:237d:3600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?xsId=ABAjH0jZfQxIeP89got6oE7AcRF-&ias_xappb=&adContainerId=brand_safety_2BRyZeC2JLXtx_APt8K_6A0&cbFunctionName=goog_wrapCb_2BRyZeC2JLXtx_APt8K_6A0&true_pb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:237d:3600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:45:50 GMT
x-amz-version-id: dZV1qYWLtZJQETG4KzZq1jUYDpTMrU_G
content-encoding: gzip
via: 1.1 beaace02cc7004781239800a1c484ca0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 507
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 07 Dec 2023 18:45:48 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: b1Lhl0QRo1NZscXLX71fmSJwaPJj4Gt-S_9K3j4F8u34YuyJTOIJdg==

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: app14.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?xsId=ABAjH0jZfQxIeP89got6oE7AcRF-&ias_xappb=&adContainerId=brand_safety_2BRyZeC2JLXtx_APt8K_6A0&cbFunctionName=goog_wrapCb_2BRyZeC2JLXtx_APt8K_6A0&true_pb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 5253 91 KB
23 KB 14ms
14ms Script
application/javascript 2600:9000:237d:3600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:237d:3600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 beaace02cc7004781239800a1c484ca0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 6720306
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 96qQG0oRsOIOT1b8GfjzDKTl4iUJofHd8RRxP6TOOjbGazeNzmtkFg==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 06E7 43 B
215 B 178ms
177ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=76459858-f7ab-e679-3d9b-03cbe66a9e77&tv=%7Bc:w8TmKH,pingTime:-3,time:36,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:12%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:36,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B32~0%5D,as:%5B32~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJd1+111%7C112%7C113%7C114%7C12%7C1311%7C141*.1627455-73523888%7C1411%7C1412%7C1413%7C1511%7C161%7C162,idMap:141*,rmeas:1,rend:0,renddet:IMG.us,siq:13%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 06E7 43 B
215 B 177ms
177ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=76459858-f7ab-e679-3d9b-03cbe66a9e77&tv=%7Bc:w8TmKI,pingTime:-6,time:37,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:37,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B33~0%5D,as:%5B33~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJd1+111%7C112%7C113%7C114%7C12%7C1311%7C141*.1627455-73523888%7C1411%7C1412%7C1413%7C1511%7C161%7C162,idMap:141*,rmeas:1,rend:0,renddet:IMG.us,siq:13%7D&tpiLookup=ao:pencil.evolus.vn%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 0535 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:17:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 13:17:21 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 06E7 43 B
215 B 176ms
176ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=76459858-f7ab-e679-3d9b-03cbe66a9e77&tv=%7Bc:w8TmKO,pingTime:-2,time:43,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:389,beZ:390,mfA:392,cmA:393,inA:393,inZ:395,prA:395,prZ:398,si:402,poA:403,poZ:416,cmZ:416,mfZ:416,loA:426,loZ:428,ltA:432,ltZ:432%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:12%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:43,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141*.1627455-73523888%7C1411%7C1412%7C1413%7C1511%7C161%7C162,idMap:141*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,siq:13,sinceFw:29,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 288D 38 KB
13 KB 8ms
8ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 207771
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 09:11:25 GMT
expires: Wed, 04 Dec 2024 09:11:25 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17864851622750576224/ Frame AE03 6 KB
2 KB 8ms
8ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca212a6d45038b16f7e2ee85414d0f67362985095eac9dc26a34e96d1ea529b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 84065
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1847
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 19:33:11 GMT
expires: Thu, 05 Dec 2024 19:33:11 GMT
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9CFC 0
0 53ms
53ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsux9F0W12yxOe6sRYCzV5ybelZJw1nGBEx4NSJ07yjdn3J5v54DVFkP2QNRwXxZi8BrstfeB4AGrv4KhsnBtEvZ7DGzMzyuzX6wmOz4-3nKp6OFtuTjmfbzUiJud36KzUjGC9QE8Whe67DGkGxEYQcjHzLBbuw6Y2i3SaJaUF1ZLwzIhx0WSnYdYHpzNG2AOGVJ8TMv1uwx3_eBFBqBP6UDjoN3M6_WfDQqTLI6xRd-MoOt-bW2-_QY3TOwJL2tes2E5TTm55I39VVfgMqwZu_Bt1JCAqQTVuMew_iLbmw13lwiN_0tOa_5DYL2D2npe-WQJOO7YmU4h5o168_P2XB_T9EXL6wcUQxYkP9ngE7dWti-SY61S-JJ_cBmJA3oFXL_zco8mokHKlAIQMRXQr_v40weX6ZJ77LjiNkmRQyQG-PP-5XfB82WvLC23XxeJOU1k4QfysCUOSOhTx43C6f01-QFgmAKESFv2dJ4sTOWjikcke-1RqF2OJ5NDNn1XCxx6npCa_DiU_j_PF63mamg7OPd-ZFICvFeNMlOD_ac2BxdL9i9ENClMXURdgLfEPoVnWmq0o6fTtk9x6hq68HEx6GyO-08hx6iDkkUQghZXPEewelFDRFlaX1Fzcg8OZujE-vgLWaSLfG6SA7ucMiHdqdC_iUaLtmPY5qBftNRG_lN0-b_580ZP-GZ4LdPigx3qkngwy6tyOeciKnZljlnT6ItCEXkKoX0SuKE3MZ_6WXKvAWuywNNsJX4ihGv2gJrEf-0tJ9KzXzmYZlEpjXuGOC_2BWTHt4WPzwm8vgsGBVp0EOoVi2vwepDWBD0ieP75pJBvATpMV7xwnAYgWgiMmLRbDrfY_8BxfFWew_jy8B4ztL0RLUa9SRSWn6njwCra7cf_Dz_iRvlwvqWiiITsl7EyzcbdMHKn3i9J8xnE0RrM0NWVa1J6re8hR-nZJ21-Wx-sZy3t7SCVbDQaFnSzzV3J9EC1pKJvrBo9dgtJQcWln8o8mgaLzxlzN4hmrX-mYeMmvfKomhEOv4q69CWe83eNAZrQZOJcTG0b8i-jSl1E7bCE51VOi3syuf0ZPa34rHwVYo_PZrMPCnOkiH3r31b12Y6bT0YJ06PnaAfHXc9RRl93MXuiaKYaUQF3bDSIa3jOobnHPzwMNR9Ygvkvr5hFQyCCx34JL7-QDu6KqCcynyYtbuM62170A9WHPgVUgAFs5rGgsXTVipzGwMGbqN5tujWsaQkbdLvtUMtK1oGE1vYIFvqldc7poGU9K046GVXE_4dNfvEwwt2rLLrtqQrB7YSHZi5YNZxpc90vkJqG36grGBO0m0&sai=AMfl-YS6UdOV1wP1raZwDuo5NNwpt07lxjkXUZz5Mk3jPfFiNAmiXJll4FfKTQ2piX5Y6LNzxu0Whaqz6Sj8d2MaPmOCdV370CyzuCAbOhXApHHgu9iC5jHu-mCHKMirZZWWL-bm2QD_RwWQmQNYgHMnsN1E91eUYl0DejY0BydTn6G3GEmsDHRP7cKASlNo1sZI3bv1regpHAE9dgGDyOGGkF3nHpJTxYQ5MNw8SBmhyTCSXmVRHTQitRBbpFHDG230XlliAc5Yd1yjxtu4Pc7JZlbZg3CxnaTBBt3jghGqqQ&sig=Cg0ArKJSzNmxfsizIOK8EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=67&cbvp=1&cstd=66&cisv=r20231205.70502&arae=0&ftch=1&adurl=

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/17864851622750576224/css/ Frame AE03 5 KB
2 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d74871f1d66e7c0230449ab708d05f088e33d578275cfbc2e0d95529b689cfcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173478
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1854
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 18:42:58 GMT

GET
H3 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame AE03 70 KB
25 KB 20ms
20ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 560637
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FcAcCCelsJG%2BQ9UVE943q9D%2Fc9E4trWQJR5nAZNtOm23cw9O5SYeQJLG%2Fm6nEv4U3ZmmYL9HQagtXoJPGEsuVHSPGSm3lNhUNDyMhxF1hM63rYsWHmWe2dcU6mI04X0oHwbJFPdSGAhnjp7jCw0RZl0B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 831ef9eb4f699b28-FRA
expires: Tue, 26 Nov 2024 18:54:16 GMT

GET
H3 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame AE03 7 KB
4 KB 29ms
29ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 652781
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MCSrjmBsm%2BCJrIpjS5S5dGTLQHOFNSN9GgOWwY0jMBQZ3pkP2zk2R1SwpWBuF5EPtSZltUh7nOKHkNuBIbrHTJcGBihs%2FsCC8C8%2BrEAjaLwrqS0zEngJSLW12a%2FvNes01tadmemKP3Ue3VpC7hwB5%2Fhh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 831ef9eb5f6b9b28-FRA
expires: Tue, 26 Nov 2024 18:54:16 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame AE03 2 KB
1 KB 8ms
8ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 21:48:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 248776
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 21:48:00 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame AE03 2 KB
806 B 9ms
8ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 13:32:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278479
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 13:32:57 GMT

GET
H3 200 dyson-v15s-submarine-stack.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame AE03 13 KB
4 KB 7ms
6ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson-v15s-submarine-stack.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12ff2ec39651e02b34ee26ae91b66614f3b981e5b8db58feb16115c2b6b201f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:25:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185308
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3980
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 15:25:48 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame AE03 31 KB
31 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dee119ee49ab8771cf531190b1b186a092c709f799baf9ab566a3ca9778ea0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:44:09 GMT
x-content-type-options: nosniff
age: 83407
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31326
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Dec 2024 19:44:09 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame AE03 21 KB
21 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d66ba6bc03128cc3ce96e393fc2b3f7c8bd2e73af8258ae6d6a5e6f2efb9848

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:38:55 GMT
x-content-type-options: nosniff
age: 245721
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21613
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 22:38:55 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame AE03 25 KB
25 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de63bf5ecaf8695bae42a604e9808a63c55b0d62bdb3b4462c1530950772fc27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 13:53:57 GMT
x-content-type-options: nosniff
age: 277219
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25605
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 13:53:57 GMT

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame AE03 30 KB
30 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

263403e6cea55abd488e73b1a3ed6fac18d6b3136572570953b3392504715123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 08:54:08 GMT
x-content-type-options: nosniff
age: 208808
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30924
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 08:54:08 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame AE03 192 B
199 B 11ms
11ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd99a285d81a12f549b741db9604416a669e2ee8accf00cd40c0b0344e9ba63f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:43:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 245419
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 22:43:57 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/17864851622750576224/script/ Frame AE03 4 KB
981 B 11ms
11ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e24e46459c7d6e73401ab03d015d9819826b4d7e01d5dacb37c0264ebf8f069a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169958
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 944
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 19:41:38 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 06E7 0
0 49ms
49ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssajNTHQ3zQ1VXaQyJGa1eqKKvh4g6ni2YpJh14ybUSdIwShSumiJ3Q76fK1xlzmVHF_3HeWlefLrZ8VcORdr4qQAyMDoaUobMj_d6jAbZ-P5AiPyfWMMjbKBnY9cXj6YO6r9ZKDBOuHnnZL4SzDmZmguxNN1TjumFRHBdLFiNQwePwcWjAmoSjEGU1AwLqTKmzsbnaABF5owKALtPikneBFlmrbkqwUho4IHVz3Vm4uxUW-ZV86PNtOBpAL0SRB3KlIxUqYtnak0FIkWGr7xcv7bG2XqHzTY55q2W-X97vcF9ncDc_sAuXAGV9PU0ALUXHrVVAivyEVujvys0BmvHoVg4loBzqEYLn5ZtCKLw2_7xqw3HGBSnXmgOM8vcaZGwr0MdnMSyGtxVi4AwYaa9X96tloGB9SUZ7-hUlCWIP675VoQ2eSDUQ-y53H9xT3ZSF0VkhslO0TGz6SQoLTNDzPH_Wc7d7OwpUVwZ25jcjMwSrUlkz0TWHf8Lus2oswpESL2cAQiPy0UzN9Xw-wmVzBvKLYpYuTtJcFrH6YgD1KfyhcpS77_wOchVCwRgnTyzD3O4i1CZaRgBohtUSHIbx-ZSPZzifL8exp3CXv_YXA6jAxXhIlmGJVHHQWoBdl9CPtgG_RSdKfFclMidTAOs8zlSV6INmH-o7kA6wSF0UtKsrY_nX2X_7XYRJ-8S7N2Ix0zMLSp-W7VCenQAWJr91eLE0s8bRpg3mpePML5FgVCo0dcS1AUCuBIyP8goloFS6WykkLYyQuvikHYig9a0MrRiD3Gw4d5VIp0OTr47bluyzqYFbhQSlYffY3zlQEmFCkbzScylJMF88oyIoC4l6eXUOJhwlqDUCYtGFdlYuibFJgkdgzpiWdm2E3v49PKQnnL_n1uTbHd5vl-2ginmJzrJpMEvKVdCbZD70a9n75IJsgSrzSFWDWTKBfAJx4Bxx7kl1NNZh7-uIDygxlk-UxtpbQEhD9569Xf-eyVerp-zF-VaUy7_HkiBkad5Dfl0rIFLfcbYnXyrM3d7eNOEoFmp--CZ2y0m4Qci-w0TEZbckacW8lHrakzxpb6slBZ3XBfnctQOaBUh4puq8sbO3cXjGoFHfR_b7IkR4mLFOm3VM59cCLhrlAiY1Cf-TetcH-cvDmCIP8y5glL4MYqhGBdcMiyDPOZTkt3WcVgefLrdUp3a-bVIhJfjuNonWjAmlfumzlnb5-WEt32jvoAz5FGCQU2Zv9-MFQW9Xk14dgrwb4X5VDhCJEVBGlLuGrRM-_1pN7hDfdoVe7EMl7KTGuc4pTNxAc7YXscfN42xAJq1JafNId0cnl-k&sai=AMfl-YRoyfF_5j1-kAbtBaPZAgDxjCsWz2v70SG5DNEaMAHAs2zYlD2kkkqr_AiTAVUpl6e7sr9ugLo4BtJMKdp9KQFj8VVXZbwxbOg3_48zdfC_K5xejmoEjDPA-wB_tee9KmCAlYOdcqmJkCC6tnbVpNvWxo1fAioxwcwseDrnzUSwsgIAj241onTedZwmaeBKVf4yNlBgSRs7LdA_r1Ui7mjl57HlSfNMzXGvNuAo3BZ7aGnAMJPbTvht4E8RsyVwsXXxCxWTkdUCYU27pfZcFiQvnkVdCO0EdTroxW0GdQ&sig=Cg0ArKJSzOk4_5e9XmiMEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=187&vt=11&dtpt=148&dett=3&cstd=38&cisv=r20231205.75757&arae=0&ftch=1&adurl=

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 9CFC
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523888/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-3726015810391051&ias_chanId=1&ias_placementId=20492285957&bidurl=http://pencil.evolus.vn/...
https://static.adsafeprotected.com/4.js?xsId=ABAjH0gsYNviXHDb4EKlRNTvyvZk&ias_xappb=&adContainerId=brand_safety_2BRyZbaWKvbox_APgsqD8AY&cbFunctionName=goog_wrapCb_2BRyZbaWKvbox_APgsqD8AY&true_pb=

1 KB
1 KB

13ms
13ms

Script
application/javascript

2600:9000:237d:3600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?xsId=ABAjH0gsYNviXHDb4EKlRNTvyvZk&ias_xappb=&adContainerId=brand_safety_2BRyZbaWKvbox_APgsqD8AY&cbFunctionName=goog_wrapCb_2BRyZbaWKvbox_APgsqD8AY&true_pb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:237d:3600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:45:50 GMT
x-amz-version-id: dZV1qYWLtZJQETG4KzZq1jUYDpTMrU_G
content-encoding: gzip
via: 1.1 beaace02cc7004781239800a1c484ca0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 507
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 07 Dec 2023 18:45:48 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: EvVANMbQ4upcSSNQHY1SkYKo9esHopPGkJRel1InAo8CjQ5l8uGzPw==

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?xsId=ABAjH0gsYNviXHDb4EKlRNTvyvZk&ias_xappb=&adContainerId=brand_safety_2BRyZbaWKvbox_APgsqD8AY&cbFunctionName=goog_wrapCb_2BRyZbaWKvbox_APgsqD8AY&true_pb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame BC41 91 KB
23 KB 18ms
16ms Script
application/javascript 2600:9000:237d:3600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:237d:3600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 beaace02cc7004781239800a1c484ca0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 6720306
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: n9gmRX_ZtTtKMJr8_mEfvac7EQDN7biBvxBs4QJPTIGcG_VTZktxzA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9CFC 43 B
215 B 176ms
175ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=29d4eb7e-4535-aa0e-3d2f-2bc1c641d513&tv=%7Bc:w8TmM0,pingTime:-3,time:46,type:v,im:%7BpBlk:31%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:46,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJea+111%7C112%7C113%7C114%7C12%7C1311%7C1411%7C14121%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C1512%7C1513%7C161%7C162,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:18%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9CFC 43 B
215 B 176ms
176ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=29d4eb7e-4535-aa0e-3d2f-2bc1c641d513&tv=%7Bc:w8TmM0,pingTime:-6,time:46,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:46,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJea+111%7C112%7C113%7C114%7C12%7C1311%7C1411%7C14121%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C1512%7C1513%7C161%7C162,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:18%7D&tpiLookup=ao:pencil.evolus.vn%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9CFC 43 B
215 B 176ms
174ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=29d4eb7e-4535-aa0e-3d2f-2bc1c641d513&tv=%7Bc:w8TmMa,pingTime:-2,time:56,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:451,beZ:452,mfA:454,cmA:454,inA:455,inZ:457,prA:457,prZ:464,si:469,poA:469,bl:483,poZ:483,cmZ:483,mfZ:483,loA:498,loZ:499,ltA:507,ltZ:507%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:56,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B52~0%5D,as:%5B52~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141.1627455-73523888%7C1411%7C14121%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C1512%7C1513%7C161%7C162,idMap:151*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,siq:18,sinceFw:38,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
server: nginx
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 288D 39 KB
15 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:17:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 13:17:21 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9CFC 0
0 48ms
48ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsux9F0W12yxOe6sRYCzV5ybelZJw1nGBEx4NSJ07yjdn3J5v54DVFkP2QNRwXxZi8BrstfeB4AGrv4KhsnBtEvZ7DGzMzyuzX6wmOz4-3nKp6OFtuTjmfbzUiJud36KzUjGC9QE8Whe67DGkGxEYQcjHzLBbuw6Y2i3SaJaUF1ZLwzIhx0WSnYdYHpzNG2AOGVJ8TMv1uwx3_eBFBqBP6UDjoN3M6_WfDQqTLI6xRd-MoOt-bW2-_QY3TOwJL2tes2E5TTm55I39VVfgMqwZu_Bt1JCAqQTVuMew_iLbmw13lwiN_0tOa_5DYL2D2npe-WQJOO7YmU4h5o168_P2XB_T9EXL6wcUQxYkP9ngE7dWti-SY61S-JJ_cBmJA3oFXL_zco8mokHKlAIQMRXQr_v40weX6ZJ77LjiNkmRQyQG-PP-5XfB82WvLC23XxeJOU1k4QfysCUOSOhTx43C6f01-QFgmAKESFv2dJ4sTOWjikcke-1RqF2OJ5NDNn1XCxx6npCa_DiU_j_PF63mamg7OPd-ZFICvFeNMlOD_ac2BxdL9i9ENClMXURdgLfEPoVnWmq0o6fTtk9x6hq68HEx6GyO-08hx6iDkkUQghZXPEewelFDRFlaX1Fzcg8OZujE-vgLWaSLfG6SA7ucMiHdqdC_iUaLtmPY5qBftNRG_lN0-b_580ZP-GZ4LdPigx3qkngwy6tyOeciKnZljlnT6ItCEXkKoX0SuKE3MZ_6WXKvAWuywNNsJX4ihGv2gJrEf-0tJ9KzXzmYZlEpjXuGOC_2BWTHt4WPzwm8vgsGBVp0EOoVi2vwepDWBD0ieP75pJBvATpMV7xwnAYgWgiMmLRbDrfY_8BxfFWew_jy8B4ztL0RLUa9SRSWn6njwCra7cf_Dz_iRvlwvqWiiITsl7EyzcbdMHKn3i9J8xnE0RrM0NWVa1J6re8hR-nZJ21-Wx-sZy3t7SCVbDQaFnSzzV3J9EC1pKJvrBo9dgtJQcWln8o8mgaLzxlzN4hmrX-mYeMmvfKomhEOv4q69CWe83eNAZrQZOJcTG0b8i-jSl1E7bCE51VOi3syuf0ZPa34rHwVYo_PZrMPCnOkiH3r31b12Y6bT0YJ06PnaAfHXc9RRl93MXuiaKYaUQF3bDSIa3jOobnHPzwMNR9Ygvkvr5hFQyCCx34JL7-QDu6KqCcynyYtbuM62170A9WHPgVUgAFs5rGgsXTVipzGwMGbqN5tujWsaQkbdLvtUMtK1oGE1vYIFvqldc7poGU9K046GVXE_4dNfvEwwt2rLLrtqQrB7YSHZi5YNZxpc90vkJqG36grGBO0m0&sai=AMfl-YS6UdOV1wP1raZwDuo5NNwpt07lxjkXUZz5Mk3jPfFiNAmiXJll4FfKTQ2piX5Y6LNzxu0Whaqz6Sj8d2MaPmOCdV370CyzuCAbOhXApHHgu9iC5jHu-mCHKMirZZWWL-bm2QD_RwWQmQNYgHMnsN1E91eUYl0DejY0BydTn6G3GEmsDHRP7cKASlNo1sZI3bv1regpHAE9dgGDyOGGkF3nHpJTxYQ5MNw8SBmhyTCSXmVRHTQitRBbpFHDG230XlliAc5Yd1yjxtu4Pc7JZlbZg3CxnaTBBt3jghGqqQ&sig=Cg0ArKJSzNmxfsizIOK8EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=180&vt=11&dtpt=113&dett=3&cstd=66&cisv=r20231205.70502&arae=0&ftch=1&adurl=

Requested by

Host: pencil.evolus.vn
URL: http://pencil.evolus.vn/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0535 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BdOOV2BRyZeC2JLXtx_APt8K_6A0AAAAAOAHgBAI&bg=!pKelp-jNAAY3kmNgF5I7ADQBe5WfOPQgL8HK2gJWDcxQAWqg4HRxdh6Jdjqp21YlGCbxJ6DJgzjllP7hWGMleSiky85IAgAAAH1SAAAAAmgBB5kDOYy3Z9NKBpE-mMMmRfWDx9pwgXD0ic2cT11bgqZd8F8Bhi_Xj-4gcxAdAiTD4PxTXzPSttAbloLpp_9ZyzZ2rB1Pi1guIcdFA1PX5l_3JluE0Y9cftPo9deL63IDwJSasCUzAdS2IyiqmfRUmCIpZqDlwdS8gycSn8TALxhFjMgCFpGDb1tW39X7_taLsEUDeYBg3Z1nKZUM7PSG4Aq-nXu4w3H-TcMjw0GWBtyK-lUua4mzSWpUpHgdyAN8npo9Og_y-9QrdaKPFxePVc0bT_QLQOdBnAaY8sYXFuC0xF0dVv8GJP75Bs4W7d4brzkJTtT1q0u8IEe7cYx7bK63AZjcdMywD0E6UNDK1JAxrcrE1wq_-_8MfYdcjREcln6Oe-ervrHCNW8DMqas8ubhL-teZSFEvJ99ni23gkvLV3Rc2ucEGflwckM6QraIz1egKzh04Q5BF-p4TABSXE5T-7YKa6ShTjH4imp74kzxmJhwne62hnhcvOsHH1E3rIGCbOQrb2oUsAg8Jqj-j910vHFzd7CzXla2w2YtcLmTm_d4Zb-SeebG9cw4RMFIeh1URmnhF1sDig7RoBHvKj_3aLufbTG_45uhfHpvQ4YqGH9HrUcUJvd_qQG_3-OpInAe7sVL_ozTiRuaCa9Pg8ON0HjEXBpl3VJo5vkkn6nToSsUH2CtTfN_HXH1Bt76eIcHgUpfY-dtUiQODJDuHG3Cc7G8Ugk_EyzeH0MrHqD3Ts8NanuGcPeRYv_fU1wgtRoLV1shVRGioqb-YMTgpOkuNX4ro1dxKEjw3pLD0RpPHlQqj0TiFL0i50wXDiDtkJZ_RVTSxL7Pm_cUtd0KkpFI6dz62uTwou5rPFeI9y_8Xxl5JKHdJiLuEOKKMQ1XZeRvuh16APE4AuQ5dOsIn4Ff0bS4vAbJCAuqmLJ-iM_1XsdS22rCPW9-qIfl6i0voMThElyAysSulqq4SP68t4_AlSa0QydLeuhKEVKJXVHfuyLB7IZUHKA2VIg7tjiqhoN2722Kztp1Npd12-syq3WcLiSF50jvOa55s3PW7aLZE75vJnaMXf4TSZWkSW-5RfP1m3Bu2IWGhs3-fQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9CFC 43 B
215 B 179ms
179ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=29d4eb7e-4535-aa0e-3d2f-2bc1c641d513&tv=%7Bc:w8TmNF,time:149,type:e,im:%7BpWait:21%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:149,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B145~0%5D,as:%5B145~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141.1627455-73523888%7C1411%7C14121%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C1512%7C1513%7C161%7C162,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:18,sis:101%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:17 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 288D 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BW79x2BRyZbaWKvbox_APgsqD8AYAAAAAOAHgBAI&bg=!q6ilqOfNAAY3kmNgF5I7ADQBe5WfOPpjDZuKsLQgWI_NdEX7qCRpFQg001vQK9faQSC0ystRTAdRxDxxst3xvUypsA8dAgAAAEdSAAAAAWgBB5kDR4p5STbCZ6tcPxrxNWlqjfyk69QjTCH0oA9w8lYTy0qzPbiLmvpitHMqB8BlL96auY0TjcebYet_b-rUxIdH9q1-E5wiFjvw1VGmqK7nX4VPI6qahPwFP53eA4ASgvGtRpgNbUWiTbQI7x6p-jlvuyfXunwT39cSnvJH8y4sGXg9lw2wByOvtlULQgiDLpqaHD9Bxo6WM9RmYsLIAr5HnaMQUXmN-KS7La0B8AcNE1_jkUc2XzCWnRrZ72Jzo8WriZxHprOPvm5X481RS6mjqgaG-7KbxXvyq6P2C429zl3vqmtu7M2OMQXBmqvopfGTFWIXUF7O6ORCo1U48YesS-PaEdyuLEqK7Reuq54q3mPpb5-9hT6fCzHkdicPpSvbYY9Qt5IR0KRLLtwuOkFT5D6VybcOPk8_i-SN2PvbJx-NbVsST3KCWztAXNqARdnl1rvMCCvJZofbeTwUMcP4sGLt6fuAzmQ14rXlQ5j-KHscovZLE60pvfMyorBDhlLUT4kRRi3ihq_Hhv9eQPmXKQTTBAd7N93g2h1YZ6iwtID_PhHqQv42yBqT-AN-ZLiOqCf5ZfLAmyOfC8KAPlcZDEKXzd6E7CRqCjLhhCndkvAK-rhdiJsFJo4gssr4oEDclG0tQfXqybDKKsje16roeYTyUV9d_E8JE_DfrlMYTbmyln7HW7pQWUIDfBs0rhmn586v8UVmWmHwVEJ1mQHPOLT4B2ajefRbACnlJnEx8MXQcOstb042GxcpWWJ7xx3EYGNUDl0Bc5A14yXwN8XMqHPlYS9paSh4g5KwFayMScNCJJouNwdjk0hc3hqWsmhjE4QsYVF1Y45OO9z907ZaOnljecAC8aJjVJtmTAs6WVDvCq__R27xbUMeeIQBNXMj5xV4k1ArJGcSsTkl-f6EXmH2qgYAq2Q9qdIhf1T2J1pPvsbUH0IbY3qVZezMK5_X0mB7y4izdng7HdJQW9jCgywrfL6N7Zp6s0W4oUQ-X6ogxmae2m04sAR3cEus4wi6oTuljIeEsliG6I2LsGk0hwXkEh3ixS0_jbcf_kw5v4CqTcUvKCeOJjRLdHWcrz9xMl81H5AGnIabS5CjLkV4FLlwdgIoa6Sz

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 235F 42 B
64 B 61ms
46ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu0TLm4SurprR0Re61Kwh_y2Ej_lWJ4RCtni92Bj7cqcdFr4WEiDi6xKPGpMvqaJU0WsZzurqIPDrNG9QEj5coP0LOXPEskzFvB5LpbHzBFTv4aWrjbpNI8NIyDDkZKka5iD1jQ8UkFMfTx&sai=AMfl-YQLPUrA4xlB_wyimm79kdmMEKPLEOR1sO7ZOq1-wlMG8v-dLyb9o9pdJPDCSO35mHY09MG9_bVDANspv8TgVzlUS8LleZyT9hMWXW1So0sEFXEE4bkZ4E6dRC8R7ftOUCvs00ReEBmWKrdKIO8B5j7fDQ9T7MgFagE&sig=Cg0ArKJSzJaFOZIkU69PEAE&cid=CAQSTgDICaaNBgn25nXoUdqtm064VVlfwF8ZDt3-b_2S_UarBOnVnMoLk0W1wFQX5Qi0eFbZJCk0heS9_nyhIxshHLXdcSpVIIjhmAcx8YzNGRgB&id=lidar2&mcvt=1007&p=0,0,90,728&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=746077752&rs=2&la=0&cr=0&vs=4&r=v&rst=1701975254261&rpt=1732&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 06E7 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b1fad372da906516e099d3b72f04deb6e5754d5e07cc56a7847cc5c7b2ae291

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 dysonfutura-book.woff
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 7A56 8 KB
8 KB 7ms
7ms Font
font/woff 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dysonfutura-book.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:33:12 GMT
x-content-type-options: nosniff
age: 84065
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7928
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Dec 2024 19:33:12 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 55ms
55ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231205&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6fb52e58a9fc34aa64ad4f50cf0945bc62759f0f513e4af539ac61a495a109cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12213
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9CFC 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8a6474c5428e3f731890751fbf3f05aa9fa24ba21feae220819f90ca40ee1b23

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9CFC 43 B
215 B 176ms
176ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=29d4eb7e-4535-aa0e-3d2f-2bc1c641d513&tv=%7Bc:w8TmR3,time:359,type:e,im:%7BpLoad:331%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:359,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B355~0%5D,as:%5B355~0.0,0~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:181,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141.1627455-73523888%7C1411%7C14121%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C1512%7C1513%7C161%7C162,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:18,sis:101%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:17 GMT
server: nginx
x-server-name: dt29.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 dysonfutura-book.woff
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame AE03 8 KB
8 KB 9ms
9ms Font
font/woff 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dysonfutura-book.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:33:12 GMT
x-content-type-options: nosniff
age: 84065
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7928
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Dec 2024 19:33:12 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 18:54:17 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A92F 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pencil.evolus.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19960
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 13:21:37 GMT
expires: Fri, 06 Dec 2024 13:21:37 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 54B2 829 B
996 B 19ms
19ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fd42c49fc3500d536a357215fe378aa442987a13255bb3416681caf1415dd0a4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OlJr7lqsTDsaDjstFfBW1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://pencil.evolus.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-OlJr7lqsTDsaDjstFfBW1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 18:54:17 GMT
expires: Thu, 07 Dec 2023 18:54:17 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame A92F 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:17:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20216
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 13:17:21 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 54B2 0
0 40ms
40ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231205&jk=508794219439035&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A92F 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?G_jh9w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:17 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 06E7 43 B
215 B 177ms
177ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=76459858-f7ab-e679-3d9b-03cbe66a9e77&tv=%7Bc:w8TmTd,time:564,type:e,im:%7Bpci:%7Btdr:508%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:564,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B560~0%5D,as:%5B242~0.0,318~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:179,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141*.1627455-73523888%7C1411%7C1412%7C1413%7C151.1627455-73523888%7C1511%7C161%7C162,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:13,sis:142%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:17 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9CFC 43 B
215 B 175ms
175ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=29d4eb7e-4535-aa0e-3d2f-2bc1c641d513&tv=%7Bc:w8TmU4,time:546,type:e,im:%7Bpci:%7Btdr:504%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:546,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B542~0%5D,as:%5B355~0.0,187~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:178,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141.1627455-73523888%7C1411%7C14121%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C1512%7C1513%7C161%7C162,idMap:151*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:101%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:17 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame ED02 42 B
64 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssA2VDWGru0odLa5WeXhrjd4WDl665B0ikE9VT_qT26JM_a5YppvKjZIAMXAodKXaxlUjD11l5yNez19UJlUA2yMvTVqJ0pYJ-ulQ8o5muaB3F9_b5G99tZoixzEsY0cx5u2DjaCxCTKvMMah-vb0zSBWzdZ-NdjBHdHXDghOc&sai=AMfl-YTznVar-Wm8UCRzVOJpW4mTbjb5g8SHeUM0wp-qq6Dud835KWBfKvWuZqQlCqu_2ZaU8sUzW2EnIWPAYzuFrOpVHbDGDxZ-wEjyn16GutTXpdvd6iY6Y60GHuF1iBsa6glDRgapFBS4ZURosUziHcEzKSU2_LFdoTgO&sig=Cg0ArKJSzDTv4SDpVg-ZEAE&cid=CAQSTwDICaaNkhjqKmWEoy-RgtocTZM6nTY3UB_M8qMRdsZ99oUwfjwc0qthLCs9RbVInd5f0ldTyshJFSCbAhJH-kIj94VldtLFNrTLWI4rLGsYAQ&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=137,810,1000,1116,1116&tos=137,673,190,116,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1701975256350&rpt=335&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
45ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231205&jk=508794219439035&bg=!rq2lreLNAAY3kmNgF5I7ADQBe5WfOPBB7RPl6-n1SWOMKtd-cAY7givefnv-jfxFZlXcvX5u1_Hxf7Qg_DVpAUFAdADcAgAAAD9SAAAAAmgBBwoAbSO3Q3Knrk-GT9qConNGUmkfDK6HS3Db3krE9OZU4xWrwokj6jowsWH512pzPCNfys249TvWaWzBjtc_GSFkzSpZf5Zr2NTzsx-YLt3nvqN1s1ovcUGkRNMPs4mCqviexeg2RJFdeWIC5d9WFROZAxlHsStZ088KN_KCn-Xzj8kYt1pbxVqb7qi6nuKQYxo1L32IM9S3aILC0M4Ol0qH6ZhPnIwigKts7ArlwImNuaeRj0GPeBMkECFW9CnenfewKKSkiBv2gdmkdSiCUYFIXgOJhzjIv-PUj2G6NwnBdMC6rq34NozUyotvUtZL2FgREPUhq2d0G1gxPMwbPThmf4JuULsndIakAqK_516kHZsE16nqnGNHx3f6-e1rIwF_GWlikhLjDr2N2aPbLdBXxJxKJS_hHJNu2SGmKnRWNsJuPEUBCKuY_jSaD66k2M3xxWposjA7psTCzYLGPEYN4cesq7rIrEz7-M5yBMEGNvUNXQYHf4bQwDamqD6vR2S9hfZBcLnD0r3AoPnRf0w5t0sVMiAUk9SCRmlwUrh-0btkiwOTfBW1nOOYosN5P-_eQrcwKfQQUlqwU-i_Y_ppQoSBlWHOzuyk31aMpFkRs4qD7PFdURhc20P5JsJ-bGMkUosz2I0YvsXMvDfrl4GJcQPKY8oVUxX3qQkoPU3EWKL3XV40_e9rO5wKkMZqajYvoO_2XwzwSQRQNFpAH7F5A2Pjdv1NNKKUBV0m1s-Fr3U_REqDSCfdOMCtdp8Nu-Qnz1krG1cO_PgJL8U_AHl7-4-lObX7J2enpSCc7rUhDnV1C6jL8M-z0sz45RkR8oiUf5GesBwrRD7LlPOGiFnPJcidvp3gJleFgQY1wqyu9iM2V45UdG90-KUeRBAlK2Jj9dGjHQUbpZJ9moY5JmtTwG9RXuGmRoMmQu0NOsHuTZDs0mV0ad5aTc9NTDBOYVfqoQ_vHq1sWevce77yg7nckebZklS0bj2Y0YVMC3B09uFkGw49XQJDjk2pJNKQGH9KzhU4AF7QCX8-2HQ8eBSrgzVTsk57NebkStJOpGklZ_9HEMZpGGgjHvYAATqc5DRSPwfIxWzOOUaKyLZMcx2uLE37cFS-lVr07b24438sHAMHwHBgm1H7i2-iuEfeNRLaytjC-FOLCweswa5uJsEjWLCD4fTwQefRTrKRyV61iNzK3oGixcTP13gg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://pencil.evolus.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 235F 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2718170832160&version=m202309260101&ct=76&x=1&cor=16134307524362535000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06E7 0
20 B 64ms
64ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2568266635220&version=m202309260101&ct=76&x=1&cor=2294999739871168500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 06E7 42 B
64 B 51ms
50ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCcuaQhXB1vqHEWJEt584ke-YG-Fg81fbh-odBQabyNCuBYtmCqNeahqDuKGN5wEPJbh0Zpjh4Y-mj3AWsuFnjhNlw3lbsYdIDeFa16llZ508eHI-qmYkb2aFNjLj43ZxAK9lZOM5M1Gnx&sai=AMfl-YThAEE3XdeacqnmGTwyMosAhNb52gTuqx7k-XrOcdwGxM18uiTP6MjVCXbr3s3BIS_uXDYMV2Ky_Avjg6mfiVtSl3Kzj8qVfvl_lxrz0SMj35S0Q8GeA8LmVo1_5ktCCxPjV40GtRZiV1HrhL7-NqZ2KxddSwZoAIid&sig=Cg0ArKJSzJ8HwRjaapM5EAE&cid=CAQSTwDICaaNkhjqKmWEoy-RgtocTZM6nTY3UB_M8qMRdsZ99oUwfjwc0qthLCs9RbVInd5f0ldTyshJFSCbAhJH-kIj94VldtLFNrTLWI4rLGsYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&vs=4&r=v&rst=1701975256390&rpt=305&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CFC 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8879441816948&version=m202309260101&ct=76&x=1&cor=9031662042013054000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 235F 43 B
215 B 175ms
175ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=e2c53f99-da34-64e9-89a5-90b2335beb7e&tv=%7Bc:w8Tn6Z,pingTime:1,time:2048,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:11%7D,%7Bpiv:100,vs:i,r:,t:1047%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1047,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1042~0,0~100%5D,as:%5B1042~728.90%5D%7D%7D,%7Bsl:i,t:1047,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:742,fm:tXMuJ2R+11*.1627455-73523875%7C111%7C112%7C113%7C12%7C141.1627455-73523888%7C151.1627455-73523888,idMap:11*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:12,sis:126%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:18 GMT
server: nginx
x-server-name: dt22.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 235F 43 B
215 B 176ms
176ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=e2c53f99-da34-64e9-89a5-90b2335beb7e&tv=%7Bc:w8Tn6Z,pingTime:1,time:2048,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:11%7D,%7Bpiv:100,vs:i,r:,t:1047%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1047,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1042~0,0~100%5D,as:%5B1042~728.90%5D%7D%7D,%7Bsl:i,t:1047,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:742,fm:tXMuJ2R+11*.1627455-73523875%7C111%7C112%7C113%7C12%7C141.1627455-73523888%7C151.1627455-73523888,idMap:11*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:12,sis:126%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:18 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9CFC 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssai9JypEI1WmthukJGi-BM3byzXmyiz9tjdfQK86dbs0GXXFjDhBpWXnwugH4DuM1E7Ri2NFzzMwwO2w9UWo4cYRM4Wrgh-PVzwnTSqoDSVGeM2Pmiob8Fl49i8f6Nw8FxKmBMBAukZwxe&sai=AMfl-YRO-cwW-CBrIL4KweejGA6lj0dkY4FGffYbeYwDUGm_6g08ELlsudohmF2D1xBH1ahgiFKukH-an0JbLeYuncZMax1seCz7CKWaDM02QCOAgxOrmYG91kcUWcL1zOJvWKezjAHwiKqnx74W8rZ-oU4GT0y8kdJEw2fV&sig=Cg0ArKJSzK-xmGns0Ld2EAE&cid=CAQSTwDICaaNkhjqKmWEoy-RgtocTZM6nTY3UB_M8qMRdsZ99oUwfjwc0qthLCs9RbVInd5f0ldTyshJFSCbAhJH-kIj94VldtLFNrTLWI4rLGsYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&vs=4&r=v&rst=1701975256399&rpt=503&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 06E7 43 B
215 B 176ms
176ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=76459858-f7ab-e679-3d9b-03cbe66a9e77&tv=%7Bc:w8Tncz,pingTime:-10,time:1764,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjcxIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.6.2v222222220002022202222222000020222222202022222220222202000022000220222220000000202202002222202222222220222222220000020022022200022222220200000222200022020002022022022222202002220222022222022220000000200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022020000000020000000000000000000020220202220000022200202202220022000200222022200200022220222200202222020002200002222022222202222000002002002222222202220022202200022002220202202,asp:1701975256551%7C%7C4f4ffc05491981e89a1c0bb8825339a8%7C%7C81fa84b75a8024ba76b34e57df459f31%7C%7C9a6ada18a1a164877954d38d1d3016d9%7C%7Cfa9cdbfeb736c4702f35a9c957379c2f%7C%7C9b65af3bb439495fad83d855971caf11%7C%7C89b7133f3baf7279b6544874aa1571a0%7C%7C3a7b834396e2e7dcf1480abc94a8f262%7C%7C1663701684,sca:%7Bspg:e2c53f99-da34-64e9-89a5-90b2335beb7e%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:18 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9CFC 43 B
215 B 175ms
175ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=29d4eb7e-4535-aa0e-3d2f-2bc1c641d513&tv=%7Bc:w8Tnda,pingTime:-10,time:1730,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjcxIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.6.2v222222220002022202222222000020222222202022222220222202000022000220222220000000202202002222202222222220222222220000020022022200022222220200000222200022020002022022022222202002220222022222022220000000200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022020000000020000000000000000000020220202220000022200202202220022000200222022200200022220222200202222020002200002222022222202222000002002002222222202220022202200022002220202202,asp:1701975256551%7C%7C4f4ffc05491981e89a1c0bb8825339a8%7C%7C81fa84b75a8024ba76b34e57df459f31%7C%7C9a6ada18a1a164877954d38d1d3016d9%7C%7Cfa9cdbfeb736c4702f35a9c957379c2f%7C%7C9b65af3bb439495fad83d855971caf11%7C%7C89b7133f3baf7279b6544874aa1571a0%7C%7C3a7b834396e2e7dcf1480abc94a8f262%7C%7C1663701684,sca:%7Bspg:e2c53f99-da34-64e9-89a5-90b2335beb7e%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:18 GMT
server: nginx
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 06E7 43 B
215 B 176ms
175ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=76459858-f7ab-e679-3d9b-03cbe66a9e77&tv=%7Bc:w8Tnkm,pingTime:1,time:2247,type:p,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:12%7D,%7Br:r,w:160,h:600,t:246%7D,%7Bpiv:100,vs:i,r:,t:1246%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1246,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1243~0,0~100%5D,as:%5B242~0.0,1001~160.600%5D%7D%7D,%7Bsl:i,t:1246,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:178,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141*.1627455-73523888%7C1411%7C1412%7C1413%7C151.1627455-73523888%7C1511%7C161%7C162,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:13,sis:142%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:19 GMT
server: nginx
x-server-name: dt25.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 06E7 43 B
215 B 176ms
176ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=76459858-f7ab-e679-3d9b-03cbe66a9e77&tv=%7Bc:w8Tnkm,pingTime:1,time:2247,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:12%7D,%7Br:r,w:160,h:600,t:246%7D,%7Bpiv:100,vs:i,r:,t:1246%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1246,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1243~0,0~100%5D,as:%5B242~0.0,1001~160.600%5D%7D%7D,%7Bsl:i,t:1246,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:178,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141*.1627455-73523888%7C1411%7C1412%7C1413%7C151.1627455-73523888%7C1511%7C161%7C162,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:13,sis:142%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:19 GMT
server: nginx
x-server-name: dt26.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9CFC 43 B
215 B 176ms
175ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=29d4eb7e-4535-aa0e-3d2f-2bc1c641d513&tv=%7Bc:w8Tnnk,pingTime:1,time:2360,type:p,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:17%7D,%7Br:r,w:160,h:600,t:359%7D,%7Bpiv:100,vs:i,r:,t:1359%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1359,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1356~0,0~100%5D,as:%5B355~0.0,1001~160.600%5D%7D%7D,%7Bsl:i,t:1359,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:178,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141.1627455-73523888%7C1411%7C14121%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C1512%7C1513%7C161%7C162,idMap:151*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:101%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:19 GMT
server: nginx
x-server-name: dt29.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9CFC 43 B
215 B 177ms
176ms Image
image/gif 2600:1f13:800:7780:5e0e:b54f:841d:a117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=29d4eb7e-4535-aa0e-3d2f-2bc1c641d513&tv=%7Bc:w8Tnnk,pingTime:1,time:2360,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:17%7D,%7Br:r,w:160,h:600,t:359%7D,%7Bpiv:100,vs:i,r:,t:1359%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1359,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1356~0,0~100%5D,as:%5B355~0.0,1001~160.600%5D%7D%7D,%7Bsl:i,t:1359,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:178,fm:tXMuJ2R+11.1627455-73523875%7C111%7C112%7C113%7C114%7C12%7C1311%7C141.1627455-73523888%7C1411%7C14121%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C1512%7C1513%7C161%7C162,idMap:151*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:101%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:5e0e:b54f:841d:a117 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 18:54:19 GMT
server: nginx
x-server-name: dt30.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

185 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pencil.evolus.vn/	1969-12-31 23:59:59	Name: JSESSIONID Value: E59FEDF2E378070305E9802BD51B369B
.evolus.vn/	1970-01-21 02:22:15	Name: _ga Value: GA1.2.1112030573.1701975254
.evolus.vn/	1970-01-20 16:47:41	Name: _gid Value: GA1.2.535636076.1701975254
.evolus.vn/	1970-01-20 16:46:15	Name: _gat Value: 1
.evolus.vn/	1970-01-21 02:22:15	Name: _ga_605EH76LKC Value: GS1.2.1701975254.1.0.1701975254.0.0.0
.doubleclick.net/	1970-01-21 02:07:51	Name: IDE Value: AHWqTUnEVW8r2vC8KjqzFuEK0pKjFU3V9otxi1bl9YAY5dtZ4Z8PtG6UTA8HUATV
.adnxs.com/	1970-01-20 18:55:51	Name: uuid2 Value: 2057512416729697982
.casalemedia.com/	1970-01-21 01:31:51	Name: CMID Value: ZXIU17yvKiVkuGR5ON4iLgAA
.casalemedia.com/	1970-01-20 18:55:51	Name: CMPS Value: 1159
.casalemedia.com/	1970-01-20 18:55:51	Name: CMPRO Value: 1159
.doubleclick.net/	1970-01-20 21:05:27	Name: APC Value: AfxxVi4q6GxJErpf0PAWS4fglKM9QGKOpADk7u_qblYuZO894sKLvQ
.evolus.vn/	1970-01-21 02:07:51	Name: __gads Value: ID=3c88fed89cdc3960:T=1701975254:RT=1701975254:S=ALNI_MZylkcJOSlw2DNnGzK2-KyMImTO4A
.evolus.vn/	1970-01-21 02:07:51	Name: __gpi Value: UID=00000d0f6169ada6:T=1701975254:RT=1701975254:S=ALNI_MbbM-Z07bJSKjM2yd6xxlykngTK7w
.adnxs.com/	1970-01-20 18:55:51	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVUsvC@p!]taa8i_iqf!oN/@E'zz<Z2$!(x]Ah]A7't0n[h'u2C(uTB)nd^4J1t69^TD._*PlZ[C[-kX-4I:24
.doubleclick.net/	1970-01-20 16:46:18	Name: DSID Value: NO_DATA
.googleadservices.com/	1970-01-20 18:55:51	Name: ar_debug Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
pencil.evolus.vn
region1.google-analytics.com
s0.2mdn.net
static.adsafeprotected.com
sync.teads.tv
tpc.googlesyndication.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
125.212.248.224
142.250.181.226
172.217.18.98
2001:4860:4802:32::36
216.58.212.162
23.32.185.35
2600:1f13:800:7780:5e0e:b54f:841d:a117
2600:9000:237d:3600:8:48e:53c0:93a1
2606:4700:4400::ac40:9765
2606:4700::6811:180e
2a00:1450:4001:808::2006
2a00:1450:4001:80f::2008
2a00:1450:4001:811::2002
2a00:1450:4001:812::200e
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2001
2a00:1450:4001:827::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2003
2a00:1450:4001:831::200a
35.244.159.8
37.252.171.53
99.81.22.6
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0387fa979fd13621f1c120729dc0ab30f073adf2aced8f1c88df789ea0c7e0eb
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
10638ff6755524b6693243eb4f8e72ac9b1eb7be5423fd5248ad90d2ce42d273
12ff2ec39651e02b34ee26ae91b66614f3b981e5b8db58feb16115c2b6b201f0
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
263403e6cea55abd488e73b1a3ed6fac18d6b3136572570953b3392504715123
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2e3479d14727cf6b6581add352dad3c9fb8a89b1586d49dc0e606249e7abe437
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
38795da747acdd01ca77ffc22bbd54bf4141b61a64e631b8bd4979526204df6a
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3d66ba6bc03128cc3ce96e393fc2b3f7c8bd2e73af8258ae6d6a5e6f2efb9848
3d750f2559883b02c6aca9cd6cf16d07b50c73032fb7dbbddac3d3c499747ebe
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
46381e82326020539235d725ce92f21cacaf97176792e1711f8720313bd7c526
47b97a667457b6911eb288cca7d44b0ced54aa252c2f969972b9e1b6d6d79224
4b16d0b1c4572bf6a6c5f75ee43b4d7fc9a9f1786d912b11b853089e3bebf240
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
539cc993691ac34295a0b8e0b720aa3db63a2e80c78d49e1c4c4132bb4a5dc09
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5b1fad372da906516e099d3b72f04deb6e5754d5e07cc56a7847cc5c7b2ae291
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6278db0371189e40f5fb76efc91aa24678b6ad6c4cdccb3f8d49e925e3dd6b5c
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
682e23f36642df4dd836586267cce3659102851f005c9609adc786b849006832
69e1767c60e702480b7a4604f7a71a344e3e03caa6e21f6a352a9f63908dc500
6bfa9b09b6361590a6f2b27e80ef96719d3ada4613da35ea1f61f4260a96061f
6dee119ee49ab8771cf531190b1b186a092c709f799baf9ab566a3ca9778ea0b
6fb52e58a9fc34aa64ad4f50cf0945bc62759f0f513e4af539ac61a495a109cd
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
7d60255211b63ebd7ab57221ffe52ae073eab1c1c3a93c48df42b224e7f7c527
7d9f4bbbd30ff2bd10a1dbd71bca45944cfa0d37c1ba125f347bc78b767a0fc0
8833293f6762feb57c976e996042e2dcf201b282c034504008e2bf0a98dd3527
8a6474c5428e3f731890751fbf3f05aa9fa24ba21feae220819f90ca40ee1b23
8a85ce098d47416bdab2461386cd628c1c1dce5b0abb37e00484b11886ee574c
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b
97c6b43afd945d3ef00fe347b2518af5cb40c6c19b2cca025cf1aff2e5881caa
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9b18cbc41fec05b757879a8e64ed1db352ae59c718789782cc5cddfe26b7fa14
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
abc664dea79c033f217ed2c3202b86135fd2dbc307306ecb7cfbd54f4041ec16
ace6c1d1cccc4686d29e81c0821be209d2e2d8b7ba44ee24649a698a5230f6ff
b046c76798755db3823f505ac1d0d030db7783d6e41d8813a032a02d7f676ad2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1bec2801ae919931c586109ab108570f1acc488933599c7cd490c6c7aca7d5c
b36a214a8891ae5c72ecf65fd51eb22104c319f68c981d05244c045544dccf20
b40c66ad96d833d99b061c0b7bf37c101a9b8f359d6ed4915119dfcc7f4ccb9f
bbde0fd637840b04806e70ee7610047e1cfe5568854929dc58c310a861d93ca6
be4a1b0cd706863189816eced9f8c4901adb94848a1d84e17b506b30cf0f5954
c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682
c279aad751e75337d72fbe0e933070548356902f02835c87aeeaddc4187f8903
c3477a72ef1db732762ffb13ba55d7df867b64c2abf5f88a1fdff29e6dbe374d
c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
ca212a6d45038b16f7e2ee85414d0f67362985095eac9dc26a34e96d1ea529b5
ce2b61e64a17f1488f20bafee5aa20a8d8ec897b990f709634f5bd1cc620e6b0
ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d3e4cdbb12defe352221c7446f538206d487f314187f7883e6f261d9246ab3af
d74871f1d66e7c0230449ab708d05f088e33d578275cfbc2e0d95529b689cfcd
da53407f9d2f34a4cf3c61979d897f4dfdefdf961aa928f4280212183e1c7643
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de63bf5ecaf8695bae42a604e9808a63c55b0d62bdb3b4462c1530950772fc27
e24e46459c7d6e73401ab03d015d9819826b4d7e01d5dacb37c0264ebf8f069a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9
e61a5274401d098ca96cd8b36e4030f75bcb644047b18cf0deb1f916c863f126
e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f430ad6611692180cc5bfba88afb989ac5cde063c2e929a28026be4c2c3e9f45
f68795b23883694cae517d536a7e782a760cf045638fa6b5540ac912f819b230
f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4
f8493e17a645ccf4239ec0ec24c878ce9d25b62e27361a364ad9f5ddc9da1d6b
fc757f9ba6603eb9913106a4cd83c7a7c0a8a4f845a0aceb1103606bc324ad00
fcc747d6dc12532a43c17505db2a633156a1a16c225d0dd94f05806bb84d1f41
fd42c49fc3500d536a357215fe378aa442987a13255bb3416681caf1415dd0a4
fd99a285d81a12f549b741db9604416a669e2ee8accf00cd40c0b0344e9ba63f
fe18a10c1113e33eb3e00a49196eb8513743049e0cfeac5b8066d0545ad2c216

pencil.evolus.vn Open in urlscan Pro 125.212.248.224 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

208 Requests

88 %HTTPS

67 %IPv6

17 Domains

24 Subdomains

25 IPs

4 Countries

2599 kBTransfer

6466 kBSize

16 Cookies

2 Outgoing links

Redirected requests

208 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

pencil.evolus.vn Open in urlscan Pro
125.212.248.224 Public Scan

Screenshot
Live screenshot

Full Image

208
Requests

88 %
HTTPS

67 %
IPv6

17
Domains

24
Subdomains

25
IPs

4
Countries

2599 kB
Transfer

6466 kB
Size

16
Cookies

208 HTTP transactions
4 data transactions