urlscan.io logo urlscan.io
SecurityTrails logo

genialskin.click Open in urlscan Pro
188.114.96.3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://realtormclean.com/6xuteq.jspx?G1H03d16fCJcFPV6J7WwDP9DT2G4dcbhM75fGYQQ1J0YG2s4wyzsw3nc7hMP2S7162S44ycTC059hy2qYVM8...
Effective URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Submission: On November 22 via manual from PT — Scanned from PT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 4 countries across 6 domains to perform 38 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is genialskin.click.
TLS certificate: Issued by GTS CA 1P5 on November 5th 2023. Valid for: 3 months.
This is the only time genialskin.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 109.72.124.105 206505 (HOSTILOX)
1 37.44.198.195 49392 (ASBAXETN)
34 188.114.96.3 13335 (CLOUDFLAR...)
2 172.217.16.200 15169 (GOOGLE)
1 216.239.32.36 15169 (GOOGLE)
38 4
1    109.72.124.105 (Ukraine)

ASN206505 (HOSTILOX, TR)
PTR: realtormclean.com
realtormclean.com
1    37.44.198.195 (Moscow, Russian Federation)

ASN49392 (ASBAXETN, RU)
briskarks.com
34    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
genialskin.click
trk-essursta.com
event.trk-essursta.com
2    172.217.16.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f8.1e100.net
www.googletagmanager.com
1    216.239.32.36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
29 genialskin.click
genialskin.click
326 KB
5 trk-essursta.com
trk-essursta.com — Cisco Umbrella Rank: 229296
event.trk-essursta.com — Cisco Umbrella Rank: 242638
3 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
147 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2462
254 B
1 briskarks.com
briskarks.com
434 B
1 realtormclean.com
realtormclean.com
292 B
38 6
Domain Requested by
29 genialskin.click briskarks.com
genialskin.click
4 event.trk-essursta.com trk-essursta.com
2 www.googletagmanager.com genialskin.click
www.googletagmanager.com
1 region1.google-analytics.com www.googletagmanager.com
1 trk-essursta.com genialskin.click
1 briskarks.com
1 realtormclean.com 1 redirects
38 7

This site contains no links.

Subject Issuer Validity Valid
briskarks.com
R3		 2023-11-07 -
2024-02-05		 3 months crt.sh
genialskin.click
GTS CA 1P5		 2023-11-05 -
2024-02-03		 3 months crt.sh
trk-essursta.com
GTS CA 1P5		 2023-10-19 -
2024-01-17		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Frame ID: FC6D1BC7C14119FB82EA50C58830872E
Requests: 36 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

[1] Recompensa Pendente - Online Survey - Queremos sua opiniĆ£o!

Page URL History Show full URLs

  1. http://realtormclean.com/6xuteq.jspx?G1H03d16fCJcFPV6J7WwDP9DT2G4dcbhM75fGYQQ1J0YG2s4wyzsw3nc7hMP2S71... HTTP 302
    https://briskarks.com/0/0/0/de06054ed868b2246f1adacdcd1bf9f0/26_1028107_2804297/2448_2992374_50265... Page URL
  2. https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

38
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

4
IPs

4
Countries

477 kB
Transfer

1262 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://realtormclean.com/6xuteq.jspx?G1H03d16fCJcFPV6J7WwDP9DT2G4dcbhM75fGYQQ1J0YG2s4wyzsw3nc7hMP2S7162S44ycTC059hy2qYVM88ZpCmpxBNpXBRKysn7F6bRbmqkRLQBg1zhMGQcyxg8YfJzwhKpz0d3zDMTSz54bPpGNgZcDwNQbvKTPSG8w8v52jDWqjvYr3pSY93m0LCgt83m6zftFrlvlKnkwbY0HsttT5nzcGSp9rLdrRdj5DJqxgX24z2Ggs33fvCn7MPYSN9bXQH9XSSnYt79Crp607lXGNBWSCTVJ06gJxhRfXVXR3GxfryGKwwtnxBgdL6n1dVXGmV9BkX6DCNjln2j60fvBHSmQbgjrDVdlxsST9FTYPqSWvXNR37223mJfzRfrNBR3rz5s0zqlsDsmNrbVzM9zC6kl5TFtfymqfhV5NgDmLP8g9ndR4s6yDhRfLyFVsqcjz6ZmkH7lzNNC6J7mfdlkqgwxsg3hGsyrRSfSJ60msJqdpQqD6kPKQRfC23mFRc15X5hR6y6xf2c20VtdwYnx7vBpRFCbqVKD8T0VP2kh1Zk1jWpwJpk4t46MPQrb3wYSGqKBWXlwtHghmlL4v83JnKHG0BVq1yw6TMZp4BvH4q3DhMqH8yblnVzRn9wflX2GmdlRSc7fgzb2YVRNb0M93nY8pRg0kNF9zKfwqhNt0vzbc1zXwQMfM5PJ2hT57dv91PR6xqhjlvqTfdfdnvX2qBp0zhJkt4FhwpkSKqLctx0YddTfkSY5RhwbhcX7cmwrwzPnB5X8MDpC5YDhHrDFtmnQBrwb0G0kpzLxWYP3hbhJgFP87SbKFggPxTrmP9QqRhSgjKpfd4yxnqytrBbvrfVcwQCGRFXWzhXJ60w67w1ZcGQRlfPNkt7dvCBRsHTpJ8l6mM3Lz4sP0Kgrp4XpV2SByxFfGcBF8GX5JtbzYLBcW5tFZYqN3mGLBNMdKKK76xLnd4gnPQr2hPKYHsmq2r2QZFpR3Cb90pVBscbbbdVRSxQcc0sDFcyXgNc5cVgcscGKWjlvptcbbb5f HTTP 302
    https://briskarks.com/0/0/0/de06054ed868b2246f1adacdcd1bf9f0/26_1028107_2804297/2448_2992374_5026534_14/1110363427_185-128-9-97 Page URL
  2. https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://realtormclean.com/6xuteq.jspx?G1H03d16fCJcFPV6J7WwDP9DT2G4dcbhM75fGYQQ1J0YG2s4wyzsw3nc7hMP2S7162S44ycTC059hy2qYVM88ZpCmpxBNpXBRKysn7F6bRbmqkRLQBg1zhMGQcyxg8YfJzwhKpz0d3zDMTSz54bPpGNgZcDwNQbvKTPSG8w8v52jDWqjvYr3pSY93m0LCgt83m6zftFrlvlKnkwbY0HsttT5nzcGSp9rLdrRdj5DJqxgX24z2Ggs33fvCn7MPYSN9bXQH9XSSnYt79Crp607lXGNBWSCTVJ06gJxhRfXVXR3GxfryGKwwtnxBgdL6n1dVXGmV9BkX6DCNjln2j60fvBHSmQbgjrDVdlxsST9FTYPqSWvXNR37223mJfzRfrNBR3rz5s0zqlsDsmNrbVzM9zC6kl5TFtfymqfhV5NgDmLP8g9ndR4s6yDhRfLyFVsqcjz6ZmkH7lzNNC6J7mfdlkqgwxsg3hGsyrRSfSJ60msJqdpQqD6kPKQRfC23mFRc15X5hR6y6xf2c20VtdwYnx7vBpRFCbqVKD8T0VP2kh1Zk1jWpwJpk4t46MPQrb3wYSGqKBWXlwtHghmlL4v83JnKHG0BVq1yw6TMZp4BvH4q3DhMqH8yblnVzRn9wflX2GmdlRSc7fgzb2YVRNb0M93nY8pRg0kNF9zKfwqhNt0vzbc1zXwQMfM5PJ2hT57dv91PR6xqhjlvqTfdfdnvX2qBp0zhJkt4FhwpkSKqLctx0YddTfkSY5RhwbhcX7cmwrwzPnB5X8MDpC5YDhHrDFtmnQBrwb0G0kpzLxWYP3hbhJgFP87SbKFggPxTrmP9QqRhSgjKpfd4yxnqytrBbvrfVcwQCGRFXWzhXJ60w67w1ZcGQRlfPNkt7dvCBRsHTpJ8l6mM3Lz4sP0Kgrp4XpV2SByxFfGcBF8GX5JtbzYLBcW5tFZYqN3mGLBNMdKKK76xLnd4gnPQr2hPKYHsmq2r2QZFpR3Cb90pVBscbbbdVRSxQcc0sDFcyXgNc5cVgcscGKWjlvptcbbb5f HTTP 302
  • https://briskarks.com/0/0/0/de06054ed868b2246f1adacdcd1bf9f0/26_1028107_2804297/2448_2992374_5026534_14/1110363427_185-128-9-97

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
1110363427_185-128-9-97
briskarks.com/0/0/0/de06054ed868b2246f1adacdcd1bf9f0/26_1028107_2804297/2448_2992374_5026534_14/
Redirect Chain
  • http://realtormclean.com/6xuteq.jspx?G1H03d16fCJcFPV6J7WwDP9DT2G4dcbhM75fGYQQ1J0YG2s4wyzsw3nc7hMP2S7162S44ycTC059hy2qYVM88ZpCmpxBNpXBRKysn7F6bRbmqkRLQBg1zhMGQcyxg8YfJzwhKpz0d3zDMTSz54bPpGNgZcDwNQbv...
  • https://briskarks.com/0/0/0/de06054ed868b2246f1adacdcd1bf9f0/26_1028107_2804297/2448_2992374_5026534_14/1110363427_185-128-9-97
140 B
434 B 		Document
General
Check archive.org
Download Go to
Full URL
https://briskarks.com/0/0/0/de06054ed868b2246f1adacdcd1bf9f0/26_1028107_2804297/2448_2992374_5026534_14/1110363427_185-128-9-97
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
37.44.198.195 Moscow, Russian Federation, ASN49392 (ASBAXETN, RU),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
pt-PT,pt;q=0.9

Response headers

content-length
140
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 10:49:22 GMT
server
Apache

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 10:49:20 GMT
Location
https://briskarks.com/0/0/0/de06054ed868b2246f1adacdcd1bf9f0/26_1028107_2804297/2448_2992374_5026534_14/1110363427_185-128-9-97
Server
Apache
Primary Request /
genialskin.click/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Requested by
Host: briskarks.com
URL: https://briskarks.com/0/0/0/de06054ed868b2246f1adacdcd1bf9f0/26_1028107_2804297/2448_2992374_5026534_14/1110363427_185-128-9-97
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02929809fec33d1cfeae7218929323b56d75c0adfcda9998ece028faefdabf3e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://briskarks.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
pt-PT,pt;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
82a09afce855662f-MAD
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 10:49:23 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=peohpIIRfT5jiKiJMhHirLm%2F9LWc1DVt%2BybQz%2BF5FvBiGdc2QpUsRh1Rpvpy%2FEq0DDEluH7giN2weSORpjW8Zy71JYMNUBEJAmZNMNQ5Ck2Ys9JyHnQxik91kWwQ8%2FzWdCWl"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
9a788b10ee5544474cf3e4bf49c98dc7
genialskin.click/ 		174 KB
27 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7?_ax=w
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91bb7c79d44465320936cfc7bff260ae1c898d02f0556560cd3d0b7240cbe45c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=osPcjxfX2mWbbAb88wNkc9kEcjzLaoYan%2Fq82FH%2FgS2Zrnz355sExI1ka7JNygOds6FtTq6gltTKm9bn3vGwPs4fpt0azj8HsYkZNHH6s7KvBWDXHm53QeXVlkpQja%2BLRR%2Fx"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate
cf-ray
82a09b014fde662f-MAD
expires
Thu, 19 Nov 1981 08:52:00 GMT
bootstrap.min.css
genialskin.click/assets/js/vendor/bootstrap/css/ 		141 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/js/vendor/bootstrap/css/bootstrap.min.css
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
516874
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 23 Mar 2021 22:52:06 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJ8MsfgJzvD5R7qI06CK%2FBRI4BLf%2F6VhmZxYdTcmxEI5tiJ8RsCMvbVAV3IEX%2Bc%2BTeesZ6taxCuHZuBr74AnHlBnATElPcEx7C1NZc53oqgafdNQMiCNRITD9n5BVRpIfYou"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062bd086bc-MAD
expires
Thu, 23 Nov 2023 11:14:49 GMT
all.css
genialskin.click/assets/vendors/fontawesome/css/ 		72 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/vendors/fontawesome/css/all.css
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
516874
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Mon, 19 Jul 2021 19:00:02 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iXsYVjRBPGx%2Bm9tkUrcKSPN7R7Mjv%2BbNc9aaaTsOzXT5T8TklFrAN8uOZhSy1Dr9otuAwNH9g6y8GzlVVkwcWTbLHbZKIJZhfMe9iRT5YY55YGrVng5TycP34pSvZW40u1d4"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062bd486bc-MAD
expires
Thu, 23 Nov 2023 11:14:49 GMT
common-hybrid.css
genialskin.click/assets/css/legacy/dist/ 		30 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/css/legacy/dist/common-hybrid.css?v=7970a1776c23e260188baff88743f24d
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d16521cd7363eb436256558079562d358851331589f251d44c4e1d316b48155
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 14 Nov 2023 16:58:37 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kbVkNzT7EiQTIqS5uA4zc4PlWYkpL9HjI1gXbP3uVx0yD46HSMlNLUuU7LnmcLEGXP50%2BpemuekfNUJfov2xGh2y8M1QOHVzoT8SOoZPy3jCdwKgya3xe4HhJ%2BSUvzUUM%2BY%2B"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062bd686bc-MAD
expires
Wed, 29 Nov 2023 10:49:24 GMT
1.4.css
genialskin.click/assets/css/legacy/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/css/legacy/1.4.css?v=7970a1776c23e260188baff88743f24d
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e3a1f318e7c5db810bd0f319c2cb863472190d32cd269ddc72f3dce455d92e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Mon, 20 Nov 2023 19:10:47 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hZvTZgB6Zw3zAcKOSPnQFz7BZiGUav7xRL85dHb1zs5G9%2BpWzgbpLqMH47X9clAVflWxaP%2BzXh74Agl%2F6UF%2FhH%2Fc%2FwS6Y3gn89qNSDXkE86foHnu%2FepinAruxX7RPQTfsYng"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062bd886bc-MAD
expires
Wed, 29 Nov 2023 10:49:24 GMT
msg.v3.js
genialskin.click/inc/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/inc/msg.v3.js?655ddcb3c82fd
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
448b2102656fc14a1cd8cc0e30a1d41aca27281ed91b00fb7cf5a23c7d8f8749
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 11 Jul 2023 21:35:45 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SY1k6XSjlcmkeAfux3yIlfB0ApJDqf%2F0Ml6MUburHfcGqhzdG%2BN1AArwGj2w%2B3tlLAnYHSEWpz%2B9w6%2Fj8eexk5Svya0x1HQXe%2FyWFzbOboTdAn5a4KqT4dfUQ8%2FhDCH4CvJX"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062bd986bc-MAD
expires
Wed, 29 Nov 2023 10:49:24 GMT
jquery-3.4.1.min.js
genialskin.click/assets/js/vendor/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/js/vendor/jquery-3.4.1.min.js
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
516875
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 23 Mar 2021 22:52:06 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OBsBSgZwYHte37wybggW1RaoQ5X2E9I67hiau6gliTEAwT4ekK%2FHgnY1c%2Fool6NRL1c3geElQ528X23q0QC%2FTJbQ6Ghfmb3sv%2FrTSSQpE64r%2FGWtE7%2FR77sKHE8itNQ2ejWy"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062bda86bc-MAD
expires
Thu, 23 Nov 2023 11:14:49 GMT
bootstrap.min.js
genialskin.click/assets/js/vendor/bootstrap/js/ 		48 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/js/vendor/bootstrap/js/bootstrap.min.js
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
516874
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 23 Mar 2021 22:52:06 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iNQr04aGzibGjt8NR2nEKm4RHaEYpxhxUdGNtfUjCeW2BkpejcEfKTZucUI0DeZUh1jxaK6D2Yi2mvozISJhCGSclkM8PMiZ5UNBbrPana1Np6qYuKYq0xGoqoA6ajx4gPm2"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062bdd86bc-MAD
expires
Thu, 23 Nov 2023 11:14:49 GMT
functions.js
genialskin.click/assets/js/ 		814 B
864 B 		Script
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/js/functions.js?v=7970a1776c23e260188baff88743f24d
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91caebaa07e970b9566eb195570097c03616d933955113dbfb1eced337a5f8b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 25 Aug 2023 14:17:59 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btcaI7HPfQvlytIMKozX9ls4eUiT%2FdMu8Feri%2BWMbGr1OBPq9yZ4fjhEjib2pHNHuvu4AVouWYsSlEG9N0stQDWspRsK0VwSW002jwr9iQ5vfGnqf3oQrskQyNUbQ2%2Br4T5P"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062be186bc-MAD
expires
Wed, 29 Nov 2023 10:49:24 GMT
intl_functions.js
genialskin.click/assets/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/js/intl_functions.js?v=7970a1776c23e260188baff88743f24d
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9437d87812b34d91f53e5421eeed60dd3aa108b42cb34f4a8dbb855a0531a55b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 14 Sep 2023 15:07:29 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FkvA1pUWuWHL5mbWe6T5jM60o%2Fw72Us6ZZVgYVmTfwAMC2hilD35%2FGrG6X%2FNHr32FSKqsyjg8f5QdkVK92gJPH74FVUwcMl3Wd2%2FJTMyDsmn%2FmdIQGl2%2BV4keeyAeEL%2B5Kxz"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062be486bc-MAD
expires
Wed, 29 Nov 2023 10:49:24 GMT
common-hybrid.js
genialskin.click/assets/js/legacy/dist/ 		99 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/js/legacy/dist/common-hybrid.js?v=7970a1776c23e260188baff88743f24d
Requested by
Host: genialskin.click
URL: https://genialskin.click/?s1=350582&s2=1091548992&s3=1782&s4=1710&ow=&s10=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e94fbec829bf5116af6e4155aa9d517e723bd9e26d99710dff7d788bca413786
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 16 Nov 2023 20:23:21 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Jcwyf8Igpo9BVSXZKV2iN6H0%2Fsa9DdW0PuC4%2BPMxPu0OHKtxR6rYdmEw6M%2Fvu1z%2FANcfn8Pv3C%2FBXT2joukzUiaoa%2B0Y2gJ90iBy6MdFhNsceq7Cjir9Y%2BqjRrsUjFTtPz%2B"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
82a09b062be786bc-MAD
expires
Wed, 29 Nov 2023 10:49:24 GMT
v9e118mez8
trk-essursta.com/scripts/push/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk-essursta.com/scripts/push/v9e118mez8
Requested by
Host: genialskin.click
URL: https://genialskin.click/inc/msg.v3.js?655ddcb3c82fd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c65c15e3af0d349af61501f7749076aacef349171d95638bb475f800d8367084
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript;charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TgbAWk4mjrQLfkUrvnlBEl6GX%2FEU8MpYW1V1MQsar4GIqHN7J3BTRksRn7LRedFUUl6K4mYWsYHTIIzCEPk%2Ba8KFGulAYO4xhb%2FYCyUv2cfdqqzN1393H1K2qrDdm%2FDmkszP"}],"group":"cf-nel","max_age":604800}
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray
82a09b099ac35ced-MAD
expires
0
gtm.js
www.googletagmanager.com/ 		178 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M5FVHZX
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
651646bcc62abf0d295e8fb22310dc0b2ac719c65f72dc6563d00e47783f154f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65150
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 Nov 2023 10:49:24 GMT
onlinesurvey-color.png
genialskin.click/uploads/archive/company/175/images/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/uploads/archive/company/175/images/onlinesurvey-color.png
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6659b4426a9dba95133c0e3b27b5d952d6cc1e574b88640a7e7bcec354d902c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
54592
alt-svc
h3=":443"; ma=86400
content-length
41556
x-xss-protection
1; mode=block
last-modified
Thu, 10 Mar 2022 19:58:45 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sJ5T96wQVxT3tOh4jFPi67%2BPSIwhuMVttzPm2kcuxbYrSb1dyi%2Fb3F7MiatL%2BnnhH4BpyY65TVc%2BEsXiQhZPYOKKxpq%2BZJ18229mjOxy2p6lFljlv72jnsKVj308F3LSNL1g"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b0989fb86bc-MAD
expires
Tue, 28 Nov 2023 19:39:32 GMT
feb5b0df86281f49b4a688371da8dd37.png
genialskin.click/fim/739-PT/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/feb5b0df86281f49b4a688371da8dd37.png
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a22a94123a579d0841b66a282cff9747e8069ff90378025b2d13607b4fd07633
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18098
alt-svc
h3=":443"; ma=86400
content-length
2345
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 05:47:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AxizwLbuY7LMhvlIRmehsvC5%2B6I6yI2K%2FiZ7B9enFXGZjK%2BFwS7%2BNS2xFNGRDQJ6NpbReSix%2BMqXVFXyeqmncMMvgx%2FJttK%2FRLEmnsYDuDiBqczK94RUpnkG3V2N2%2F9dtVOL"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a0986bc-MAD
expires
Wed, 29 Nov 2023 05:47:46 GMT
42fab5f8500d3565a99de33cb2670cb3.gif
genialskin.click/fim/739-PT/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/42fab5f8500d3565a99de33cb2670cb3.gif
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18098
alt-svc
h3=":443"; ma=86400
content-length
15537
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 05:47:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/gif
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7QuRYJ1%2FAQ677SLZIGmZ0muIOTZ7tfyZxh1W90Hq3JGrLPpxWz1x6m1IKJXc9zvHloleFo9w2bC7UdyLnvizJJUlGfOKe71ducRNUf4RuNonKlCKrOOUKZQKZQoqZXaZyuyZ"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a0c86bc-MAD
expires
Wed, 29 Nov 2023 05:47:46 GMT
2a4df2a7cc5685519bf2d98d85b5cb34.png
genialskin.click/fim/739-PT/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/2a4df2a7cc5685519bf2d98d85b5cb34.png
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4494c69afed09e8bb02dc10d4be3adaed00aa6479d838bd8ed1bf3119132004d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18098
alt-svc
h3=":443"; ma=86400
content-length
1714
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 05:47:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tA5LY5kIM2CxuDSbEIiEKYjEWIYZYVojcqByvI2U0KwCuSAkkpiU5%2FgPd8slR%2BNNIo%2FNUEPVdzwZp3m5SQ%2BaGQDnDWKbfWu3%2FctcQPYoIe%2Fb5YNaes%2F%2FpCmpzXSTBmRkVZkm"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a0f86bc-MAD
expires
Wed, 29 Nov 2023 05:47:46 GMT
64a2aeddcb222edc5b1df6c3055df328.jpg
genialskin.click/fim/739-PT/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/64a2aeddcb222edc5b1df6c3055df328.jpg
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64f06bc81a732e876ce54fdae5ea0eb85ef861329306962bd2dad24ff1cfbc3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7523
alt-svc
h3=":443"; ma=86400
content-length
1763
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 06:11:38 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVcbDhbL69HdCblgxcdTnv%2B1tAR%2FgnEPn5RVspoWw5EM8MVjGeRq%2Fesc0t%2Bd2YrDXMUKJuIrMLyHq%2FswmQwTtDojGc1HHW1fc1VapFSWVpllA2GYRVvZG%2FnKAasU73OFiYC%2F"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a1286bc-MAD
expires
Wed, 29 Nov 2023 08:44:01 GMT
092d87bc175fab8cccf81fe0dd35ab65.png
genialskin.click/fim/739-PT/ 		972 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/092d87bc175fab8cccf81fe0dd35ab65.png
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c86fc6524af3fab1567a1206ea20eca001d2b8eaa06b1fef573a7319f45c467c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18098
alt-svc
h3=":443"; ma=86400
content-length
972
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 05:47:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXJ%2BH5QmADiKs4u9vbPhj7yJ2D934EUVgQ75PDdUWYPdk%2BTG7g%2FhOCwPB0dMMHcK2IypSWExza3wVrGgXPE1XCx0Oq%2BpYxQOxUDmGC8aBRYs08Ds3s7vRnBIdaRDmP6q0vhd"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a1686bc-MAD
expires
Wed, 29 Nov 2023 05:47:46 GMT
26a86a26ceda6a1ca99750d509054015.jpg
genialskin.click/fim/739-PT/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/26a86a26ceda6a1ca99750d509054015.jpg
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10ba49eb3165c20fb10cb5b2abc25543b9876aa66914075d33f2818e990b6436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
11229
alt-svc
h3=":443"; ma=86400
content-length
1383
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 06:11:38 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fw5NJBfkg1jdz5d%2FLfG285mCPA01N0YwBMt4EtUa2sAT3dsTzhNfhLBHs3tBuuleW6wTCTGnQ2Jliv3BTIRguTGpiaAQhBGk6cfEG5CNecdmiZQ%2BmNYETHr7npR%2B4H8IfF0p"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a1a86bc-MAD
expires
Wed, 29 Nov 2023 07:42:15 GMT
4e705155f66bbba242a3efa5a4626ec3.jpg
genialskin.click/fim/739-PT/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/4e705155f66bbba242a3efa5a4626ec3.jpg
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5665269840fa23faac662dba33673aab6d0f06fcf1edca2fea09f669ce6baaad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18098
alt-svc
h3=":443"; ma=86400
content-length
2066
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 05:47:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64POslAIQACwWpW53hAav%2FMEH4nhx0267ofn220oRM22xPZ9E6FizcEaetCvtn16EPTyezWN%2BtRzdTFwyw5XmYQS06th4fTr39wsUODIaZvmCN9G5%2Bkk9WMzFZCW8GmzqehU"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a1e86bc-MAD
expires
Wed, 29 Nov 2023 05:47:46 GMT
5fa0973ee9785fc2644d91fac9b7a07d.jpg
genialskin.click/fim/739-PT/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/5fa0973ee9785fc2644d91fac9b7a07d.jpg
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc8256b0fffc5021485dde1e5e990f82702a6f3a1a220844d00392bd9bedc63a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
8845
alt-svc
h3=":443"; ma=86400
content-length
1617
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 08:08:22 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vy%2BxFuyr8EOw62ny6zJlzsNWBkGJEbgSpJ8o6u%2B8crL2YDotdFZVvkg7I%2BsElw8h0efBQ2NPPdVaIiNfH2NU%2BZn3luZbofTJSNghqDYoHb3AUkvu6jW1xhLkfipAYzeWoA6x"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a2086bc-MAD
expires
Wed, 29 Nov 2023 08:21:59 GMT
d46ec8401c455ccd2323c555eab37c05.jpg
genialskin.click/fim/739-PT/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/d46ec8401c455ccd2323c555eab37c05.jpg
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
017340e629175dbd707d31be94c707731fe6f51be004f85e3d50b960f34ea081
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6768
alt-svc
h3=":443"; ma=86400
content-length
2071
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 06:46:36 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbxH%2FDfyScQEl6zl02v4Fl9pSqGSv%2Fp25U%2B%2BQIGO3Leaaoe3tchA5MyBNmuHgOZ04XUnglynh%2Fz5F4ujHji7hPu3n3eaxu7ERJyt6rO4JBQc7DFycL2RfNsZzI%2BGbn11oa8P"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a2386bc-MAD
expires
Wed, 29 Nov 2023 08:56:36 GMT
305c7548c2e8437d9dea7f0c62a6aa85.jpg
genialskin.click/fim/739-PT/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/305c7548c2e8437d9dea7f0c62a6aa85.jpg
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be56734e3715aba63d80e9cea86b1d0484215d05d8ccd61d0851d1e6c21e5a97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7461
alt-svc
h3=":443"; ma=86400
content-length
2125
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 08:23:40 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9fbdjA3T8184DHq36zEU2sYAXWwXC4BIT5BmtKr4ogNGkCKgmfprjIfGWANjVxYyiby80OFNbQ4SCdg2WHG6xjUqCYMp9Pm50w5Y%2F5w9w683lqBqFwcawETife4ZWfWd2EPS"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a2786bc-MAD
expires
Wed, 29 Nov 2023 08:45:03 GMT
5d9d5e49dbecee8d47a89d40d6174390.jpg
genialskin.click/fim/739-PT/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/5d9d5e49dbecee8d47a89d40d6174390.jpg
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5deddf7c5858ea17a9c6113f84b6624e75e00efaba9a11da2c7aae49ce0d8861
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
8025
alt-svc
h3=":443"; ma=86400
content-length
2081
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 07:26:12 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5V88JVtZWtk%2FR6PHbMAxamQJMVCVk%2FCZu9qecgoXsWh5E0FlEtHOZxPUTzTjErwmI55Pp6nqtBtNzKMRQD7vrklphU7RWmE7jxWTLrvVvPsb5no8MNjiY3MRbCV6EVmwaxzC"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a2b86bc-MAD
expires
Wed, 29 Nov 2023 08:35:39 GMT
c1c80e7d8347acea95182b65bbc9aa39.jpg
genialskin.click/fim/739-PT/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/c1c80e7d8347acea95182b65bbc9aa39.jpg
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e061934e3e59bb4572a66216f0474b7cf744596985c83893ab7146cb4b76292f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18098
alt-svc
h3=":443"; ma=86400
content-length
1998
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 05:47:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xkz563c0ubigAcyb%2FylwG6TkzmdrXnImLNgmLmMwZWnfELSO%2F5VCVokE1vAK6lXfWS7WEHcJsfBwcNt0lbYxgL0JhOTokjAWjdmYIPBmMjCJbm4MGZ8K123IY7PYeNArrclt"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a2d86bc-MAD
expires
Wed, 29 Nov 2023 05:47:46 GMT
5676de59edbf81f14c80ea86aa10e426.png
genialskin.click/fim/739-PT/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://genialskin.click/fim/739-PT/5676de59edbf81f14c80ea86aa10e426.png
Requested by
Host: genialskin.click
URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18098
alt-svc
h3=":443"; ma=86400
content-length
5389
x-xss-protection
1; mode=block
last-modified
Wed, 22 Nov 2023 05:47:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJhnVf7qjkJ%2BM1pyKd7rgF7rH85Ic31Yq6KO%2BsLigQLhaht7C4YI%2F9huZP7IMAVUQs6vEph8culm7RGWxcJ1JVsQV3XU7cfINCe%2B4uMlPK4No5aT3MH6uIxW6O7sBia3ShaO"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b099a3086bc-MAD
expires
Wed, 29 Nov 2023 05:47:46 GMT
fa-solid-900.woff2
genialskin.click/assets/vendors/fontawesome/webfonts/ 		78 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/vendors/fontawesome/webfonts/fa-solid-900.woff2
Requested by
Host: genialskin.click
URL: https://genialskin.click/assets/vendors/fontawesome/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://genialskin.click/assets/vendors/fontawesome/css/all.css
Origin
https://genialskin.click
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
516181
alt-svc
h3=":443"; ma=86400
content-length
80252
x-xss-protection
1; mode=block
last-modified
Mon, 19 Jul 2021 19:00:02 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
font/woff2
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yC%2FhR5%2BVT%2Bq%2FSARFI68B4HCPBDrqTjg%2FQF5JCAkEvZwsotnt6TFAGXlOXakja4mO2sx0ybc8x7rgls%2FFFN8PQU8v4mavTIgUCjzqOX4cLIpA12qYZX0M9rG3pFs%2BX35Z85KA"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b09ba7686bc-MAD
expires
Thu, 23 Nov 2023 11:26:23 GMT
fa-regular-400.woff2
genialskin.click/assets/vendors/fontawesome/webfonts/ 		13 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/assets/vendors/fontawesome/webfonts/fa-regular-400.woff2
Requested by
Host: genialskin.click
URL: https://genialskin.click/assets/vendors/fontawesome/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://genialskin.click/assets/vendors/fontawesome/css/all.css
Origin
https://genialskin.click
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
516163
alt-svc
h3=":443"; ma=86400
content-length
13588
x-xss-protection
1; mode=block
last-modified
Mon, 19 Jul 2021 19:00:02 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
font/woff2
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mZnD4YjuUMy1sgaaVdYaUgs%2F0vXqw4n2ZMwRRoKFNfcSZgi2bDtwfCrDrd3t9hXFsYnCmy6JkhmYrqHJsy4VZgPlurS8Oo3sB0D5%2FQX2FY4Lhend9zuz6cxGcRksIz5yedPF"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
82a09b09ba7786bc-MAD
expires
Thu, 23 Nov 2023 11:26:41 GMT
9a788b10ee5544474cf3e4bf49c98dc7
genialskin.click/ 		25 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Requested by
Host: genialskin.click
URL: https://genialskin.click/inc/msg.v3.js?655ddcb3c82fd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c17435e1a09ed89d29dab00015da616c16e39da1c5daf5f8c8026dcbcf5836a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 22 Nov 2023 10:49:25 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/json
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjFjztXKdaJUnPSR8vPUF8Kosf1eAudy1GjnrPFhCJZURK1eQ6LBSyp%2FWsGhz8S119lGwnHDAAgkEAH6KXMR3DQE2MzEucLI1rp7Gk4n5LckYZ6lvSVpJ0y%2F%2F1T3kNWh7Q4M"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate
cf-ray
82a09b0a8bc186bc-MAD
expires
Thu, 19 Nov 1981 08:52:00 GMT
js
www.googletagmanager.com/gtag/ 		240 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-DKB9VH2QW4&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5FVHZX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
dddba4bb9937dad9f89a73b0029fea741ebcef3b65d5edec46be5cdf15a01e2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:49:25 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85300
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 10:49:25 GMT
collect
region1.google-analytics.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-DKB9VH2QW4&gtm=45je3b81v884746590z8844508622&_p=1700650164604&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1973776355.1700650165&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1700650165&sct=1&seg=0&dl=https%3A%2F%2Fgenialskin.click%2F9a788b10ee5544474cf3e4bf49c98dc7&dr=https%3A%2F%2Fbriskarks.com%2F&dt=%5B1%5D%20Recompensa%20Pendente%20-%20Online%20Survey%20-%20Queremos%20sua%20opini%C3%A3o!&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2593
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DKB9VH2QW4&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://genialskin.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 10:49:25 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://genialskin.click
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v9e118mez8
event.trk-essursta.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-essursta.com/register/event_log/v9e118mez8
Requested by
Host: trk-essursta.com
URL: https://trk-essursta.com/scripts/push/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://genialskin.click/
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-type
application/json

Response headers

expires
0
date
Wed, 22 Nov 2023 10:49:25 GMT
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LxkJAFYmDhh%2FumETGXifFG8QR0ktlzLo80KvRupZ%2Fy77GODBGaARzgK0gEDdM1oR%2Fy%2BDejTz0qi7jnf4tE2N49TMfmzBoJJQvhDkN2uLypGhQ9VobNQ7WvwdBESivip0u4EhK5X1kL5R"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
access-control-expose-headers
Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray
82a09b0df8722fcb-MAD
x-pushplatformapp-params
v9e118mez8
event.trk-essursta.com/register/event_log/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.trk-essursta.com/register/event_log/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://genialskin.click
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
82a09b0d1e762fcb-MAD
content-length
0
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
date
Wed, 22 Nov 2023 10:49:25 GMT
expires
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fsAkqbxq%2FiQIdHHvcLNPpcGokncfzdqQ2bIq1KN8n37NQZg4d6ePrUNxElLED8WUjFW%2Bfd0PoJFwTF6Bp52K6VeEgsB2iqGnNOxXK9hdtZX3Hr0W9wLLvSuiDO3mqDz0r8h38F%2FQBZ78"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
v9e118mez8
event.trk-essursta.com/register/event_log/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.trk-essursta.com/register/event_log/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://genialskin.click
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
82a09b0d1e732fcb-MAD
content-length
0
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
date
Wed, 22 Nov 2023 10:49:25 GMT
expires
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8pCzq5JM1dwLsLuNHjEJqqK8vuajJQ1sy52DBL0vYa3YXNwwWIVgSE4ICWllGIz2GwaKOu5QAiW1b3WOEJ2WdGr6OVMivymUZOfUD99UAfQUCt7imwu%2BuZk%2BzAH9831j8zYjujS78uYx"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
v9e118mez8
event.trk-essursta.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-essursta.com/register/event_log/v9e118mez8
Requested by
Host: trk-essursta.com
URL: https://trk-essursta.com/scripts/push/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://genialskin.click/
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-type
application/json

Response headers

expires
0
date
Wed, 22 Nov 2023 10:49:25 GMT
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IvYeQMzNghEs8BjDEKo%2BnkqkLsWXyp64xaUzlZotKontY7QDC5p%2BV5Y5JtBMyDPKlooClJd8CqbVDcpAKNVSdzlyqI6RUJpVv%2F%2Fl91rpM8AzsDPWTshy18%2FIFQ7exHyoiKtK1CnO6rYz"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
access-control-expose-headers
Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray
82a09b0df86e2fcb-MAD
x-pushplatformapp-params

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

141 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| _0x4eba function| _0x3ccf function| pushCount object| MYCALL string| s1 string| s2 string| fp string| esource string| pshpub string| pshdomain string| pshfingerprint object| dataLayer object| _0xc21e function| _0xe65c function| $ function| jQuery object| bootstrap number| refresh_page function| startTimer number| duration undefined| time undefined| refresh function| startINTSurvey function| startQuestion function| startSurveyDub function| showSurveyDub object| _0xc26e function| _0xe63c string| LNG string| CMP string| CNT string| BID string| FNP string| CMPID string| API_URL object| _0xc38e function| _0xe31c object| currentdate object| months function| a0_0x441f14 string| attrChoices string| domain string| pipeline string| zipcode string| state_selected boolean| skip_modal_email boolean| email_send_modal object| states function| birthdayFill function| beforeShowQuestion function| showOfferWall function| createQuestion function| sendOf function| runT function| replaceUrlParam function| startsurvey function| nextQuestion function| formatPhoneNumber function| overflowP function| switchTypeQuestions function| validatePhone function| validateEmail function| validateZip function| sendZipIp function| validateHeightF function| validateHeightI function| validateWeight function| validateAll function| validateName function| validateLName function| a0_0x5353 function| validateBirthday function| days function| daysInMonth function| dashedNumber function| alpha function| validateKeyStrokes function| showStreetState function| leadgenForm function| emailPixel function| startSurveyU function| switchTypeQuestionsU function| nextQuestionU function| showOfferWallU function| validateData function| showStreetStateU function| showDisclaimer function| preventS function| a0_0x830a string| aff_id string| click_id string| Brand string| lpid string| lpow object| prepop string| emailURL string| phoneURL string| zipcodeURL string| cityURL string| stateURL string| languageCode string| countryCode string| popUrl function| putVarCommon function| count_p function| mfq_tags function| showEmailModal function| hideM object| _0xc47e function| _0xe10c number| advEmail number| email_pixel string| prod_var object| _0xc0e function| _0xe59c number| answered number| prevProgress number| stepsTotal number| progress string| cheerstx string| txt function| cheers function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal

4 Cookies

Domain/Path Name / Value
briskarks.com/ Name: uid1782
Value: 1091548992-20231122054922-f66892ec193f071981709bdea5a73879-0
genialskin.click/ Name: PHPSESSID
Value: 34befe5eaa869c01906c2499c82584c0
.genialskin.click/ Name: _ga_DKB9VH2QW4
Value: GS1.1.1700650165.1.0.1700650165.0.0.0
.genialskin.click/ Name: _ga
Value: GA1.1.1973776355.1700650165

1 Console Messages

Source Level URL
Text
other error URL: https://genialskin.click/9a788b10ee5544474cf3e4bf49c98dc7
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

briskarks.com
event.trk-essursta.com
genialskin.click
realtormclean.com
region1.google-analytics.com
trk-essursta.com
www.googletagmanager.com
109.72.124.105
172.217.16.200
188.114.96.3
216.239.32.36
37.44.198.195
017340e629175dbd707d31be94c707731fe6f51be004f85e3d50b960f34ea081
02929809fec33d1cfeae7218929323b56d75c0adfcda9998ece028faefdabf3e
0e3a1f318e7c5db810bd0f319c2cb863472190d32cd269ddc72f3dce455d92e6
10ba49eb3165c20fb10cb5b2abc25543b9876aa66914075d33f2818e990b6436
1d16521cd7363eb436256558079562d358851331589f251d44c4e1d316b48155
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
448b2102656fc14a1cd8cc0e30a1d41aca27281ed91b00fb7cf5a23c7d8f8749
4494c69afed09e8bb02dc10d4be3adaed00aa6479d838bd8ed1bf3119132004d
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
5665269840fa23faac662dba33673aab6d0f06fcf1edca2fea09f669ce6baaad
5deddf7c5858ea17a9c6113f84b6624e75e00efaba9a11da2c7aae49ce0d8861
64f06bc81a732e876ce54fdae5ea0eb85ef861329306962bd2dad24ff1cfbc3b
651646bcc62abf0d295e8fb22310dc0b2ac719c65f72dc6563d00e47783f154f
6659b4426a9dba95133c0e3b27b5d952d6cc1e574b88640a7e7bcec354d902c1
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
8c17435e1a09ed89d29dab00015da616c16e39da1c5daf5f8c8026dcbcf5836a
91bb7c79d44465320936cfc7bff260ae1c898d02f0556560cd3d0b7240cbe45c
91caebaa07e970b9566eb195570097c03616d933955113dbfb1eced337a5f8b5
9437d87812b34d91f53e5421eeed60dd3aa108b42cb34f4a8dbb855a0531a55b
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
a22a94123a579d0841b66a282cff9747e8069ff90378025b2d13607b4fd07633
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
be56734e3715aba63d80e9cea86b1d0484215d05d8ccd61d0851d1e6c21e5a97
c65c15e3af0d349af61501f7749076aacef349171d95638bb475f800d8367084
c86fc6524af3fab1567a1206ea20eca001d2b8eaa06b1fef573a7319f45c467c
dddba4bb9937dad9f89a73b0029fea741ebcef3b65d5edec46be5cdf15a01e2a
e061934e3e59bb4572a66216f0474b7cf744596985c83893ab7146cb4b76292f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
e94fbec829bf5116af6e4155aa9d517e723bd9e26d99710dff7d788bca413786
fc8256b0fffc5021485dde1e5e990f82702a6f3a1a220844d00392bd9bedc63a