facemask3ply.com Open in urlscan Pro
185.98.131.209 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://facemask3ply.com/
Submission Tags: falconsandbox
Submission: On May 23 via api (May 23rd 2021, 1:53:55 pm UTC) from US

Summary HTTP 180 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 40 IPs in 5 countries across 32 domains to perform 180 HTTP transactions. The main IP is 185.98.131.209, located in France and belongs to RMI-FITECH, FR. The main domain is facemask3ply.com.

This is the only time facemask3ply.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	185.98.131.209 185.98.131.209	16347 (RMI-FITECH) (RMI-FITECH)
18	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	67.202.19.47 67.202.19.47	14618 (AMAZON-AES) (AMAZON-AES)
2 3	104.16.197.130 104.16.197.130	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	195.110.34.84 195.110.34.84	16347 (RMI-FITECH) (RMI-FITECH)
5	2a03:2880:f06... 2a03:2880:f067:e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
14	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1 2	95.216.228.15 95.216.228.15	24940 (HETZNER-AS) (HETZNER-AS)
4	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2a03:2880:f16... 2a03:2880:f164:81:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:809::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2016	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
4	54.230.108.162 54.230.108.162	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	52.216.152.158 52.216.152.158	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	54.192.219.116 54.192.219.116	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 7	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3	16509 (AMAZON-02) (AMAZON-02)
1	54.192.219.3 54.192.219.3	16509 (AMAZON-02) (AMAZON-02)
1	52.84.49.87 52.84.49.87	16509 (AMAZON-02) (AMAZON-02)
1	89.187.169.26 89.187.169.26	60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
1	185.59.220.194 185.59.220.194	60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
180	40

46 185.98.131.209 (France)

ASN16347 (RMI-FITECH, FR)

facemask3ply.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 192.0.77.37 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.19.47 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-67-202-19-47.compute-1.amazonaws.com

www.plumfund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.197.130 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

affiliates.jumia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kol.jumia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 195.110.34.84 (France) 1 redirects

ASN16347 (RMI-FITECH, FR)
PTR: vps32284.lws-hosting.com

affiliation.lws-hosting.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f067:e:face:b00c:0:3 (London, United Kingdom)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.216.228.15 (Helsinki, Finland) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.15.228.216.95.clients.your-server.de

static.getbutton.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f164:81:face:b00c:0:25de (London, United Kingdom)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.230.108.162 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-108-162.mrs52.r.cloudfront.net

d61yqm8xqnu62.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d1fs20pid4g0bw.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.152.158 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.219.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-219-116.mrs52.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.185.98 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.219.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-219-3.mrs52.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.49.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-49-87.mrs52.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.187.169.26 (Frankfurt am Main, Germany)

ASN60068 (CDN77 (^_^)/, GB)
PTR: unn-89-187-169-26.cdn77.com

cl.qualaroo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.59.220.194 (Frankfurt am Main, Germany)

ASN60068 (CDN77 (^_^)/, GB)
PTR: unn-185-59-220-194.datapacket.com

dntcl.qualaroo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	facemask3ply.com facemask3ply.com	217 KB
26	wp.com c0.wp.com stats.wp.com pixel.wp.com i2.wp.com i1.wp.com i0.wp.com	147 KB
16	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	277 KB
14	youtube.com www.youtube.com	723 KB
13	gstatic.com fonts.gstatic.com www.gstatic.com	207 KB
13	doubleclick.net 3 redirects googleads.g.doubleclick.net static.doubleclick.net cm.g.doubleclick.net	32 KB
7	googleapis.com fonts.googleapis.com ajax.googleapis.com	113 KB
5	facebook.net connect.facebook.net	197 KB
5	lws-hosting.com 1 redirects affiliation.lws-hosting.com	51 KB
4	cloudfront.net d61yqm8xqnu62.cloudfront.net d1fs20pid4g0bw.cloudfront.net	122 KB
4	facebook.com www.facebook.com	551 B
4	google.com adservice.google.com www.google.com	14 KB
4	google-analytics.com www.google-analytics.com	40 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	62 KB
3	jumia.com 2 redirects affiliates.jumia.com kol.jumia.com	1 KB
2	qualaroo.com cl.qualaroo.com dntcl.qualaroo.com	48 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	765 B
2	googletagservices.com www.googletagservices.com	64 KB
2	google.de adservice.google.de	922 B
2	getbutton.io 1 redirects static.getbutton.io	85 KB
2	plumfund.com www.plumfund.com	12 KB
1	innovid.com ag.innovid.com	297 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	455 B
1	mookie1.com odr.mookie1.com	609 B
1	quantserve.com cms.quantserve.com	464 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
1	amazonaws.com s3.amazonaws.com	727 B
1	ytimg.com i.ytimg.com	80 KB
1	ggpht.com yt3.ggpht.com	2 KB
1	googleadservices.com partner.googleadservices.com	645 B
1	googletagmanager.com www.googletagmanager.com	35 KB
180	32

	Domain	Requested by
46	facemask3ply.com	facemask3ply.com c0.wp.com
18	c0.wp.com	facemask3ply.com c0.wp.com
14	www.youtube.com	facemask3ply.com www.youtube.com c0.wp.com
11	fonts.gstatic.com	www.youtube.com fonts.googleapis.com
8	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
8	pagead2.googlesyndication.com	facemask3ply.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
7	cm.g.doubleclick.net	3 redirects facemask3ply.com googleads.g.doubleclick.net
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.youtube.com googleads.g.doubleclick.net
5	connect.facebook.net	facemask3ply.com connect.facebook.net www.plumfund.com
5	affiliation.lws-hosting.com	1 redirects facemask3ply.com c0.wp.com affiliation.lws-hosting.com
4	fonts.googleapis.com	www.plumfund.com googleads.g.doubleclick.net ajax.googleapis.com
4	www.facebook.com	facemask3ply.com connect.facebook.net www.plumfund.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.plumfund.com
3	ajax.googleapis.com	affiliation.lws-hosting.com d61yqm8xqnu62.cloudfront.net
3	d61yqm8xqnu62.cloudfront.net	www.plumfund.com
3	i2.wp.com	facemask3ply.com
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	www.gstatic.com	www.youtube.com googleads.g.doubleclick.net
2	www.google.com	www.youtube.com tpc.googlesyndication.com
2	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	static.getbutton.io	1 redirects facemask3ply.com
2	kol.jumia.com	1 redirects facemask3ply.com
2	www.plumfund.com	facemask3ply.com www.plumfund.com
2	stats.wp.com	facemask3ply.com
1	dntcl.qualaroo.com	cl.qualaroo.com
1	cl.qualaroo.com	s3.amazonaws.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	d1fs20pid4g0bw.cloudfront.net	www.plumfund.com
1	static.hotjar.com	www.plumfund.com
1	maxcdn.bootstrapcdn.com	affiliation.lws-hosting.com
1	s3.amazonaws.com	www.plumfund.com
1	i.ytimg.com	www.youtube.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	i0.wp.com	facemask3ply.com
1	i1.wp.com	facemask3ply.com
1	pixel.wp.com	facemask3ply.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	affiliates.jumia.com	1 redirects
1	www.googletagmanager.com	facemask3ply.com
180	48

This site contains links to these domains. Also see Links.

Domain
www.boostersite.com
www.plumfund.com
c.jumia.io
affiliation.lws-hosting.com
siteorigin.com
1xglobalbet.com
wa.me
getbutton.io

Subject Issuer	Validity	Valid
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.plumfund.com Amazon	`2020-09-23` - `2021-10-25`	a year	crt.sh
jumia.com GoGetSSL RSA DV CA	`2020-09-01` - `2021-10-03`	a year	crt.sh
affiliation.lws-hosting.com R3	`2021-05-07` - `2021-08-05`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.getbutton.io Sectigo RSA Domain Validation Secure Server CA	`2019-09-26` - `2021-09-23`	2 years	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2021-02-22` - `2022-02-21`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2020-08-04` - `2021-08-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
cl.qualaroo.com R3	`2021-05-04` - `2021-08-02`	3 months	crt.sh
dntcl.qualaroo.com R3	`2021-05-14` - `2021-08-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh

This page contains 14 frames:

Primary Page: http://facemask3ply.com/
Frame ID: 41323A511876D40FD99399F878319730
Requests: 98 HTTP requests in this frame

Frame: https://www.youtube.com/embed/pK_tquYwOLk
Frame ID: C82E2784C91B9772DEF06578E011D2EC
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html
Frame ID: 8C6DD4CCB12B73D59840966500EB4BED
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6690374941293509&output=html&adk=1812271804&adf=3025194257&lmt=1621778016&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=http%3A%2F%2Ffacemask3ply.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1621778016162&bpp=9&bdt=470&idt=137&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3757674247192&frm=20&pv=2&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=157
Frame ID: 3362295117ACE67E3650486B2FB23446
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/pK_tquYwOLk
Frame ID: 24AD452336DE1A22AD6BFF9700581685
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6690374941293509&output=html&h=280&adk=2119092829&adf=588723724&pi=t.aa~a.2008826190~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1621778016&rafmt=1&to=qs&pwprc=7099420590&tp=site_kit&psa=0&format=1200x280&url=http%3A%2F%2Ffacemask3ply.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621778016470&bpp=6&bdt=778&idt=6&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3757674247192&frm=20&pv=1&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3007&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Rbslr1OjvG&p=http%3A//facemask3ply.com&dtd=21
Frame ID: F7DEF0FBED4093EF7D52A5FF85E70A6D
Requests: 15 HTTP requests in this frame

Frame: https://affiliation.lws-hosting.com/banners/viewwidget/83/451273079/com/default/Commandez/blank/fra
Frame ID: 81C08603A7821EF8EA0D3F0183D678B0
Requests: 5 HTTP requests in this frame

Frame: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus
Frame ID: B83538FA976135E2B90DCA16CC9B5F22
Requests: 26 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F3E44B953ED084753808897C49153B19
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/iqM-SLf9DiRkdYr6mfBBlocjM-gQZqw7kKSrrObPMLw.js
Frame ID: 94080ADF1664328DD463219F9B9A3955
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html
Frame ID: 8D20418D651833CFD95DC9BB2975E1E8
Requests: 1 HTTP requests in this frame

Frame: https://dntcl.qualaroo.com/frame.html
Frame ID: BF5D27419F8A54466A1729166B5D15A6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: B191B7C968698191FFC3EF282A4FC5EE
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C01342173D47C3F2335F8714C449254B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

180
Requests

73 %
HTTPS

50 %
IPv6

32
Domains

48
Subdomains

40
IPs

5
Countries

2536 kB
Transfer

9094 kB
Size

1
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://www.boostersite.com/
Title: <img src="https://i2.wp.com/www.boostersite.com/css/glacial/boostersite-logo.gif?resize=200%2C80" width="200" height="80" alt="Booste le trafic de ton site" data-recalc-dims="1" />

Search URL Search Domain Scan URL

URL: https://www.plumfund.com/
Title: Powered by Plumfund

Search URL Search Domain Scan URL

URL: https://c.jumia.io/?a=69758&c=1123&p=r&E=kkYNyk2M4sk%3D&utm_campaign=69758&utm_term=

Search URL Search Domain Scan URL

URL: https://affiliation.lws-hosting.com/statistics/click/281/451273079

Search URL Search Domain Scan URL

URL: http://%3Ca%20href%3D/
Title: <img src="https://i2.wp.com/affiliates.jumia.com/banners/tL6imDZp5pjDD5FPJ5GSE4614z4RmYFFvTJ1DqVZ.jpeg?w=720&ssl=1" data-recalc-dims="1" />

Search URL Search Domain Scan URL

URL: https://c.jumia.io/?a=69758&c=447&p=r&E=kkYNyk2M4sk%3D&utm_campaign=69758&utm_term=
Title: <img src="https://i2.wp.com/affiliates.jumia.com/banners/tL6imDZp5pjDD5FPJ5GSE4614z4RmYFFvTJ1DqVZ.jpeg?w=720&ssl=1" data-recalc-dims="1" />

Search URL Search Domain Scan URL

URL: https://siteorigin.com/
Title: SiteOrigin

Search URL Search Domain Scan URL

URL: https://1xglobalbet.com/en/
Title: https://1xglobalbet.com/en/

Search URL Search Domain Scan URL

URL: https://wa.me/212674870515
Title: Message us

Search URL Search Domain Scan URL

URL: http://getbutton.io/?utm_campaign=multy_widget&utm_medium=widget&utm_source=facemask3ply.com
Title: GetButton

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://affiliates.jumia.com/banners/Jumia%20Morocco/BannireCatgorieTVs/Banni%C3%A8re-Cat%C3%A9gorie-TV_31.png HTTP 301
https://kol.jumia.com/ HTTP 302
https://kol.jumia.com/login

Request Chain 40

https://affiliation.lws-hosting.com/banners/viewbanner/281/451273079 HTTP 302
https://affiliation.lws-hosting.com/img/banners/1549956619.gif

Request Chain 70

http://static.getbutton.io/widget-send-button/js/init.js HTTP 302
https://static.getbutton.io/widget/bundle.js

Request Chain 158

https://rtb.openx.net/sync/dds?google_gid=CAESEFB-1vfduFz-PO607i6zY8A&google_cver=1&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4 HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEFB-1vfduFz-PO607i6zY8A&google_cver=1&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4&google_hm=DLMX2oFLwPY0JOaDRi4xCg== HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4&google_hm=DLMX2oFLwPY0JOaDRi4xCg==&google_tc=

Request Chain 159

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEgg93dYDn2nqn-1JSTyOmI&google_cver=1&google_push=AQvitUI0uf70asPCA-h4Wl2RMzsKsrN-I8iUcAIK7m_2Gfkq5ad3HSup5ZPQebmufBfrAy9WZhSDWw7HN1AjqonKDyQReHRkPrg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEgg93dYDn2nqn-1JSTyOmI&google_cver=1&google_push=AQvitUI0uf70asPCA-h4Wl2RMzsKsrN-I8iUcAIK7m_2Gfkq5ad3HSup5ZPQebmufBfrAy9WZhSDWw7HN1AjqonKDyQReHRkPrg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q4WU3VzcSiGHTWr7izgZtw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI0uf70asPCA-h4Wl2RMzsKsrN-I8iUcAIK7m_2Gfkq5ad3HSup5ZPQebmufBfrAy9WZhSDWw7HN1AjqonKDyQReHRkPrg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q4WU3VzcSiGHTWr7izgZtw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI0uf70asPCA-h4Wl2RMzsKsrN-I8iUcAIK7m_2Gfkq5ad3HSup5ZPQebmufBfrAy9WZhSDWw7HN1AjqonKDyQReHRkPrg&google_tc=

Request Chain 160

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECzjM_bZLW1cZeLvFt77Elo&google_cver=1&google_push=AQvitUKCUlbmYaDFakSdr_ifn1W58ZPg_o5zP_hCeHygsyX3HGmnXtqLYOjmNt1pFfGySnJHSFOj9zHlPqP2yGp-R4CZYiVjgA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AxOFJCMlotQy0yWklH&google_push=AQvitUKCUlbmYaDFakSdr_ifn1W58ZPg_o5zP_hCeHygsyX3HGmnXtqLYOjmNt1pFfGySnJHSFOj9zHlPqP2yGp-R4CZYiVjgA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AxOFJCMlotQy0yWklH&google_push=AQvitUKCUlbmYaDFakSdr_ifn1W58ZPg_o5zP_hCeHygsyX3HGmnXtqLYOjmNt1pFfGySnJHSFOj9zHlPqP2yGp-R4CZYiVjgA&google_tc=

Request Chain 161

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc=

180 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
facemask3ply.com/ 81 KB
18 KB 8129ms
8065ms Document
text/html 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx / PHP/7.4.16
Resource Hash: 2dd698676968c4ed71694505862da139b15725778c42a171904cdc3c1baa84ff

Request headers

Host: facemask3ply.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Sun, 23 May 2021 13:53:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 17899
Connection: keep-alive
X-Powered-By: PHP/7.4.16
Link: <http://facemask3ply.com/wp-json/>; rel="https://api.w.org/"
Set-Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D; expires=Mon, 24-May-2021 13:53:29 GMT; Max-Age=86400; path=/
Vary: Host,Accept-Encoding
Content-Encoding: gzip

GET
H2 200 style.min.css
c0.wp.com/c/5.6.4/wp-includes/css/dist/block-library/ 50 KB
7 KB 128ms
43ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.6.4/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

fe9ad9796d39e706fe661ddf90151c0ebc03251164354d55f1ee95ca06878b40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:35 GMT
content-encoding: br
last-modified: Wed, 17 Feb 2021 14:16:26 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:35 GMT

GET
H/1.1 200
OK vendors-style.css
facemask3ply.com/wp-content/plugins/woo-gutenberg-products-block/build/ 3 KB
1 KB 96ms
62ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/woo-gutenberg-products-block/build/vendors-style.css?ver=4.3.0
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: d074f9ef65d3f402c639eb3c9ca3d0e792c3b6d9b50e179850619b03ac511e43

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Sun, 31 Jan 2021 15:02:25 GMT
Server: nginx
ETag: "ccd-5ba3386752c8c-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1056

GET
H/1.1 200
OK style.css
facemask3ply.com/wp-content/plugins/woo-gutenberg-products-block/build/ 167 KB
19 KB 124ms
88ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/woo-gutenberg-products-block/build/style.css?ver=4.3.0
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 7b9465e174a7b4c78fb3fc6d88f7892336913139e67e38ee1471da815d38c004

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Sun, 31 Jan 2021 15:02:25 GMT
Server: nginx
ETag: "29ab3-5ba3386749fec-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18993

GET
H/1.1 200
OK style.css
facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/ 6 KB
1 KB 120ms
82ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/style.css?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: eb477584eed8af92a8c3297c4b2bae2596ddefeb54561a8dc5fa1ab3662515ff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:56:32 GMT
Server: nginx
ETag: "167b-5b8d0e3779ddb-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1014

GET
H/1.1 200
OK jquery-ui.min.css
facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/ 29 KB
7 KB 121ms
82ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/jquery-ui.min.css?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 21c07217d708902cdfee682027365ca578941782a3f6c431b833bad096d161fa

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:56:32 GMT
Server: nginx
ETag: "7557-5b8d0e3779ddb-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7376

GET
H/1.1 200
OK jquery-ui.theme.min.css
facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/ 13 KB
3 KB 123ms
82ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/jquery-ui.theme.min.css?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: fc4329759e39cfe4f35cf1a9e8c53343c77f1c8154f88f2adba18415c5f47bf9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:56:32 GMT
Server: nginx
ETag: "35eb-5b8d0e3779ddb-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2317

GET
H/1.1 200
OK jquery-ui.structure.min.css
facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/ 14 KB
5 KB 123ms
82ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/jquery-ui.structure.min.css?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 56da441e571ea4ef08b0150003a202420adaf871451fb22d8aa0379e9293bb2a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:56:32 GMT
Server: nginx
ETag: "39bd-5b8d0e3779ddb-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4747

GET
H/1.1 200
OK jquery.timepicker.css
facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/ 2 KB
752 B 157ms
62ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/css/jquery.timepicker.css?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 61c3f07bb7747bca2c8dbce7c68f2f88267f44a11dc474d342e289d761031207

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:56:32 GMT
Server: nginx
ETag: "708-5b8d0e3779ddb-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 460

GET
H/1.1 200
OK fast-affiliate-public.css
facemask3ply.com/wp-content/plugins/fast-affiliate/public/css/ 6 KB
1 KB 182ms
63ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/fast-affiliate/public/css/fast-affiliate-public.css?ver=1.0.0
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: fc2aca93db900e86617695358f604194e17ba784069aed82a26dc331d349bcc3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Sat, 21 Mar 2020 19:31:05 GMT
Server: nginx
ETag: "1743-5a162716a9c84-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1131

GET
H/1.1 200
OK page-visit-counter-public.css
facemask3ply.com/wp-content/plugins/page-visit-counter/public/css/ 270 B
504 B 181ms
61ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/page-visit-counter/public/css/page-visit-counter-public.css?ver=6.0.8
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 5b3761cd6757139d3ec75a841c6588cd6d8147a43e3f799eb332384860b1b884

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 23:44:37 GMT
Server: nginx
ETag: "10e-5bcaa6f0fd648-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 212

GET
H/1.1 200
OK ewd-uwpm-css.css
facemask3ply.com/wp-content/plugins/ultimate-wp-mail/css/ 416 B
478 B 183ms
61ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/ultimate-wp-mail/css/ewd-uwpm-css.css?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: de2f3f8f85d0772d16e470185c313b2534169c996379fcc1657dc40ec3d1f46d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:55:32 GMT
Server: nginx
ETag: "1a0-5b8d0dfe18903-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 186

GET
H2 200 woocommerce-layout.css
c0.wp.com/p/woocommerce/4.9.2/assets/css/ 17 KB
2 KB 155ms
74ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/css/woocommerce-layout.css

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1e6543448005ecb5417ffcc6c93a57746d6037100895bff0e7c9295f4ff4ac25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:35 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:35 GMT

GET
H2 200 woocommerce.css
c0.wp.com/p/woocommerce/4.9.2/assets/css/ 61 KB
8 KB 154ms
74ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/css/woocommerce.css

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

285e6033f270c397c9446502d02d015309789c30e4756cab1fc4ea473b1792bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:35 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:35 GMT

GET
H/1.1 200
OK style.css
facemask3ply.com/wp-content/themes/vantage/ 88 KB
16 KB 187ms
65ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/style.css?ver=1.14.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 0c9842b89221bf5d14cbfe6a472effa2cfd9a68b65c3de2eccc32b15fc681592

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "16071-59d1a63c33000-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15631

GET
H/1.1 200
OK font-awesome.css
facemask3ply.com/wp-content/themes/vantage/fontawesome/css/ 37 KB
8 KB 219ms
63ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/fontawesome/css/font-awesome.css?ver=4.6.2
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "9226-59d1a63c33000-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7439

GET
H/1.1 200
OK woocommerce.css
facemask3ply.com/wp-content/themes/vantage/css/ 12 KB
3 KB 225ms
62ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/css/woocommerce.css?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 353c3644aecba97db931d60f210854bf97134582f959120577afa016c44b513a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "30ee-59d1a63c33000-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2298

GET
H/1.1 200
OK mobilenav.css
facemask3ply.com/wp-content/themes/vantage/inc/mobilenav/css/ 3 KB
1 KB 243ms
62ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/inc/mobilenav/css/mobilenav.css?ver=1.14.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 0a005f9867c2f7988dc2e3f56d129a2ebb0530b6c1dc8d21cf63b211a2542074

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "a8d-59d1a63c33000-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 780

GET
H2 200 jquery-ui.min.css
c0.wp.com/p/woocommerce/4.9.2/assets/css/jquery-ui/ 29 KB
7 KB 154ms
74ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/css/jquery-ui/jquery-ui.min.css

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

885a3c3ed9990cf54ce828353610025f4a88a43581dab47d3d50daf3eb988fc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:35 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:35 GMT

GET
H/1.1 200
OK wcfmicon.min.css
facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/fonts/font-awesome/css/ 51 KB
11 KB 245ms
65ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/fonts/font-awesome/css/wcfmicon.min.css?ver=6.5.6
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: f184bf969d58b613a4af3ac3895756a7a2e485b0bc2cc8985d5ba96ec58c1d9d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:55:46 GMT
Server: nginx
ETag: "cb7b-5b8d0e0ba8352-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11214

GET
H/1.1 200
OK wcfm-style-core.css
facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/css/min/ 32 KB
7 KB 248ms
67ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/css/min/wcfm-style-core.css?ver=6.5.6
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 5b3629bf95588d63bd2cda59f7b591b2547fdc42b04576811bcc53d1ffab9006

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:55:46 GMT
Server: nginx
ETag: "8050-5b8d0e0b8dd73-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7007

GET
H/1.1 200
OK style.css
facemask3ply.com/wp-content/plugins/wp-my-instagram/css/ 1 KB
781 B 256ms
59ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wp-my-instagram/css/style.css?ver=1.0
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: c2743f1c4929b08ef28c37f355bd0b6b1cb12ae0f360654517792c3dd94d4f23

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:56:39 GMT
Server: nginx
ETag: "5ae-5b8d0e3e0a834-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 489

GET
H/1.1 200
OK select2.css
facemask3ply.com/wp-content/plugins/wc-frontend-manager/includes/libs/select2/ 15 KB
2 KB 283ms
60ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wc-frontend-manager/includes/libs/select2/select2.css?ver=6.5.6
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6c622bd9e40cb6e0cc09b5a7e851de29f65efd7b455355ca105122143f0b131b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:55:45 GMT
Server: nginx
ETag: "3b5b-5b8d0e0ae6d9a-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1984

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/9.3.1/css/ 75 KB
13 KB 152ms
73ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/9.3.1/css/jetpack.css

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

50230a768774ba88bdeb31d5bf3cdcd95b90248334753ab4256aed572396d97b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:35 GMT
content-encoding: br
last-modified: Tue, 05 Jan 2021 15:42:42 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:35 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/5.6.4/wp-includes/js/jquery/ 87 KB
30 KB 153ms
74ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.6.4/wp-includes/js/jquery/jquery.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:35 GMT
content-encoding: br
last-modified: Wed, 07 Oct 2020 16:33:25 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:35 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.6.4/wp-includes/js/jquery/ 11 KB
4 KB 152ms
74ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.6.4/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:35 GMT
content-encoding: br
last-modified: Thu, 19 Nov 2020 09:31:13 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:35 GMT

GET
H/1.1 200
OK front-end-script.js Show response
facemask3ply.com/wp-content/plugins/captcha-bank/assets/global/plugins/custom/js/ 307 B
487 B 287ms
63ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/captcha-bank/assets/global/plugins/custom/js/front-end-script.js?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: c0f31c5b0a354240e9e4ea2f86c923ab54cd995f619e4641a964ef90a21f4da3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:51:14 GMT
Server: nginx
ETag: "133-59d1a5f1d0080-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 181

GET
H/1.1 200
OK page-visit-counter-public.js Show response
facemask3ply.com/wp-content/plugins/page-visit-counter/public/js/ 838 B
785 B 304ms
64ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/page-visit-counter/public/js/page-visit-counter-public.js?ver=6.0.8
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 23:44:37 GMT
Server: nginx
ETag: "346-5bcaa6f0fd648-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 479

GET
H/1.1 200
OK ewd-uwpm-js.js Show response
facemask3ply.com/wp-content/plugins/ultimate-wp-mail/js/ 2 KB
882 B 311ms
65ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/ultimate-wp-mail/js/ewd-uwpm-js.js?ver=0.10b
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: cfc3ef90dc7a4f51e783a012512a5b0feb88c55f4d344481144d289e68f42b91

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:55:32 GMT
Server: nginx
ETag: "869-5b8d0dfe040e4-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 576

GET
H/1.1 200
OK aalstats.js Show response
facemask3ply.com/wp-content/plugins/wp-auto-affiliate-links/js/ 989 B
724 B 310ms
63ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wp-auto-affiliate-links/js/aalstats.js?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 265d49b8ace56978d396dd031f6b88cc3239ffbbd7f0fc2253ce0e6f1ee99020

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Sun, 31 Jan 2021 15:01:35 GMT
Server: nginx
ETag: "3dd-5ba3383774019-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 418

GET
H2 200 s-202120.js Show response
stats.wp.com/ 16 KB
6 KB 129ms
44ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/s-202120.js
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 21b1c346a04696c68f33050088b8bbda850a1d9c015bd70df23d7bb34f6d0e1c

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
server: nginx
etag: W/"5e98e496-3ec1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Mon, 16 May 2022 18:59:33 GMT

GET
H/1.1 200
OK jquery.flexslider.min.js Show response
facemask3ply.com/wp-content/themes/vantage/js/ 21 KB
6 KB 319ms
65ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/js/jquery.flexslider.min.js?ver=2.1
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 861633984052b34bcd62b9129716bbf86e928599eb753066a6561bd09e2e6425

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "54d0-59d1a63c33000-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6232

GET
H/1.1 200
OK jquery.touchSwipe.min.js Show response
facemask3ply.com/wp-content/themes/vantage/js/ 10 KB
4 KB 346ms
64ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/js/jquery.touchSwipe.min.js?ver=1.6.6
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8e3e93a4276ae2f64c11ebef48eed032ebc27bf21de4afc423679620a4f2e3bf

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "2803-59d1a63c33000-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3672

GET
H/1.1 200
OK jquery.theme-main.min.js Show response
facemask3ply.com/wp-content/themes/vantage/js/ 6 KB
3 KB 350ms
64ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/js/jquery.theme-main.min.js?ver=1.14.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: ac4cd4033ca11089bb4a296ecfbb9748b9e62b054cd2d57e082c02f67e7e9630

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "1794-59d1a63c33000-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2375

GET
H/1.1 200
OK jquery.fitvids.min.js Show response
facemask3ply.com/wp-content/themes/vantage/js/ 2 KB
1 KB 363ms
59ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/js/jquery.fitvids.min.js?ver=1.0
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: c0da056910229efad3d6ff2180c72f7afd6d33c035c78eef9fac2d0dca0348dd

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "6d2-59d1a63c33000-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 797

GET
H/1.1 200
OK mobilenav.min.js Show response
facemask3ply.com/wp-content/themes/vantage/inc/mobilenav/js/ 3 KB
1 KB 372ms
62ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/inc/mobilenav/js/mobilenav.min.js?ver=1.14.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 52fa3ce193ec29c5c45c4d4feacf866e326d8ca13b34727e4a7b091275e854f1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "bb2-59d1a63c33000-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1146

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 54ms
33ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-192128366-1

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f03b5b1c099aae95a9bbd2e039f916814a05579df63327e1015db3b2a4e20049

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35749
x-xss-protection: 0
last-modified: Sun, 23 May 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 23 May 2021 13:53:36 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 132 KB
47 KB 27ms
24ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66692834201188242d64623d532248275efe2ba80101490c96bdce4160b78188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47950
x-xss-protection: 0
server: cafe
etag: 4501822382306722350
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 23 May 2021 13:53:36 GMT

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 132 KB
47 KB 31ms
23ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66692834201188242d64623d532248275efe2ba80101490c96bdce4160b78188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 4501822382306722350
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 47950
X-XSS-Protection: 0
Expires: Sun, 23 May 2021 13:53:36 GMT

GET
H2 200 widget.js Show response
www.plumfund.com/a/ 1021 B
1 KB 423ms
136ms Script
application/javascript 67.202.19.47
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.plumfund.com/a/widget.js
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.19.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-19-47.compute-1.amazonaws.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: c28c0507be92b3cbb7e69d99861490fc0326d0e06c9817d7f5c3cd1f235732a8

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
last-modified: Tue, 16 Jun 2020 15:39:30 GMT
server: Apache/2.4.7 (Ubuntu)
age: 0
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
x-varnish: 217591560
accept-ranges: bytes
content-length: 487

GET
H2

200

https://affiliates.jumia.com/banners/Jumia%20Morocco/BannireCatgorieTVs/Banni%C3%A8re-Cat%C3%A9gorie-TV_31.png
https://kol.jumia.com/
https://kol.jumia.com/login

0
0

176ms
176ms

Image
text/html

104.16.197.130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kol.jumia.com/login
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.197.130 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Sun, 23 May 2021 13:53:36 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by: PHP/7.4.19
cf-request-id: 0a3b19c0cf00001f219c353000000001
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=UTF-8
location: https://kol.jumia.com/login
x-xss-protection: 1; mode=block
cache-control: no-cache, private
cf-ray: 653ec57aec151f21-FRA
x-lb: nginx-aws-b02

GET
H/1.1

200
OK

1549956619.gif
affiliation.lws-hosting.com/img/banners/
Redirect Chain

https://affiliation.lws-hosting.com/banners/viewbanner/281/451273079
https://affiliation.lws-hosting.com/img/banners/1549956619.gif

22 KB
22 KB

55ms
55ms

Image
image/gif

195.110.34.84
RMI-FITECH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://affiliation.lws-hosting.com/img/banners/1549956619.gif
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.110.34.84 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS: vps32284.lws-hosting.com
Software: Apache /
Resource Hash: b0ba986694e3e31218892d9f67dfe082aef02333652235e92bed97a102eee9e9

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Last-Modified: Tue, 12 Feb 2019 07:30:19 GMT
Server: Apache
ETag: "57eb-581ad65b158c0"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=199
Content-Length: 22507

Redirect headers

Date: Sun, 23 May 2021 13:53:36 GMT
Server: Apache
X-Powered-By: PHP/5.6.40-0+deb8u12
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Location: https://affiliation.lws-hosting.com/img/banners/1549956619.gif
Connection: Keep-Alive
Keep-Alive: timeout=5, max=200

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
facemask3ply.com/wp-includes/js/ 14 KB
5 KB 65ms
65ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-includes/js/wp-emoji-release.min.js?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Thu, 04 Feb 2021 08:24:07 GMT
Server: nginx
ETag: "3795-5ba7e6d69ce3e-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4662

GET
H2 200 woocommerce-smallscreen.css
c0.wp.com/p/woocommerce/4.9.2/assets/css/ 7 KB
976 B 47ms
45ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/css/woocommerce-smallscreen.css

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

22be0357130d21a331678da4e1ab7a17c08cdaf0f085f9e7ee864eef7b74ef07

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H/1.1 200
OK style.css
facemask3ply.com/wp-content/plugins/wp-auto-affiliate-links/css/ 3 KB
1 KB 64ms
63ms Stylesheet
text/css 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wp-auto-affiliate-links/css/style.css?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: c9281fac8a54235faf79a5011acf4e5a3a5f7cb844a9f3dfc93988ca9cbf77f0

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Sun, 31 Jan 2021 15:01:35 GMT
Server: nginx
ETag: "af5-5ba3383777e99-gzip"
Vary: Host,Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 867

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/9.3.1/_inc/build/photon/ 758 B
472 B 39ms
39ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/9.3.1/_inc/build/photon/photon.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Tue, 31 Mar 2020 17:26:38 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H2 200 core.min.js Show response
c0.wp.com/c/5.6.4/wp-includes/js/jquery/ui/ 20 KB
6 KB 44ms
40ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.6.4/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Fri, 26 Mar 2021 17:23:20 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H2 200 datepicker.min.js Show response
c0.wp.com/c/5.6.4/wp-includes/js/jquery/ui/ 35 KB
10 KB 44ms
40ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.6.4/wp-includes/js/jquery/ui/datepicker.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

60e04dcb9483e44801771aab65df07bfa3fabbaf9a4386fd05f568d0e4d8710d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Fri, 26 Mar 2021 17:23:20 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H/1.1 200
OK jquery.timepicker.min.js Show response
facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/js/ 15 KB
5 KB 73ms
70ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/js/jquery.timepicker.min.js?ver=1.12
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: f7396b354608a930e9000f1a74623f0de84cfac53bb665a690eb59c248772c23

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:56:32 GMT
Server: nginx
ETag: "3b6d-5b8d0e377307b-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5081

GET
H/1.1 200
OK byconsolewooodt.js Show response
facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/js/ 2 KB
843 B 70ms
66ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/js/byconsolewooodt.js?ver=1.12
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 719daec374e638eb6e8c7f8ecf8a44b10dcb9a55be642860852f9df7f6bf3348

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:56:32 GMT
Server: nginx
ETag: "7ad-5b8d0e377307b-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 537

GET
H/1.1 200
OK fast-affiliate-public.js Show response
facemask3ply.com/wp-content/plugins/fast-affiliate/public/js/ 3 KB
906 B 70ms
67ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/fast-affiliate/public/js/fast-affiliate-public.js?ver=1.0.0
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 706c5d9a1d333f1104c18c75d500f00c565042a0c98728cd9ddf540de3e31506

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Sat, 21 Mar 2020 19:31:05 GMT
Server: nginx
ETag: "a74-5a162716a9c84-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 600

GET
H2 200 jquery.blockUI.min.js Show response
c0.wp.com/p/woocommerce/4.9.2/assets/js/jquery-blockui/ 9 KB
3 KB 46ms
43ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/js/jquery-blockui/jquery.blockUI.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

120aaf6681ca6d34a40c559779f0a0038582a79fce1b868ff901c94d27c89c72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H2 200 add-to-cart.min.js Show response
c0.wp.com/p/woocommerce/4.9.2/assets/js/frontend/ 3 KB
1003 B 48ms
44ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/js/frontend/add-to-cart.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H2 200 js.cookie.min.js Show response
c0.wp.com/p/woocommerce/4.9.2/assets/js/js-cookie/ 2 KB
927 B 48ms
44ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/js/js-cookie/js.cookie.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

50de09b0bb8d0ac656aa9b3a1e4ef58a3f2d1abd734cad68b0e12191e9d215ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H2 200 woocommerce.min.js Show response
c0.wp.com/p/woocommerce/4.9.2/assets/js/frontend/ 2 KB
697 B 48ms
44ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/js/frontend/woocommerce.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

723e0701a1d2e7f0d8bee5cbee1ef5295708ef423e3fc8397b669f43d1eeaa44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H2 200 jquery.cookie.min.js Show response
c0.wp.com/p/woocommerce/4.9.2/assets/js/jquery-cookie/ 1 KB
722 B 48ms
45ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/js/jquery-cookie/jquery.cookie.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a9d8a788ba4c6a61a8dcb175d765b5bbf81787659b99cce16e61627dd98c24ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H/1.1 200
OK cart-fragments.js Show response
facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/js/ 2 KB
940 B 66ms
64ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/byconsole-woo-order-delivery-time/js/cart-fragments.js?ver=1.12
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: fece31149f61a70987e7420ff6e035cef0757e2c8408fb5989c7ab7fb07afe4a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:56:32 GMT
Server: nginx
ETag: "636-5b8d0e377307b-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 634

GET
H/1.1 200
OK api.js Show response
facemask3ply.com/wp-content/plugins/wp-auto-affiliate-links/js/ 12 KB
3 KB 72ms
69ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wp-auto-affiliate-links/js/api.js?ver=5.6.4
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: ffb6413073471b3f4efaceb98948ca193e95b9ea01f6e137f72912e860340eca

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Sun, 31 Jan 2021 15:01:35 GMT
Server: nginx
ETag: "2e90-5ba3383774fb9-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2957

GET
H/1.1 200
OK mailchimp-woocommerce-public.min.js Show response
facemask3ply.com/wp-content/plugins/mailchimp-for-woocommerce/public/js/ 6 KB
2 KB 64ms
64ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/mailchimp-for-woocommerce/public/js/mailchimp-woocommerce-public.min.js?ver=2.5.0
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 00a390bc76c4ac07d5f6520c4bb2133bb493108ead46dff42286d7bd2af96ffb

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:55:25 GMT
Server: nginx
ETag: "1759-5b8d0df769a4b-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1980

GET
H/1.1 200
OK intersectionobserver-polyfill.min.js Show response
facemask3ply.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/ 8 KB
3 KB 64ms
63ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/intersectionobserver-polyfill.min.js?ver=1.1.2
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 88264adf3d3193fb56c229f0b92e2a6096770eb76996d1fedc95f5bcb208ccda

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Sun, 31 Jan 2021 15:01:40 GMT
Server: nginx
ETag: "1e63-5ba3383cb2c4a-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2685

GET
H/1.1 200
OK lazy-images.min.js Show response
facemask3ply.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/ 3 KB
2 KB 65ms
65ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/lazy-images.min.js?ver=1.1.2
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 51e78e904c795ed5b0154a9995d1ab0b7e3667f5aede719bda86ba38236c5989

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Sun, 31 Jan 2021 15:01:40 GMT
Server: nginx
ETag: "cb7-5ba3383cb2c4a-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1384

GET
H/1.1 200
OK jquery.blockUI.min.js Show response
facemask3ply.com/wp-content/plugins/wc-frontend-manager/includes/libs/jquery-blockui/ 9 KB
4 KB 65ms
65ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wc-frontend-manager/includes/libs/jquery-blockui/jquery.blockUI.min.js?ver=6.5.6
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 120aaf6681ca6d34a40c559779f0a0038582a79fce1b868ff901c94d27c89c72

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:55:45 GMT
Server: nginx
ETag: "255e-5b8d0e0ae5dfa-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3533

GET
H/1.1 200
OK wcfm-script-core.js Show response
facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/js/min/ 73 KB
24 KB 69ms
68ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/js/min/wcfm-script-core.js?ver=6.5.6
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: b8a1721791589470cf216adae73475f2cbd480afe369e723b3bd62e3b62ee5a8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:55:46 GMT
Server: nginx
ETag: "1253a-5b8d0e0b69b54-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24056

GET
H/1.1 200
OK select2.js Show response
facemask3ply.com/wp-content/plugins/wc-frontend-manager/includes/libs/select2/ 73 KB
21 KB 72ms
71ms Script
application/javascript 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wc-frontend-manager/includes/libs/select2/select2.js?ver=6.5.6
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 9e8e305028ffaeba99804a94274a50309170223cca4b2c79599a97a573d4d2f5

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Jan 2021 23:55:45 GMT
Server: nginx
ETag: "124a8-5b8d0e0ae6d9a-gzip"
Vary: Host,Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21165

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.6.4/wp-includes/js/ 1 KB
719 B 47ms
45ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.6.4/wp-includes/js/wp-embed.min.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
last-modified: Tue, 26 Jan 2021 15:18:33 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H2 200 e-202120.js Show response
stats.wp.com/ 9 KB
3 KB 67ms
44ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202120.js
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 08 May 2022 21:00:05 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 92 KB
24 KB 67ms
21ms Script
application/x-javascript 2a03:2880:f067:e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f067:e:face:b00c:0:3 London, United Kingdom, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ba6856b3aa462b18c9f5fc3b0d553eca0fe0f03d5ff668ba7d465394c85896b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24156
x-fb-rlafr: 0
pragma: public
x-fb-debug: Cbvr2taB8QYYhVrdwG8eF//5cMYmo8SIU/Rmhmjzq4fPui9tUiHawDaSq4RCWyyLS9VirNORT2/3SukV+lb8DQ==
x-fb-trip-id: 1679558926
x-frame-options: DENY
date: Sun, 23 May 2021 13:53:36 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
x-xss-protection: 0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK vantage-icons.woff
facemask3ply.com/wp-content/themes/vantage/icons/ 1 KB
2 KB 104ms
60ms Font
application/font-woff 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/themes/vantage/icons/vantage-icons.woff
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/wp-content/themes/vantage/style.css?ver=1.14.4
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3a1985d1ddbad4f562c0273f3ea13da2e3f69fd45c8b5b86e2cb7d4f644db7d3

Request headers

Pragma: no-cache
Origin: http://facemask3ply.com
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://facemask3ply.com/wp-content/themes/vantage/style.css?ver=1.14.4
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D
Connection: keep-alive
Cache-Control: no-cache
Origin: http://facemask3ply.com
Referer: http://facemask3ply.com/wp-content/themes/vantage/style.css?ver=1.14.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Last-Modified: Mon, 27 Jan 2020 07:52:32 GMT
Server: nginx
ETag: "564-59d1a63c33000"
Vary: Host
Content-Type: application/font-woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1380

GET
H/1.1 200
OK blank Show response
affiliation.lws-hosting.com/banners/widget/83/451273079/com/default/Commandez/ 2 KB
1 KB 269ms
82ms Script
application/javascript 195.110.34.84
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: https://affiliation.lws-hosting.com/banners/widget/83/451273079/com/default/Commandez/blank
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.110.34.84 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS: vps32284.lws-hosting.com
Software: Apache / PHP/5.6.40-0+deb8u12
Resource Hash: 61c42226424179cc5bb04ef76c58e921c9e1d068caae3f30e211be4dfa2baa1a

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.6.40-0+deb8u12
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: Keep-Alive
Keep-Alive: timeout=5, max=200

GET
H3-29 200 pK_tquYwOLk Show response
www.youtube.com/embed/ Frame C82E 52 KB
21 KB 49ms
49ms Document
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/pK_tquYwOLk

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ec9864744088b6d14694f3ce1f27029473cc65aee5f38fad5e2b5a3705dd6423

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/pK_tquYwOLk
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://facemask3ply.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=DRTCVVZfPL4; VISITOR_INFO1_LIVE=ePfifYOFpWE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://facemask3ply.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 23 May 2021 13:53:36 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: CONSENT=PENDING+436; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

bundle.js Show response
static.getbutton.io/widget/
Redirect Chain

http://static.getbutton.io/widget-send-button/js/init.js
https://static.getbutton.io/widget/bundle.js

266 KB
85 KB

292ms
97ms

Script
application/javascript

95.216.228.15
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static.getbutton.io/widget/bundle.js
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.216.228.15 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.15.228.216.95.clients.your-server.de
Software: nginx/1.16.0 /
Resource Hash: cfb62d0ee56f68d7f6c106f7b52b659906631372992c1c6c39a38d2c698b7f9f

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 14 May 2021 13:08:30 GMT
Server: nginx/1.16.0
ETag: W/"609e764e-4281f"
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=10800
Connection: keep-alive
Expires: Sun, 23 May 2021 16:53:36 GMT

Redirect headers

Location: https://static.getbutton.io/widget/bundle.js
Date: Sun, 23 May 2021 13:53:36 GMT
Server: nginx/1.16.0
Connection: keep-alive
Content-Length: 145
Content-Type: text/html

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/ 231 KB
85 KB 36ms
34ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6690374941293509&plah=facemask3ply.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87252
x-xss-protection: 0
server: cafe
etag: 5322897297824761394
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 23 May 2021 13:53:36 GMT

GET
H2 200 star.woff
c0.wp.com/p/woocommerce/4.9.2/assets/fonts/ 1 KB
1 KB 120ms
39ms Font
application/octet-stream 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/4.9.2/assets/fonts/star.woff

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/p/woocommerce/4.9.2/assets/css/woocommerce.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

d87af7a2528beb59a990e0414df87b4e4115f77f3a4a750f6616ff189b70345a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Origin: http://facemask3ply.com
Referer: https://c0.wp.com/p/woocommerce/4.9.2/assets/css/woocommerce.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
last-modified: Tue, 19 Jan 2021 17:04:35 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 1304
expires: Mon, 23 May 2022 13:53:36 GMT

GET
H3-29 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/ Frame 8C6D 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210517/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://facemask3ply.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkLCxRNJIF11jgna6J6ICVe4Yrvxvy8jbvlDg0S78BT4x6TX0cIW4p_EYKy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://facemask3ply.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 22 May 2021 22:33:52 GMT
expires: Sat, 05 Jun 2021 22:33:52 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 55184
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 30ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-192128366-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5204
date: Sun, 23 May 2021 12:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sun, 23 May 2021 14:26:52 GMT

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/c39bcc11/ Frame C82E 320 KB
0 11ms
9ms Stylesheet
text/css 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 07:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 195745
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46248
x-xss-protection: 0
expires: Sat, 21 May 2022 07:31:11 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/c39bcc11/www-embed-player.vflset/ Frame C82E 191 KB
63 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ae1bf1458589d1f72a7bf9a7fb9c21e8344aee819519c1dc8cbcfd9d6c16f54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 07:31:03 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 195753
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64589
x-xss-protection: 0
expires: Sat, 21 May 2022 07:31:03 GMT

GET
H3-29 200 base.js
www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/ Frame C82E 1 MB
0 13ms
11ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 07:35:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 195471
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 476025
x-xss-protection: 0
expires: Sat, 21 May 2022 07:35:45 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/c39bcc11/fetch-polyfill.vflset/ Frame C82E 8 KB
3 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 11:07:50 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 9946
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
expires: Mon, 23 May 2022 11:07:50 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C82E 15 KB
15 KB 21ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 06:54:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 111572
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Sun, 22 May 2022 06:54:04 GMT

GET
H3-29 200 identity.js Show response
connect.facebook.net/signals/plugins/ 11 KB
5 KB 45ms
22ms Script
application/x-javascript 2a03:2880:f067:e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.40

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f067:e:face:b00c:0:3 London, United Kingdom, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3bea34f20c813024f046166fb0ad98a8eb93d5ab93052ceb993eee238ece5b66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 4673
x-xss-protection: 0
pragma: public
x-fb-debug: hqziE7jhMkPpjVdy0Ua0VAImVWO05FIaqDXIcYfoRuh/9a3cHAXh8kcMrvBdBnPKFABagMsp9VdvyoqzdEoO7g==
date: Sun, 23 May 2021 13:53:36 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 848895295677664 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 92ms
70ms Script
application/x-javascript 2a03:2880:f067:e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/848895295677664?v=2.9.40&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f067:e:face:b00c:0:3 London, United Kingdom, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dad064a371b7ec0790becc0b31c224528948d6252b5124f355ef9d4f6f4fbab2

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: eIDBhJGCwpSK6amuYpguH8ylkSKM0VhwcPHn8hj4YOkjaZS+eJM4dNLh7AYeK+3A8KIY9oIsZxW8cp2kwfQF1g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 23 May 2021 13:53:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 206 B
645 B 166ms
73ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=facemask3ply.com&callback=_gfp_s_&client=ca-pub-6690374941293509

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6690374941293509&plah=facemask3ply.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

a3e103d46649c7ca566f1b5efa51da7231d6730cbd71518b37978dba846895d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
800 B 34ms
14ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=facemask3ply.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
554 B 34ms
14ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=facemask3ply.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3362 3 KB
630 B 96ms
96ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6690374941293509&output=html&adk=1812271804&adf=3025194257&lmt=1621778016&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=http%3A%2F%2Ffacemask3ply.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1621778016162&bpp=9&bdt=470&idt=137&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3757674247192&frm=20&pv=2&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=157

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

617ff93a10256ff57769dbcf7fc557f38ed53a840559d0bc21f31a7e1e6f230d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6690374941293509&output=html&adk=1812271804&adf=3025194257&lmt=1621778016&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=http%3A%2F%2Ffacemask3ply.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1621778016162&bpp=9&bdt=470&idt=137&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3757674247192&frm=20&pv=2&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=157
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://facemask3ply.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkLCxRNJIF11jgna6J6ICVe4Yrvxvy8jbvlDg0S78BT4x6TX0cIW4p_EYKy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://facemask3ply.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 23 May 2021 13:53:36 GMT
server: cafe
content-length: 610
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4df2fd5c8b3681147087fa7506cef9c982c18edf99729a4412e41af2f98fe0b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621597303326658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Sun, 23 May 2021 13:53:36 GMT

GET
H/1.1 200
OK g.gif
pixel.wp.com/ 50 B
215 B 80ms
45ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pixel.wp.com/g.gif?v=ext&j=1%3A9.3.1&blog=187993367&post=0&tz=1&srv=facemask3ply.com&host=facemask3ply.com&ref=&fcp=8607&rand=0.3597865390418593
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Cache-Control: no-cache
Server: nginx
Connection: keep-alive
Content-Length: 50
Content-Type: image/gif

GET
H/1.1 206
Partial Content notification.mp3
facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/sounds/ 9 KB
9 KB 62ms
61ms Media
audio/mpeg 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/sounds/notification.mp3
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6d8a2c36a85f22a871fc5b22a174aae86f7560befc1d205738a6c78ab41cf4a9

Request headers

Pragma: no-cache
Accept-Encoding: identity;q=1, *;q=0
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D; tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Last-Modified: Wed, 13 Jan 2021 23:55:46 GMT
Server: nginx
ETag: "2262-5b8d0e0b562d5"
Vary: Host
Content-Type: audio/mpeg
Content-Range: bytes 0-8801/8802
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8802

GET
H/1.1 206
Partial Content notification.mp3
facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/sounds/ 9 KB
9 KB 66ms
65ms Media
audio/mpeg 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: http://facemask3ply.com/wp-content/plugins/wc-frontend-manager/assets/sounds/notification.mp3
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: HTTP/1.1
Server: 185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6d8a2c36a85f22a871fc5b22a174aae86f7560befc1d205738a6c78ab41cf4a9

Request headers

Pragma: no-cache
Accept-Encoding: identity;q=1, *;q=0
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-
Accept: */*
Referer: http://facemask3ply.com/
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D; tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Connection: keep-alive
Cache-Control: no-cache
Referer: http://facemask3ply.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Last-Modified: Wed, 13 Jan 2021 23:55:46 GMT
Server: nginx
ETag: "2262-5b8d0e0b562d5"
Vary: Host
Content-Type: audio/mpeg
Content-Range: bytes 0-8801/8802
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8802

GET
H3-29 200 pK_tquYwOLk Show response
www.youtube.com/embed/ Frame 24AD 53 KB
22 KB 65ms
64ms Document
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/pK_tquYwOLk

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.6.4/wp-includes/js/jquery/jquery.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c6540a3e6084c369f06de1893802d1f5076ea2670ca5fe9525c5e8e1216aebea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/pK_tquYwOLk
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://facemask3ply.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=DRTCVVZfPL4; VISITOR_INFO1_LIVE=ePfifYOFpWE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://facemask3ply.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 23 May 2021 13:53:36 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: CONSENT=PENDING+347; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 400
Bad Request Cookie set admin-ajax.php Show response
facemask3ply.com/wp-admin/ 1 B
859 B 8896ms
8895ms XHR
text/html 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL

http://facemask3ply.com/wp-admin/admin-ajax.php

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.6.4/wp-includes/js/jquery/jquery.min.js

Protocol

HTTP/1.1

Server

185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),

Reverse DNS

Software

nginx / PHP/7.4.16

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Origin: http://facemask3ply.com
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D; tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Connection: keep-alive
Referer: http://facemask3ply.com/
Content-Length: 39
Accept: */*
Referer: http://facemask3ply.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Sun, 23 May 2021 13:53:45 GMT
X-Content-Type-Options: nosniff
X-Powered-By: PHP/7.4.16
Connection: keep-alive
Content-Length: 1
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: Host
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: http://facemask3ply.com
Cache-Control: no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Set-Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D; expires=Mon, 24-May-2021 13:53:38 GMT; Max-Age=86400; path=/
X-Robots-Tag: noindex
Expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H/1.1 200
OK Cookie set admin-ajax.php Show response
facemask3ply.com/wp-admin/ 208 B
1 KB 3301ms
3300ms XHR
application/json 185.98.131.209
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL

http://facemask3ply.com/wp-admin/admin-ajax.php

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.6.4/wp-includes/js/jquery/jquery.min.js

Protocol

HTTP/1.1

Server

185.98.131.209 , France, ASN16347 (RMI-FITECH, FR),

Reverse DNS

Software

nginx / PHP/7.4.16

Resource Hash

a8b04509d8b1a35314d19eae7475024cb56f6caeeb2edf0691e151b6e4106a8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Origin: http://facemask3ply.com
Accept-Encoding: gzip, deflate
Host: facemask3ply.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D; tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Connection: keep-alive
Referer: http://facemask3ply.com/
Content-Length: 42
Accept: */*
Referer: http://facemask3ply.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Sun, 23 May 2021 13:53:39 GMT
X-Content-Type-Options: nosniff
X-Powered-By: PHP/7.4.16
Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: Host
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: http://facemask3ply.com
Cache-Control: no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Set-Cookie: byconsolewooodt_delivery_widget_cookie=%7B%22byconsolewooodt_widget_date_field%22%3A%22%22%2C%22byconsolewooodt_widget_time_field%22%3A%22%22%2C%22byconsolewooodt_widget_type_field%22%3A%22levering%22%2C%22byconsolewooodt_widget_pickup_location%22%3A%22%22%7D; expires=Mon, 24-May-2021 13:53:39 GMT; Max-Age=86400; path=/
X-Robots-Tag: noindex
Expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 28ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&aip=1&a=1492401185&t=pageview&_s=1&dl=http%3A%2F%2Ffacemask3ply.com%2F&ul=en-us&de=UTF-8&dt=medical%20face%20mask%203%264%20ply%20non%20woven%20fast%20%26%20free%20international%20dilevery%20-%20medical%20protection%20mask&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=573072064&gjid=1991497933&cid=669062362.1621778016&tid=UA-192128366-1&_gid=808363946.1621778016&_r=1&gtm=2ou5c1&did=dZTNiMT&z=417097760

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://facemask3ply.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 boostersite-logo.gif
i2.wp.com/www.boostersite.com/css/glacial/ 7 KB
8 KB 132ms
45ms Image
image/gif 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.boostersite.com/css/glacial/boostersite-logo.gif?resize=200%2C80

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e239bcaf54a160a9e999a4d13614980728bb8c2c1ad418af5dfd8d22233b1e2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Sun, 23 May 2021 13:53:36 GMT
x-content-type-options: nosniff
last-modified: Wed, 19 May 2021 15:30:27 GMT
server: nginx
etag: "11dc4019e3d2170a"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://www.boostersite.com/css/glacial/boostersite-logo.gif>; rel="canonical"
content-length: 7427
expires: Sat, 20 May 2023 03:30:27 GMT

GET
H2 200 1-500Pcs-Antivirus-1-Disposable-Mask-Virus-Nonwove-3-Layer-Ply-Filter-Mouth-Face-Mask-Dust.jpg
i1.wp.com/facemask3ply.com/wp-content/uploads/2020/03/ 10 KB
11 KB 170ms
83ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/facemask3ply.com/wp-content/uploads/2020/03/1-500Pcs-Antivirus-1-Disposable-Mask-Virus-Nonwove-3-Layer-Ply-Filter-Mouth-Face-Mask-Dust.jpg?resize=348%2C445

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e96025711e7811f14dcd9988db56623e438aebf23f89dc7551a87b20c5007fb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS hhn 1
date: Sun, 23 May 2021 13:53:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 23 May 2021 13:53:36 GMT
server: nginx
etag: "f12f2033a078739d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://facemask3ply.com/wp-content/uploads/2020/03/1-500Pcs-Antivirus-1-Disposable-Mask-Virus-Nonwove-3-Layer-Ply-Filter-Mouth-Face-Mask-Dust.jpg>; rel="canonical"
content-length: 10456
expires: Wed, 24 May 2023 01:53:36 GMT

GET
H2 200 10-High-Quality-KN95-Prevent-Anti-Corona-Virus-COVID-19-Dust-Formaldehyde-Bad-Smell-Bacteria-Proof.jpg
i0.wp.com/facemask3ply.com/wp-content/uploads/2020/03/ 8 KB
9 KB 274ms
188ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/facemask3ply.com/wp-content/uploads/2020/03/10-High-Quality-KN95-Prevent-Anti-Corona-Virus-COVID-19-Dust-Formaldehyde-Bad-Smell-Bacteria-Proof.jpg?resize=348%2C445

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

f442e878d9ac300ddb06642ce94d6542b92f115a0238af9b9fcb757b01df05db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS hhn 3
date: Sun, 23 May 2021 13:53:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 23 May 2021 13:53:36 GMT
server: nginx
etag: "5837aff29413c93e"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://facemask3ply.com/wp-content/uploads/2020/03/10-High-Quality-KN95-Prevent-Anti-Corona-Virus-COVID-19-Dust-Formaldehyde-Bad-Smell-Bacteria-Proof.jpg>; rel="canonical"
content-length: 8532
expires: Wed, 24 May 2023 01:53:36 GMT

GET
H2 200 10-30-50-100pcs-Face-Mouth-Mask-Disposable-Safety-Elastic-Mask-Emergency-Protective-Masks-Anti-Pollution.jpg
i2.wp.com/facemask3ply.com/wp-content/uploads/2020/03/ 13 KB
13 KB 273ms
207ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/facemask3ply.com/wp-content/uploads/2020/03/10-30-50-100pcs-Face-Mouth-Mask-Disposable-Safety-Elastic-Mask-Emergency-Protective-Masks-Anti-Pollution.jpg?resize=348%2C445

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

9521578f507778c3599bc94d056e20ac60a2018bf708b78420fbd44835ad6c31

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS hhn 2
date: Sun, 23 May 2021 13:53:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 23 May 2021 13:53:36 GMT
server: nginx
etag: "616ccc4b46e4f966"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://facemask3ply.com/wp-content/uploads/2020/03/10-30-50-100pcs-Face-Mouth-Mask-Disposable-Safety-Elastic-Mask-Emergency-Protective-Masks-Anti-Pollution.jpg>; rel="canonical"
content-length: 13180
expires: Wed, 24 May 2023 01:53:36 GMT

GET
H2 400 tL6imDZp5pjDD5FPJ5GSE4614z4RmYFFvTJ1DqVZ.jpeg
i2.wp.com/affiliates.jumia.com/banners/ 87 B
87 B 554ms
493ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i2.wp.com/affiliates.jumia.com/banners/tL6imDZp5pjDD5FPJ5GSE4614z4RmYFFvTJ1DqVZ.jpeg?w=720&ssl=1
Requested by: Host: facemask3ply.com
URL: http://facemask3ply.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: EXPIRED hhn 4
date: Sun, 23 May 2021 13:53:36 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 200 /
www.facebook.com/tr/ 44 B
299 B 64ms
21ms Image
image/gif 2a03:2880:f164:81:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=848895295677664&ev=PageView&dl=http%3A%2F%2Ffacemask3ply.com%2F&rl=&if=false&ts=1621778016448&cd[source]=woocommerce&cd[version]=4.9.2&cd[pluginVersion]=2.2.0&sw=1600&sh=1200&v=2.9.40&r=stable&a=woocommerce-4.9.2-2.2.0&ec=0&o=30&fbp=fb.1.1621778016446.1611622622&it=1621778016284&coo=false&exp=l1&rqm=GET

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f164:81:face:b00c:0:25de London, United Kingdom, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sun, 23 May 2021 13:53:36 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 30ms
16ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=facemask3ply.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
16ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=facemask3ply.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F7DE 75 KB
25 KB 620ms
619ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6690374941293509&output=html&h=280&adk=2119092829&adf=588723724&pi=t.aa~a.2008826190~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1621778016&rafmt=1&to=qs&pwprc=7099420590&tp=site_kit&psa=0&format=1200x280&url=http%3A%2F%2Ffacemask3ply.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621778016470&bpp=6&bdt=778&idt=6&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3757674247192&frm=20&pv=1&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3007&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Rbslr1OjvG&p=http%3A//facemask3ply.com&dtd=21

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d4cb4e8b1c6f61770e9f6cdf959dac8b81c473701597678b4b63ff0e14fc708

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6690374941293509&output=html&h=280&adk=2119092829&adf=588723724&pi=t.aa~a.2008826190~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1621778016&rafmt=1&to=qs&pwprc=7099420590&tp=site_kit&psa=0&format=1200x280&url=http%3A%2F%2Ffacemask3ply.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621778016470&bpp=6&bdt=778&idt=6&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3757674247192&frm=20&pv=1&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3007&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Rbslr1OjvG&p=http%3A//facemask3ply.com&dtd=21
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://facemask3ply.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkLCxRNJIF11jgna6J6ICVe4Yrvxvy8jbvlDg0S78BT4x6TX0cIW4p_EYKy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://facemask3ply.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 23 May 2021 13:53:37 GMT
server: cafe
content-length: 25656
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/c39bcc11/ Frame 24AD 359 KB
45 KB 8ms
6ms Stylesheet
text/css 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

600473b6152d1d0a50097aa6fd6811dcbc9edd23e5ec77afc39b4369f14339a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 07:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 195745
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46248
x-xss-protection: 0
expires: Sat, 21 May 2022 07:31:11 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/c39bcc11/www-embed-player.vflset/ Frame 24AD 191 KB
63 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ae1bf1458589d1f72a7bf9a7fb9c21e8344aee819519c1dc8cbcfd9d6c16f54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 07:31:03 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 195753
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64589
x-xss-protection: 0
expires: Sat, 21 May 2022 07:31:03 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/ Frame 24AD 2 MB
465 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e34fa30d251bc425762a596368b08a20812bca6fcbba712c2cdce66c86bdf8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 07:35:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 195471
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 476025
x-xss-protection: 0
expires: Sat, 21 May 2022 07:35:45 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/c39bcc11/fetch-polyfill.vflset/ Frame 24AD 8 KB
3 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 11:07:50 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 9946
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
expires: Mon, 23 May 2022 11:07:50 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 24AD 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 06:54:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 111572
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Sun, 22 May 2022 06:54:04 GMT

GET
H/1.1 200
OK Cookie set fra Show response
affiliation.lws-hosting.com/banners/viewwidget/83/451273079/com/default/Commandez/blank/ Frame 81C0 26 KB
7 KB 328ms
328ms Document
text/html 195.110.34.84
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: https://affiliation.lws-hosting.com/banners/viewwidget/83/451273079/com/default/Commandez/blank/fra
Requested by: Host: c0.wp.com
URL: https://c0.wp.com/c/5.6.4/wp-includes/js/jquery/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.110.34.84 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS: vps32284.lws-hosting.com
Software: Apache / PHP/5.6.40-0+deb8u12
Resource Hash: e18594f70fa57aab69b88487678590a08787c94bdb5085c3e4f2c1951341105c

Request headers

Host: affiliation.lws-hosting.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://facemask3ply.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://facemask3ply.com/

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Server: Apache
X-Powered-By: PHP/5.6.40-0+deb8u12
Set-Cookie: CAKEPHP=u0oc1qkssvsgqhs7r2kb2ebik6; expires=Sun, 23-May-2021 17:53:36 GMT; Max-Age=14400; path=/; secure
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=199
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 GivingWidget Show response
www.plumfund.com/ Frame B835 37 KB
11 KB 191ms
191ms Document
text/html 67.202.19.47
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus
Requested by: Host: www.plumfund.com
URL: https://www.plumfund.com/a/widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.19.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-19-47.compute-1.amazonaws.com
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.26
Resource Hash: 57c4962077b1d5ac3f1fc03437a5de3b2d3a377f57205673f7c47df435326772

Request headers

:method: GET
:authority: www.plumfund.com
:scheme: https
:path: /GivingWidget?campaign=all-agunst-corona-virus
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://facemask3ply.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: AWSALBCORS=tjSZOFWJeYfX84mWeZKAC+RKKz7GKl2IVhLKFJ8Cy1QQDpJGBlHSZqPER77bGBrM/UuMvYWpAYceb2Be/xA39odP/7FyVbZwBpVYXfIgTXc3cc8RBu+Idd99gaDB
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://facemask3ply.com/

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-type: text/html
content-length: 9897
set-cookie: AWSALB=78cuMd44Mki0Do7gysKiMF4q+SqFOtPaXU4CYL5AnQzBe9p2imXlI/jWg6+gZShVGaBEIPblj1ztIDyfrwcqTLut45sPqrDo+6M2dVnVyi/KBkD+Kzovi5iNvuvp; Expires=Sun, 30 May 2021 13:53:36 GMT; Path=/ AWSALBCORS=78cuMd44Mki0Do7gysKiMF4q+SqFOtPaXU4CYL5AnQzBe9p2imXlI/jWg6+gZShVGaBEIPblj1ztIDyfrwcqTLut45sPqrDo+6M2dVnVyi/KBkD+Kzovi5iNvuvp; Expires=Sun, 30 May 2021 13:53:36 GMT; Path=/; SameSite=None; Secure PHPSESSID=s7t4a0in4iau7d25ro8cp8bdl6; path=/; domain=.plumfund.com password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.plumfund.com session=43155717493e378756e04813eb02b7d1; expires=Mon, 23-May-2022 13:53:36 GMT; Max-Age=31536000; path=/; domain=.plumfund.com ref=2369818.2369819.1621778016; expires=Mon, 23-May-2022 13:53:36 GMT; Max-Age=31536000; path=/; domain=.plumfund.com
server: Apache/2.4.7 (Ubuntu)
x-powered-by: PHP/5.5.9-1ubuntu4.26
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
accept-ranges: bytes
x-varnish: 217591561
age: 0
via: 1.1 varnish

GET
H3-29 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 24AD 113 B
159 B 39ms
38ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c39bcc11/www-embed-player.vflset/www-embed-player.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18847307c63d90d9adf6969ab2774e69d01cf6010ec264545fa81dc249664cf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 24AD 29 B
52 B 20ms
6ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c39bcc11/www-embed-player.vflset/www-embed-player.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:41:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 752
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Sun, 23 May 2021 13:56:04 GMT

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/ Frame 24AD 98 KB
30 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5f48c02692bd5d8044836018be9f76909dcab3ceabe1d8a29f1f9375e9a90b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 07:35:46 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 195470
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30855
x-xss-protection: 0
expires: Sat, 21 May 2022 07:35:46 GMT

GET
H3-29 200 7WadPQM5Sz4PCIdYDiKmUZbGuJNx7cvT5MT2dFmDNsc.js Show response
www.google.com/js/th/ Frame 24AD 35 KB
13 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/7WadPQM5Sz4PCIdYDiKmUZbGuJNx7cvT5MT2dFmDNsc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed669d3d03394b3e0f0887580e22a65196c6b89371edcbd3e4c4f674598336c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 16:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 03 May 2021 11:00:00 GMT
server: sffe
age: 164998
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13162
x-xss-protection: 0
expires: Sat, 21 May 2022 16:03:38 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/ Frame 24AD 25 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a9eae06d8bed89c745eb7f92f3ca81bdc456c50e0d86d28885d413b788a7d25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 07:40:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 06:42:50 GMT
server: sffe
age: 195216
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7449
x-xss-protection: 0
expires: Sat, 21 May 2022 07:40:00 GMT

GET
DATA 200
OK truncated
/ Frame 24AD 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 AAUvwnhf5yAVDL2-UTeGcRBxY0saJ3uwkG8JEVw33bsf=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 24AD 2 KB
2 KB 20ms
6ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AAUvwnhf5yAVDL2-UTeGcRBxY0saJ3uwkG8JEVw33bsf=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d1d47c88ff3a3032a4a2a2fb9a36b468d9e340294569dc6d8b44b16c3f2efc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 11:46:01 GMT
x-content-type-options: nosniff
age: 7655
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2468
x-xss-protection: 0
server: fife
etag: "v5a"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 13 May 2021 04:24:58 GMT

GET
H3-29 200 maxresdefault.webp
i.ytimg.com/vi_webp/pK_tquYwOLk/ Frame 24AD 79 KB
80 KB 80ms
66ms Image
image/webp 2a00:1450:4001:801::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/pK_tquYwOLk/maxresdefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc913fbbd87effc772ccbcb627cd91afd5d05ad8611a0982628312b786909a94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
x-content-type-options: nosniff
server: sffe
etag: "0"
vary: Origin
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81366
x-xss-protection: 0
expires: Sun, 23 May 2021 15:53:36 GMT

GET
H3-29 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 24AD 4 KB
2 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Sun, 23 May 2021 13:53:36 GMT

GET
H3-29 204 generate_204
www.youtube.com/ Frame 24AD 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?_zqX3A
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/pK_tquYwOLk
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/pK_tquYwOLk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK cssWidget
d61yqm8xqnu62.cloudfront.net/m/ Frame B835 155 KB
26 KB 194ms
61ms Stylesheet
text/css 54.230.108.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d61yqm8xqnu62.cloudfront.net/m/cssWidget?1608144181
Requested by: Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.108.162 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-108-162.mrs52.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.26
Resource Hash: 81c7a6cefcb4a1dacff6c4ec1e39738251e1ea473026bdce1a46ab563b204365

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 29 Jan 2021 06:30:08 GMT
Content-Encoding: gzip
Age: 9916094
X-Powered-By: PHP/5.5.9-1ubuntu4.26
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 26270
Last-Modified: Wed, 16 Dec 2020 18:50:24 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "1608144624pub"
Vary: Accept-Encoding
X-Varnish: 213849111 213828161
Via: 1.1 varnish, 1.1 a28bec52c459f8c156729550b86ee067.cloudfront.net (CloudFront)
Cache-Control: max-age=31536000, public, must-revalidate
X-Amz-Cf-Pop: MRS52-P2
Accept-Ranges: bytes
Content-Type: text/css; charset=UTF-8
X-Amz-Cf-Id: Ysi7wGEql9j-zWg-AFs65pkhszfjC9gMBmMhm058ngZdhQLb3THDnQ==
Expires: Fri, 28 Jan 2022 19:25:23 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame B835 16 KB
1 KB 34ms
15ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Muli:200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap

Requested by

Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4373a7c880f00a8373da62d923fdb65d84317ae8755e8a66b48e098b29adf53f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 23 May 2021 13:24:44 GMT
server: ESF
date: Sun, 23 May 2021 13:53:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 May 2021 13:53:36 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame B835 17 KB
782 B 42ms
23ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Jost:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2deb0ae7e6cf2fe155e380ca73739f0fb2c7928e7523fa0fe2bcc557f1a6205f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 23 May 2021 13:53:36 GMT
server: ESF
date: Sun, 23 May 2021 13:53:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 May 2021 13:53:36 GMT

GET
H/1.1 200
OK PF_ui_widget-14.png
d61yqm8xqnu62.cloudfront.net/_assets/images/logo/ Frame B835 12 KB
12 KB 161ms
57ms Image
image/png 54.230.108.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d61yqm8xqnu62.cloudfront.net/_assets/images/logo/PF_ui_widget-14.png
Requested by: Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.108.162 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-108-162.mrs52.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 4ab5d31ebb30a42a9ced0d9c8e7c1c676c365365b3809291f14852da830b6dff

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 22 May 2021 14:06:35 GMT
Via: 1.1 varnish, 1.1 11db54d41dc7b64f760df4a169363db2.cloudfront.net (CloudFront)
Last-Modified: Tue, 16 Jun 2020 15:34:56 GMT
Server: Apache/2.4.7 (Ubuntu)
Age: 85622
X-Cache: Hit from cloudfront
X-Varnish: 662310330
Connection: keep-alive
X-Amz-Cf-Pop: MRS52-P2
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 12298
X-Amz-Cf-Id: 0ZWAd8BSMaKIpocx8wyL32ytiWvKYyPwjsNbVFjTlS-VTr5sEXYKKw==

GET
H/1.1 200
OK jsWidget Show response
d61yqm8xqnu62.cloudfront.net/m/ Frame B835 204 KB
57 KB 53ms
53ms Script
application/x-javascript 54.230.108.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d61yqm8xqnu62.cloudfront.net/m/jsWidget?1608144181
Requested by: Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.108.162 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-108-162.mrs52.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.26
Resource Hash: 89e03a11714933d0ba4caa16441cb1aa826d7cfdb23a8472acf98a4481f404aa

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 10 Feb 2021 13:41:50 GMT
Content-Encoding: gzip
Age: 9915542
X-Powered-By: PHP/5.5.9-1ubuntu4.26
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 57322
Last-Modified: Wed, 16 Dec 2020 18:50:24 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "1608144624pub"
Vary: Accept-Encoding
X-Varnish: 214298465 213828478
Via: 1.1 varnish, 1.1 11db54d41dc7b64f760df4a169363db2.cloudfront.net (CloudFront)
Cache-Control: max-age=31536000, public, must-revalidate
X-Amz-Cf-Pop: MRS52-P2
Accept-Ranges: bytes
Content-Type: application/x-javascript; charset=UTF-8
X-Amz-Cf-Id: CRx9womsY0ekZEdRDeRBE-wB3s8UW11LIHA9x243kYP37FJpNrLTOQ==
Expires: Fri, 28 Jan 2022 19:34:33 GMT

GET
H/1.1 200
OK 1kX.js Show response
s3.amazonaws.com/ki.js/8224/ Frame B835 377 B
727 B 562ms
149ms Script
application/ecmascript 52.216.152.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/ki.js/8224/1kX.js
Requested by: Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.152.158 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: aeca5e0254bebd74d797d452cf49590f060e99ea16f956e114372442f9f91962

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:38 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Sep 2020 15:39:45 GMT
Server: AmazonS3
x-amz-request-id: YBDAV8TAAW0Y85GJ
ETag: "99e150ffc519f6c90c68a5c85067f77c"
Content-Type: application/ecmascript
Cache-Control: s-maxage=3600, max-age=0
Accept-Ranges: bytes
Content-Length: 293
x-amz-id-2: IzUJZqmgUOaq/fnKM7jrhtDA4eY3eswV2wuM5r9wk1p6M+W1nVSalprIOmJXmT5apknj6tN9/R4=

GET
H/1.1 200
OK bootstrap.min.css
affiliation.lws-hosting.com/css/ Frame 81C0 120 KB
20 KB 59ms
58ms Stylesheet
text/css 195.110.34.84
RMI-FITECH

General

Check archive.org

Show headers Download Go to

Full URL: https://affiliation.lws-hosting.com/css/bootstrap.min.css
Requested by: Host: affiliation.lws-hosting.com
URL: https://affiliation.lws-hosting.com/banners/viewwidget/83/451273079/com/default/Commandez/blank/fra
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.110.34.84 , France, ASN16347 (RMI-FITECH, FR),
Reverse DNS: vps32284.lws-hosting.com
Software: Apache /
Resource Hash: 31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Request headers

Referer: https://affiliation.lws-hosting.com/banners/viewwidget/83/451273079/com/default/Commandez/blank/fra
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:36 GMT
Content-Encoding: gzip
Last-Modified: Tue, 17 Apr 2018 13:49:21 GMT
Server: Apache
ETag: "1deac-56a0b9afcda40-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=198
Content-Length: 19883

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ Frame 81C0 23 KB
6 KB 33ms
17ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

Requested by

Host: affiliation.lws-hosting.com
URL: https://affiliation.lws-hosting.com/banners/viewwidget/83/451273079/com/default/Commandez/blank/fra

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://affiliation.lws-hosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617
age: 5331098
cdn-cachedat: 2021-03-11 11:57:55
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3b19c28f00004e7f50019000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: a9f1136dc57a7605179530d5ffb85493
cf-ray: 653ec57db81e4e7f-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ Frame 81C0 94 KB
33 KB 25ms
5ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

Requested by

Host: affiliation.lws-hosting.com
URL: https://affiliation.lws-hosting.com/banners/viewwidget/83/451273079/com/default/Commandez/blank/fra

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://affiliation.lws-hosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 12:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3911
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33507
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 May 2022 12:48:25 GMT

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/ Frame 81C0 235 KB
63 KB 32ms
12ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js

Requested by

Host: affiliation.lws-hosting.com
URL: https://affiliation.lws-hosting.com/banners/viewwidget/83/451273079/com/default/Commandez/blank/fra

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://affiliation.lws-hosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 12:48:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3910
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64481
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 May 2022 12:48:26 GMT

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 42ms
21ms Ping
text/plain 2a03:2880:f164:81:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f164:81:face:b00c:0:25de London, United Kingdom, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryyfE4GOAB2XWM3mFF

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Sun, 23 May 2021 13:53:36 GMT
content-type: text/plain
access-control-allow-origin: http://facemask3ply.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame B835 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5205
date: Sun, 23 May 2021 12:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sun, 23 May 2021 14:26:52 GMT

GET
H3-29 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame B835 92 KB
24 KB 22ms
21ms Script
application/x-javascript 2a03:2880:f067:e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f067:e:face:b00c:0:3 London, United Kingdom, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ba6856b3aa462b18c9f5fc3b0d553eca0fe0f03d5ff668ba7d465394c85896b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24156
x-xss-protection: 0
pragma: public
x-fb-debug: Cbvr2taB8QYYhVrdwG8eF//5cMYmo8SIU/Rmhmjzq4fPui9tUiHawDaSq4RCWyyLS9VirNORT2/3SukV+lb8DQ==
date: Sun, 23 May 2021 13:53:37 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-52694.js Show response
static.hotjar.com/c/ Frame B835 4 KB
2 KB 272ms
160ms Script
application/javascript 54.192.219.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-52694.js?sv=5

Requested by

Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-192-219-116.mrs52.r.cloudfront.net

Software

Resource Hash

f9d16e706114d9945cc713d2ee9111bf47b76880bcd55053de1d70e96596faa2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:37 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: MRS52-P2
etag: W/a8fdd227f7e09da37fb5e9bf5d73397b
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
content-length: 1926
via: 1.1 5fd865e604cad30b24a805ca3b6d4048.cloudfront.net (CloudFront)
x-amz-cf-id: OdtDhqQIJoKvHvPQ1JaqKft-tco3iJAm9Wnsm2Rw15uDljFTedKXaA==

GET
H/1.1 200
OK user_97221_1326256231_l.jpg
d1fs20pid4g0bw.cloudfront.net/_assets/images/uploaded/ Frame B835 26 KB
27 KB 616ms
478ms Image
image/jpeg 54.230.108.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1fs20pid4g0bw.cloudfront.net/_assets/images/uploaded/user_97221_1326256231_l.jpg
Requested by: Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.108.162 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-108-162.mrs52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 094891e12073420e6812ea524f54e08f73b907cb84ce8e59f7fc1290adaf855e

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 23 May 2021 13:53:38 GMT
Via: 1.1 84ca4da5a7ceb4bccfe9632e4992597d.cloudfront.net (CloudFront)
Last-Modified: Sun, 23 Feb 2020 17:10:52 GMT
Server: AmazonS3
X-Amz-Cf-Pop: MRS52-P2
ETag: "7582b0a2bba567ff79586336bef52205"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26760
X-Amz-Cf-Id: vkdA10k6QdsaH8sKblrGAh6HxJAq-tnhqr0vGyYhUju9FWm_MGj27g==

GET
H3-29 200 7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v22/ Frame B835 30 KB
30 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTLGLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.plumfund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 02:03:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Jul 2020 20:50:02 GMT
server: sffe
age: 301822
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31120
x-xss-protection: 0
expires: Fri, 20 May 2022 02:03:15 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame F7DE 3 KB
578 B 28ms
15ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6690374941293509&output=html&h=280&adk=2119092829&adf=588723724&pi=t.aa~a.2008826190~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1621778016&rafmt=1&to=qs&pwprc=7099420590&tp=site_kit&psa=0&format=1200x280&url=http%3A%2F%2Ffacemask3ply.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621778016470&bpp=6&bdt=778&idt=6&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3757674247192&frm=20&pv=1&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3007&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Rbslr1OjvG&p=http%3A//facemask3ply.com&dtd=21

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 23 May 2021 13:12:51 GMT
server: ESF
date: Sun, 23 May 2021 13:53:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 May 2021 13:53:37 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame F7DE 1 KB
990 B 27ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:47:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 397
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Jun 2021 13:47:00 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame F7DE 17 KB
7 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:49:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Jun 2021 13:49:37 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame F7DE 2 KB
1 KB 27ms
11ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Jun 2021 13:53:08 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F7DE 119 KB
36 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a4e15e0a382cdbfe1d63cbd77a59ce2f67660b54e926fbebc97fe0b7cebf869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621597309435250"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37145
x-xss-protection: 0
expires: Sun, 23 May 2021 13:53:37 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame F7DE 13 KB
6 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:50:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Jun 2021 13:50:22 GMT

GET
H3-29 200 6bd41964be010df5460da51c4a6824b5.js Show response
www.gstatic.com/mysidia/ Frame F7DE 25 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6bd41964be010df5460da51c4a6824b5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00535b5b597302e2749d3c2671f53ac61d0ba3b3e1a6624e6235ce18811b514b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 12:37:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 May 2021 23:40:54 GMT
server: sffe
age: 90970
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10390
x-xss-protection: 0
expires: Fri, 20 Aug 2021 12:37:27 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/11289682910046947237/ Frame F7DE 47 KB
47 KB 24ms
12ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11289682910046947237/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73ccc354ca723eefa1dc9eaadd2ef5b9aa9db5bbd059102a45ced99df767d10f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 01:21:58 GMT
x-content-type-options: nosniff
age: 477099
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48407
x-xss-protection: 0
last-modified: Mon, 29 Mar 2021 14:56:11 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 May 2022 01:21:58 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17172837875220931685/ Frame F7DE 2 KB
3 KB 29ms
17ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17172837875220931685/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62d1531ff9a228cdfb6c9a7b9af1abbf58ee617a60f8d29a619f625aaa0dbc2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 02:10:54 GMT
x-content-type-options: nosniff
age: 301363
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2538
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 13:23:00 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 May 2022 02:10:54 GMT

GET
DATA 200
OK truncated
/ Frame F7DE 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 190a7c4644668a2aa90a4275497226b416ff65e466579cebc09b0d8d4041e541

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame F7DE 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIrSdYF6qYMqcH4ebtweln67oA8zDiNliifmM6ZwNvaWYh7ghEAEg2vqJWGCVAqAB8vvT3wPIAQmpAm-hncQFcLQ-qAMByAPLBKoEugFP0DQsNkG9BMYsolfuSHonugspQVdEGnvtUrarQVaIorq5KUT1aN9H5tvGvEFeexwoN8G2GwhAXXXyjXPuWf87Y8JvcnqSGo73Ke-lE7OU57GPl7JD5KxQZU7UABAc3TAS-XahjX_ykgdTVbd3Esg37Yqh8w1JTpbldEcGXGRz_ET_-9xt5lfuQF6DBbRBS1UYNNlcXjkjjseRE5gYN-KABX5iayItgHTImijnVF0HW96kdAI3cJmNuDrABOeM1t2vA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfZ5bImqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEJbvCdIICQiA4YAQEAEYH4AKAcgLAbgTiCfYEwzQFQGYFgGAFwGyFxoKGAgAEhRwdWItNjY5MDM3NDk0MTI5MzUwOQ&sigh=haopeNENdGQ&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6690374941293509&output=html&h=280&adk=2119092829&adf=588723724&pi=t.aa~a.2008826190~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1621778016&rafmt=1&to=qs&pwprc=7099420590&tp=site_kit&psa=0&format=1200x280&url=http%3A%2F%2Ffacemask3ply.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621778016470&bpp=6&bdt=778&idt=6&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3757674247192&frm=20&pv=1&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3007&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Rbslr1OjvG&p=http%3A//facemask3ply.com&dtd=21
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 23 May 2021 13:53:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ Frame B835 2 KB
882 B 9ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:39:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 853
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Sun, 23 May 2021 14:39:24 GMT

GET
H3-29 200 1464560367197068 Show response
connect.facebook.net/signals/config/ Frame B835 254 KB
72 KB 70ms
69ms Script
application/x-javascript 2a03:2880:f067:e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1464560367197068?v=2.9.40&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f067:e:face:b00c:0:3 London, United Kingdom, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dce489cd546a620a4e17d857d1605a4f462ef4036a78cfa924320a7601eb55a1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: yEvVvXJ44iujHMxt7tG2r/6Xh1qLgzfAAvvvxzaDli0K5801gTr18D0G7D3Ai3Fa+cw0v/RjVySA2V4v2PQXyA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 23 May 2021 13:53:37 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F3E4 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 23 May 2021 03:14:09 GMT
expires: Mon, 24 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 38368
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame B835 13 KB
13 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: d61yqm8xqnu62.cloudfront.net
URL: https://d61yqm8xqnu62.cloudfront.net/m/jsWidget?1608144181

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 12:23:39 GMT
x-content-type-options: nosniff
age: 178198
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13188
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 12:23:39 GMT

GET
DATA 200
OK truncated
/ Frame F7DE 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15b012148f29bc34953d6c1eba68654785087a98d299f49cd8b03f882556b4f5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame F7DE 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 13799
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Mon, 23 May 2022 10:03:38 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame F7DE 21 KB
21 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 10:13:27 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 186010
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Sat, 21 May 2022 10:13:27 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame B835 13 KB
894 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic&subset=latin,latin-ext

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d2c26a27d12c4335f3f8fe19beb7fd18d341be91bd2970240943bd04573a37d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 23 May 2021 13:53:37 GMT
server: ESF
date: Sun, 23 May 2021 13:53:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 May 2021 13:53:37 GMT

GET
H3-29 200 /
www.facebook.com/tr/ Frame B835 44 B
88 B 21ms
21ms Image
image/gif 2a03:2880:f164:81:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1464560367197068&ev=PageView&dl=https%3A%2F%2Fwww.plumfund.com%2FGivingWidget%3Fcampaign%3Dall-agunst-corona-virus&rl=http%3A%2F%2Ffacemask3ply.com%2F&if=true&ts=1621778017332&sw=1600&sh=1200&v=2.9.40&r=stable&ec=0&o=30&it=1621778017198&coo=false&exp=l0&rqm=GET

Requested by

Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f164:81:face:b00c:0:25de London, United Kingdom, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:37 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Sun, 23 May 2021 13:53:37 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame F3E4 35 B
464 B 25ms
9ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJqnxuStBqJq_gRrmuqbH-k&google_cver=1&google_push=AQvitUJelCpJqeMeSM8bxDcIe-Pd3LAXxvZpSF_PR6EuXVhAnaLDlCDUs3FKnwyMZgXpDnsOL7GFRiwSYDr_Qi8ZIdhDOybNo4s

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:37 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame F3E4 43 B
609 B 135ms
49ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEL4lCCIXuhky3pZJA4Dp8T4&google_push=AQvitUJM0as_wdC39KXCzZtJ7C1_49MBC3kwuG105rR2qnpsbPAF3WQ0m7hoJlV6lheVdFFO_AHIdP2kLfe2D_RF8PJpL8bPMdA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6690374941293509&output=html&h=280&adk=2119092829&adf=588723724&pi=t.aa~a.2008826190~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1621778016&rafmt=1&to=qs&pwprc=7099420590&tp=site_kit&psa=0&format=1200x280&url=http%3A%2F%2Ffacemask3ply.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621778016470&bpp=6&bdt=778&idt=6&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3757674247192&frm=20&pv=1&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3007&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Rbslr1OjvG&p=http%3A//facemask3ply.com&dtd=21
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:37 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F3E4
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEFB-1vfduFz-PO607i6zY8A&google_cver=1&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4
https://rtb.openx.net/sync/dds?google_gid=CAESEFB-1vfduFz-PO607i6zY8A&google_cver=1&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4&google_hm=DLMX2oFLwPY0JOaDRi4xCg==
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4&google_hm=DLMX2oFLwPY0JOaDRi4xCg==...

170 B
188 B

112ms
59ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4&google_hm=DLMX2oFLwPY0JOaDRi4xCg==&google_tc=

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK9Q9DmcYOCBXXXDU2hLdchbe_YYvXqaI24ILuU1EtwkAWjIjGacGTh_-GSEvBeZ1wX--xN4QbP3JmlyPjIRBZx4A1x5B4&google_hm=DLMX2oFLwPY0JOaDRi4xCg==&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 417
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F3E4
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q4WU3VzcSiGHTWr7izgZtw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q4WU3VzcSiGHTWr7izgZtw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

102ms
60ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q4WU3VzcSiGHTWr7izgZtw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI0uf70asPCA-h4Wl2RMzsKsrN-I8iUcAIK7m_2Gfkq5ad3HSup5ZPQebmufBfrAy9WZhSDWw7HN1AjqonKDyQReHRkPrg&google_tc=

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q4WU3VzcSiGHTWr7izgZtw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI0uf70asPCA-h4Wl2RMzsKsrN-I8iUcAIK7m_2Gfkq5ad3HSup5ZPQebmufBfrAy9WZhSDWw7HN1AjqonKDyQReHRkPrg&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 650
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F3E4
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECzjM_bZLW1cZeLvFt77Elo&google_cver=1&google_push=AQvitUKCUlbmYaDFakSdr_ifn1W58ZPg_o5zP_hCeHygsyX3HGmnXtqLYOjmNt1pFfGySnJHSFO...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AxOFJCMlotQy0yWklH&google_push=AQvitUKCUlbmYaDFakSdr_ifn1W58ZPg_o5zP_hCeHygsyX3HGmnXtqLYOjmNt1pFfGySnJHSFOj9zHlPqP2yGp-R4CZYiVjgA
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AxOFJCMlotQy0yWklH&google_push=AQvitUKCUlbmYaDFakSdr_ifn1W58ZPg_o5zP_hCeHygsyX3HGmnXtqLYOjmNt1pFfGySnJHSFOj9zHlPqP2yGp-R4CZYiVjgA&google...

170 B
188 B

118ms
60ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AxOFJCMlotQy0yWklH&google_push=AQvitUKCUlbmYaDFakSdr_ifn1W58ZPg_o5zP_hCeHygsyX3HGmnXtqLYOjmNt1pFfGySnJHSFOj9zHlPqP2yGp-R4CZYiVjgA&google_tc=

Requested by

Host: facemask3ply.com
URL: http://facemask3ply.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AxOFJCMlotQy0yWklH&google_push=AQvitUKCUlbmYaDFakSdr_ifn1W58ZPg_o5zP_hCeHygsyX3HGmnXtqLYOjmNt1pFfGySnJHSFOj9zHlPqP2yGp-R4CZYiVjgA&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 410
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame F3E4
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame F3E4 43 B
297 B 74ms
21ms Image
image/gif 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEFOSvwBto5PrvtB9g2FncoM&google_cver=1&google_push=AQvitULsdIfXbkMJseec9jhy6DfQ3KVAruRP-mjsMjqKcJSBBqGKjkfyXzCvjhBO2LWMGuh0SAoKXTucAjinQGqfdCm6RIA_Tls
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6690374941293509&output=html&h=280&adk=2119092829&adf=588723724&pi=t.aa~a.2008826190~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1621778016&rafmt=1&to=qs&pwprc=7099420590&tp=site_kit&psa=0&format=1200x280&url=http%3A%2F%2Ffacemask3ply.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621778016470&bpp=6&bdt=778&idt=6&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3757674247192&frm=20&pv=1&ga_vid=669062362.1621778016&ga_sid=1621778016&ga_hid=1492401185&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3007&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=494242788788387&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Rbslr1OjvG&p=http%3A//facemask3ply.com&dtd=21
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:37 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame F3E4 0
228 B 172ms
58ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I4otbqrhaY3svWu128_sI7lfDZk-xEAJ09BV37m1a0AOf0WFimqlJBcc7RHzZ9phFGMdlb

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:37 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 iqM-SLf9DiRkdYr6mfBBlocjM-gQZqw7kKSrrObPMLw.js Show response
pagead2.googlesyndication.com/bg/ Frame 9408 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iqM-SLf9DiRkdYr6mfBBlocjM-gQZqw7kKSrrObPMLw.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa33e48b7fd0e2464758afa99f04196872333e81066ac3b90a4abace6cf30bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 17:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 72155
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
expires: Sun, 22 May 2022 17:51:02 GMT

GET
H3-29 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame B835 16 KB
16 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic&subset=latin,latin-ext

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.plumfund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 10:13:27 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
age: 186010
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
expires: Sat, 21 May 2022 10:13:27 GMT

GET
H3-29 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame B835 16 KB
16 KB 13ms
11ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic&subset=latin,latin-ext

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3d7092e6eb6f3aa0c572e52e061a59cc88a3e9eff581c95c4bd7456800904d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.plumfund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:56 GMT
server: sffe
age: 13799
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16064
x-xss-protection: 0
expires: Mon, 23 May 2022 10:03:38 GMT

GET
H3-29 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame B835 16 KB
16 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic&subset=latin,latin-ext

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.plumfund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 07:13:42 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
server: sffe
age: 455995
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15948
x-xss-protection: 0
expires: Wed, 18 May 2022 07:13:42 GMT

GET
H3-29 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame B835 15 KB
15 KB 10ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic&subset=latin,latin-ext

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24f7e397faec79e62c37ff2f00b170f6dc1557fb46ac169f9f1897a9d641dd03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.plumfund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:17 GMT
server: sffe
age: 13799
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15764
x-xss-protection: 0
expires: Mon, 23 May 2022 10:03:38 GMT

GET
H3-29 200 6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame B835 15 KB
15 KB 13ms
11ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic&subset=latin,latin-ext

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3559c816af640e8382b29d02d4fbd8c7225fcf0302cf244d8b2d7cf5db2fdd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.plumfund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 06:08:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:59 GMT
server: sffe
age: 114313
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15316
x-xss-protection: 0
expires: Sun, 22 May 2022 06:08:24 GMT

GET
H3-29 200 6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame B835 15 KB
15 KB 12ms
10ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic&subset=latin,latin-ext

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29b561a8a01edc4acf52d1c4c763aa21a1b540bc020b92f8bbfaf656b53a02b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.plumfund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 01:05:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:35 GMT
server: sffe
age: 478080
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15280
x-xss-protection: 0
expires: Wed, 18 May 2022 01:05:37 GMT

GET
H2 200 modules.0d0a898aa455aaa7acd5.js Show response
script.hotjar.com/ Frame B835 219 KB
58 KB 169ms
65ms Script
application/javascript 54.192.219.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0d0a898aa455aaa7acd5.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-52694.js?sv=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.3 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-192-219-3.mrs52.r.cloudfront.net

Software

Resource Hash

6344ba60b5407714ea496dc2195e55d55a0de6446844786b976a5df387283dd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 12:09:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 179072
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59007
access-control-allow-origin: *
last-modified: Fri, 21 May 2021 12:08:20 GMT
etag: "93ac925b3658bdcc78077b657a6a72f4"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 11db54d41dc7b64f760df4a169363db2.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: YXAZZzFZ32LDRhfJMY8_lVHY8RhK9YLDLTv7rCDp-doLFckvZlPk7w==

GET
H2 200 box-21ccaa45726c0f3c8c458f7a87eb2298.html Show response
vars.hotjar.com/ Frame 8D20 2 KB
1 KB 167ms
55ms Document
text/html 52.84.49.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-52694.js?sv=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.49.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-49-87.mrs52.r.cloudfront.net
Software: /
Resource Hash: c5da2e1eefbe4efd64ec18b775495cf3011d9ae03842917bfe1b0a50e03a7a44

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-21ccaa45726c0f3c8c458f7a87eb2298.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.plumfund.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.plumfund.com/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 20 May 2021 13:17:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "6a4e2ae376c29011d2e53de65a08d0b7"
last-modified: Thu, 20 May 2021 13:16:24 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c06f5d2130689f511352f5187fabf420.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: 4m9mCsDiYr_eVRzdPRo8wGt_5D6n0BbyyEWGAfRp1Tlq9QCXif7HMA==
age: 261392

GET
H2 200 1kXqoo.js Show response
cl.qualaroo.com/ki.js/8224/ Frame B835 139 KB
48 KB 529ms
430ms Script
application/ecmascript 89.187.169.26
CDN77 (^_^)/

General

Check archive.org

Show headers Download Go to

Full URL: https://cl.qualaroo.com/ki.js/8224/1kXqoo.js
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/ki.js/8224/1kX.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.26 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB),
Reverse DNS: unn-89-187-169-26.cdn77.com
Software: BunnyCDN-DE1-657 /
Resource Hash: 6444a1e9958c3d6f4bc1089cecf4aef4b293cc2f0a74d194a16820951eb61adf

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:38 GMT
content-encoding: gzip
cdn-edgestorageid: 657
x-amz-request-id: 3BHZAHTFVF3T23RV
cdn-cachedat: 2021-05-17 08:09:29
cdn-pullzone: 92714
content-length: 48314
x-amz-id-2: 9AVxtxWbvI+j2qqH0DPF00Q5No4GiQFly/e4RxIilzIfvSOy/5X+Vlggq3dgfxLcCajC6eZ/naI=
last-modified: Thu, 10 Sep 2020 15:39:45 GMT
server: BunnyCDN-DE1-657
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: application/ecmascript
cdn-cache: REVALIDATED
cdn-uid: 50c043fb-dcd1-4574-9faf-b60384f66f78
cache-control: s-maxage=3600, max-age=0
cdn-requestid: f0ba9f9d3cfc538a57dafff168a382b0
accept-ranges: bytes
cdn-requestcountrycode: CZ
cdn-requestpullsuccess: True

GET
H2 200 /
www.facebook.com/tr/ Frame B835 44 B
149 B 21ms
21ms Image
image/gif 2a03:2880:f164:81:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1464560367197068&ev=Microdata&dl=https%3A%2F%2Fwww.plumfund.com%2FGivingWidget%3Fcampaign%3Dall-agunst-corona-virus&rl=http%3A%2F%2Ffacemask3ply.com%2F&if=true&ts=1621778017835&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Asite_name%22%3A%22Plumfund%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.40&r=stable&ec=1&o=30&it=1621778017198&coo=false&es=automatic&tm=3&exp=l0&rqm=GET

Requested by

Host: www.plumfund.com
URL: https://www.plumfund.com/GivingWidget?campaign=all-agunst-corona-virus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f164:81:face:b00c:0:25de London, United Kingdom, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.plumfund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:37 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sun, 23 May 2021 13:53:37 GMT

GET
H2 200 frame.html Show response
dntcl.qualaroo.com/ Frame BF5D 323 B
652 B 143ms
41ms Document
text/html 185.59.220.194
CDN77 (^_^)/

General

Check archive.org

Show headers Download Go to

Full URL: https://dntcl.qualaroo.com/frame.html
Requested by: Host: cl.qualaroo.com
URL: https://cl.qualaroo.com/ki.js/8224/1kXqoo.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.194 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB),
Reverse DNS: unn-185-59-220-194.datapacket.com
Software: BunnyCDN-DE1-713 /
Resource Hash: 2e8900ba4a5768754de4fc21bcdde72bdcafa25c6c766a7f3bc44bf6c21fc412

Request headers

:method: GET
:authority: dntcl.qualaroo.com
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.plumfund.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.plumfund.com/

Response headers

date: Sun, 23 May 2021 13:53:38 GMT
content-type: text/html
vary: Accept-Encoding
server: BunnyCDN-DE1-713
cdn-pullzone: 99568
cdn-uid: 50c043fb-dcd1-4574-9faf-b60384f66f78
cdn-requestcountrycode: CZ
cdn-edgestorageid: 601
cdn-storageserver: DE-51
cache-control: public, max-age=604800
last-modified: Fri, 06 Dec 2019 12:46:59 GMT
cdn-cachedat: 2021-05-23 15:53:18
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-requestid: 3fdebc5533e7a98fd3ca1ce9f7c8a9b5
cdn-cache: HIT
content-encoding: gzip

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 46ms
26ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210517&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92414c9756b587f7b46653524d10d3b3416a0f58f0e98ee9b5c0fa40c696d55c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 23 May 2021 13:53:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7685
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:53:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sun, 23 May 2021 13:53:38 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame B191 12 KB
5 KB 21ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://facemask3ply.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://facemask3ply.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sun, 23 May 2021 13:19:20 GMT
expires: Mon, 23 May 2022 13:19:20 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2058
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C013 783 B
832 B 16ms
15ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

50513220e97447dbd90de487ad124ab39824904776ce33dd39ae877608c81a64

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dSnvrN7kE0ki+87TmvPtNA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://facemask3ply.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://facemask3ply.com/

Response headers

expires: Sun, 23 May 2021 13:53:38 GMT
date: Sun, 23 May 2021 13:53:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-dSnvrN7kE0ki+87TmvPtNA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 iqM-SLf9DiRkdYr6mfBBlocjM-gQZqw7kKSrrObPMLw.js Show response
pagead2.googlesyndication.com/bg/ Frame B191 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iqM-SLf9DiRkdYr6mfBBlocjM-gQZqw7kKSrrObPMLw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa33e48b7fd0e2464758afa99f04196872333e81066ac3b90a4abace6cf30bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 17:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 72156
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
expires: Sun, 22 May 2022 17:51:02 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210517&jk=494242788788387&bg=!CwilCEzNAAZ7hX_Ue4U7ACkAdvg8WtaFgGEI-PxTgwLyZ7KW7Lt_UNIHLjg_Cup132Aip6eAJziGpwIAAABiUgAAAApoAQcKAT9aKl1BdkLKmxPozc3lwzm1uxtHuNnit1JaToemNn-cClPV4ZECGLOJ8Wc2nGFzpklIFLeBVAm-J2sA8UAfpb1x2SXOXuZljGHqdPACIcG7hH4uS4tr_qs4vbNP3JLxKkKKLuAOVwJhn-AgEhfxBNRHJ6KGAwuValZVm_FBd31X2-nTlju3T9_1X95WO5mNrOTjSRsIPoNkthw_RwlicE8wrsM15V-UFMDuOrmSJR1LaRqzeydL9uUIJHUPTpEqBIJ6RR4i0KLcYZou30J7rlkpn_hr0Ypuz3IlFlrzoDG78a8Oe5GxuNQeVaNiCBTeaD2JrO56i4GO78yKUxmeJaBuZiu3C39tBD3Jsso7whvNPrMLl9xpnAqi_YWhA4wo-jKGL5Sw55Pq79yzDBXdE7jABAkbA734saj8n6rUSD45mQI3ilH892xZimUoBkxdkhVeog-UkPY1PyjDU-sV7uaW50DP5lP_9kLgwQume3z7v5CXkpnA0sMPZXuAlNctYp_TDFe-bzE-QBPt5b5Fm4LCzLYmxoKdu2lsGgeWeoFSHwrY6NBNyTMW58RSMdQFvid29A4lAcBf-77Ej52qQunHf3G1loj6jgUNh2v-el82-Jj_h1TCb9MtTtV7x3nBFK_mcqc2jjrNM__MDoNMDvpZEWc3T8EKUg4STlLl8tuM2LDMNUSSFSWPJP3iMfuhbrbyivQ3sKH7pkud81eDbqqwqnD5BbzppfMmGwtfFJTOXQx7Mhs5Fq5i5xbIfEWWXcmsDwCUccRWeER3Kr1l0w25uLuoHyVO8mk_bKOb7KggalOfYQ2qVXxt9yLDgEPLrErvymAN1o0Gy-Jd5BRsfb3qCL_aF_4R3SmoqysTrRO__oqzgWm3LnKm_fczqYZH7nvmAxjFRC1xdg1BR1TVq56qizetSywsBeEF1hlEWWBtHR8cEFUi2OTyPLOLILulO0cwhZpbwnY22VDDoBADxGYryBhKpXegXyXnyWdrDvHiEBHjsseGNd5c8AaJZrNxzEjw10clSDjpKMhOnZPyGQNTumH2a34iTlzkto_gKLOBHqQA-CHgHiFbyN2caZKI4PSSqwFMownUXvsZhdrml9sHH_EXfvJJZC_bpkpu-IaTetoUJ0dM9kWSmytEZITOFeV12SjsvGppdHr24DyCLuTVmvK8Pb3tCwce

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://facemask3ply.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 May 2021 13:53:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 24AD 28 B
54 B 20ms
19ms XHR
application/json 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c39bcc11/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/pK_tquYwOLk
X-YouTube-Client-Version: 1.20210519.1.1
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtlUGZpZllPRnBXRSjgvKmFBg%3D%3D
X-YouTube-Ad-Signals: dt=1621778016584&flash=0&frm=2&u_tz=120&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C770%2C433&vis=1&wgl=true&ca_type=image&bid=ANyPxKpJph3jBX8oGwWU8gD5ozvb8YZtKcKUGS4BHLYJFkqlZ7jalpZn9-pMGRIoU4R6lJfemubFtgmjasuqZ38c9KIue_mSeQ

Response headers

date: Sun, 23 May 2021 13:53:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Sun, 23 May 2021 13:53:38 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKpeYZYJvzLIVqsnH6V4ZQAABHQAAAIB&google_gid=CAESEJ2PsN3l-llW9s6EYc8j7-4&google_cver=1&google_push=AQvitULZ5u_yFTkuJDm7JBD22YlALSzVAexD6O4ATlsoskakTHbJuFVZBEF7Xyk2gOT5sD2T6_fRpnjw4Q9TDAsyAvvkuB4o7ik&google_tc=

Verdicts & Comments Add Verdict or Comment

146 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-19 18:29:38	Name: test_cookie Value: CheckForPermission

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://c0.wp.com/c/5.6.4/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: http://facemask3ply.com/(Line 1168) Message: delivery_closed:
console-api	log	URL: http://facemask3ply.com/(Line 1169) Message:
console-api	log	URL: http://facemask3ply.com/(Line 1175) Message: pickup closed:

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
affiliates.jumia.com
affiliation.lws-hosting.com
ag.innovid.com
ajax.googleapis.com
c0.wp.com
cl.qualaroo.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d1fs20pid4g0bw.cloudfront.net
d61yqm8xqnu62.cloudfront.net
dntcl.qualaroo.com
facemask3ply.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
i0.wp.com
i1.wp.com
i2.wp.com
image6.pubmatic.com
kol.jumia.com
maxcdn.bootstrapcdn.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
pixel.wp.com
rtb.openx.net
s3.amazonaws.com
script.hotjar.com
static.doubleclick.net
static.getbutton.io
static.hotjar.com
stats.wp.com
tpc.googlesyndication.com
vars.hotjar.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.plumfund.com
www.youtube.com
yt3.ggpht.com
cm.g.doubleclick.net
104.16.197.130
142.250.185.98
172.217.23.98
185.59.220.194
185.64.189.115
185.98.131.209
192.0.76.3
192.0.77.2
192.0.77.37
195.110.34.84
2606:4700::6812:bcf
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:801::200a
2a00:1450:4001:801::2016
2a00:1450:4001:808::2004
2a00:1450:4001:808::200e
2a00:1450:4001:809::2006
2a00:1450:4001:810::2003
2a00:1450:4001:810::200a
2a00:1450:4001:811::2001
2a00:1450:4001:811::2008
2a00:1450:4001:828::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a03:2880:f067:e:face:b00c:0:3
2a03:2880:f164:81:face:b00c:0:25de
2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3
34.98.67.61
35.186.253.211
52.216.152.158
52.84.49.87
54.192.219.116
54.192.219.3
54.230.108.162
67.202.19.47
69.173.144.139
89.187.169.26
95.216.228.15
00535b5b597302e2749d3c2671f53ac61d0ba3b3e1a6624e6235ce18811b514b
00a390bc76c4ac07d5f6520c4bb2133bb493108ead46dff42286d7bd2af96ffb
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
094891e12073420e6812ea524f54e08f73b907cb84ce8e59f7fc1290adaf855e
0a005f9867c2f7988dc2e3f56d129a2ebb0530b6c1dc8d21cf63b211a2542074
0a4e15e0a382cdbfe1d63cbd77a59ce2f67660b54e926fbebc97fe0b7cebf869
0a9eae06d8bed89c745eb7f92f3ca81bdc456c50e0d86d28885d413b788a7d25
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0c9842b89221bf5d14cbfe6a472effa2cfd9a68b65c3de2eccc32b15fc681592
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
120aaf6681ca6d34a40c559779f0a0038582a79fce1b868ff901c94d27c89c72
15b012148f29bc34953d6c1eba68654785087a98d299f49cd8b03f882556b4f5
18847307c63d90d9adf6969ab2774e69d01cf6010ec264545fa81dc249664cf0
190a7c4644668a2aa90a4275497226b416ff65e466579cebc09b0d8d4041e541
1ae1bf1458589d1f72a7bf9a7fb9c21e8344aee819519c1dc8cbcfd9d6c16f54
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1d4cb4e8b1c6f61770e9f6cdf959dac8b81c473701597678b4b63ff0e14fc708
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
1e6543448005ecb5417ffcc6c93a57746d6037100895bff0e7c9295f4ff4ac25
21b1c346a04696c68f33050088b8bbda850a1d9c015bd70df23d7bb34f6d0e1c
21c07217d708902cdfee682027365ca578941782a3f6c431b833bad096d161fa
22be0357130d21a331678da4e1ab7a17c08cdaf0f085f9e7ee864eef7b74ef07
24f7e397faec79e62c37ff2f00b170f6dc1557fb46ac169f9f1897a9d641dd03
265d49b8ace56978d396dd031f6b88cc3239ffbbd7f0fc2253ce0e6f1ee99020
285e6033f270c397c9446502d02d015309789c30e4756cab1fc4ea473b1792bc
29b561a8a01edc4acf52d1c4c763aa21a1b540bc020b92f8bbfaf656b53a02b0
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dd698676968c4ed71694505862da139b15725778c42a171904cdc3c1baa84ff
2deb0ae7e6cf2fe155e380ca73739f0fb2c7928e7523fa0fe2bcc557f1a6205f
2e8900ba4a5768754de4fc21bcdde72bdcafa25c6c766a7f3bc44bf6c21fc412
3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
353c3644aecba97db931d60f210854bf97134582f959120577afa016c44b513a
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3a1985d1ddbad4f562c0273f3ea13da2e3f69fd45c8b5b86e2cb7d4f644db7d3
3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782
3bea34f20c813024f046166fb0ad98a8eb93d5ab93052ceb993eee238ece5b66
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4373a7c880f00a8373da62d923fdb65d84317ae8755e8a66b48e098b29adf53f
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4ab5d31ebb30a42a9ced0d9c8e7c1c676c365365b3809291f14852da830b6dff
4df2fd5c8b3681147087fa7506cef9c982c18edf99729a4412e41af2f98fe0b3
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50230a768774ba88bdeb31d5bf3cdcd95b90248334753ab4256aed572396d97b
50513220e97447dbd90de487ad124ab39824904776ce33dd39ae877608c81a64
50de09b0bb8d0ac656aa9b3a1e4ef58a3f2d1abd734cad68b0e12191e9d215ea
51e78e904c795ed5b0154a9995d1ab0b7e3667f5aede719bda86ba38236c5989
52fa3ce193ec29c5c45c4d4feacf866e326d8ca13b34727e4a7b091275e854f1
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
56da441e571ea4ef08b0150003a202420adaf871451fb22d8aa0379e9293bb2a
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
57c4962077b1d5ac3f1fc03437a5de3b2d3a377f57205673f7c47df435326772
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5b3629bf95588d63bd2cda59f7b591b2547fdc42b04576811bcc53d1ffab9006
5b3761cd6757139d3ec75a841c6588cd6d8147a43e3f799eb332384860b1b884
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
600473b6152d1d0a50097aa6fd6811dcbc9edd23e5ec77afc39b4369f14339a4
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
60e04dcb9483e44801771aab65df07bfa3fabbaf9a4386fd05f568d0e4d8710d
617ff93a10256ff57769dbcf7fc557f38ed53a840559d0bc21f31a7e1e6f230d
61c3f07bb7747bca2c8dbce7c68f2f88267f44a11dc474d342e289d761031207
61c42226424179cc5bb04ef76c58e921c9e1d068caae3f30e211be4dfa2baa1a
62d1531ff9a228cdfb6c9a7b9af1abbf58ee617a60f8d29a619f625aaa0dbc2c
6344ba60b5407714ea496dc2195e55d55a0de6446844786b976a5df387283dd2
6444a1e9958c3d6f4bc1089cecf4aef4b293cc2f0a74d194a16820951eb61adf
66692834201188242d64623d532248275efe2ba80101490c96bdce4160b78188
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c622bd9e40cb6e0cc09b5a7e851de29f65efd7b455355ca105122143f0b131b
6d8a2c36a85f22a871fc5b22a174aae86f7560befc1d205738a6c78ab41cf4a9
706c5d9a1d333f1104c18c75d500f00c565042a0c98728cd9ddf540de3e31506
719daec374e638eb6e8c7f8ecf8a44b10dcb9a55be642860852f9df7f6bf3348
723e0701a1d2e7f0d8bee5cbee1ef5295708ef423e3fc8397b669f43d1eeaa44
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
73ccc354ca723eefa1dc9eaadd2ef5b9aa9db5bbd059102a45ced99df767d10f
7b9465e174a7b4c78fb3fc6d88f7892336913139e67e38ee1471da815d38c004
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
81c7a6cefcb4a1dacff6c4ec1e39738251e1ea473026bdce1a46ab563b204365
861633984052b34bcd62b9129716bbf86e928599eb753066a6561bd09e2e6425
8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8
88264adf3d3193fb56c229f0b92e2a6096770eb76996d1fedc95f5bcb208ccda
885a3c3ed9990cf54ce828353610025f4a88a43581dab47d3d50daf3eb988fc7
89e03a11714933d0ba4caa16441cb1aa826d7cfdb23a8472acf98a4481f404aa
8aa33e48b7fd0e2464758afa99f04196872333e81066ac3b90a4abace6cf30bc
8e34fa30d251bc425762a596368b08a20812bca6fcbba712c2cdce66c86bdf8b
8e3e93a4276ae2f64c11ebef48eed032ebc27bf21de4afc423679620a4f2e3bf
8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d
92414c9756b587f7b46653524d10d3b3416a0f58f0e98ee9b5c0fa40c696d55c
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668
9521578f507778c3599bc94d056e20ac60a2018bf708b78420fbd44835ad6c31
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e8e305028ffaeba99804a94274a50309170223cca4b2c79599a97a573d4d2f5
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3e103d46649c7ca566f1b5efa51da7231d6730cbd71518b37978dba846895d8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a8b04509d8b1a35314d19eae7475024cb56f6caeeb2edf0691e151b6e4106a8b
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
a9d8a788ba4c6a61a8dcb175d765b5bbf81787659b99cce16e61627dd98c24ec
ac4cd4033ca11089bb4a296ecfbb9748b9e62b054cd2d57e082c02f67e7e9630
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
aeca5e0254bebd74d797d452cf49590f060e99ea16f956e114372442f9f91962
b0ba986694e3e31218892d9f67dfe082aef02333652235e92bed97a102eee9e9
b8a1721791589470cf216adae73475f2cbd480afe369e723b3bd62e3b62ee5a8
ba6856b3aa462b18c9f5fc3b0d553eca0fe0f03d5ff668ba7d465394c85896b1
c0da056910229efad3d6ff2180c72f7afd6d33c035c78eef9fac2d0dca0348dd
c0f31c5b0a354240e9e4ea2f86c923ab54cd995f619e4641a964ef90a21f4da3
c2743f1c4929b08ef28c37f355bd0b6b1cb12ae0f360654517792c3dd94d4f23
c28c0507be92b3cbb7e69d99861490fc0326d0e06c9817d7f5c3cd1f235732a8
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
c5da2e1eefbe4efd64ec18b775495cf3011d9ae03842917bfe1b0a50e03a7a44
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6540a3e6084c369f06de1893802d1f5076ea2670ca5fe9525c5e8e1216aebea
c9281fac8a54235faf79a5011acf4e5a3a5f7cb844a9f3dfc93988ca9cbf77f0
cfb62d0ee56f68d7f6c106f7b52b659906631372992c1c6c39a38d2c698b7f9f
cfc3ef90dc7a4f51e783a012512a5b0feb88c55f4d344481144d289e68f42b91
d074f9ef65d3f402c639eb3c9ca3d0e792c3b6d9b50e179850619b03ac511e43
d1d47c88ff3a3032a4a2a2fb9a36b468d9e340294569dc6d8b44b16c3f2efc79
d2c26a27d12c4335f3f8fe19beb7fd18d341be91bd2970240943bd04573a37d5
d3559c816af640e8382b29d02d4fbd8c7225fcf0302cf244d8b2d7cf5db2fdd1
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d87af7a2528beb59a990e0414df87b4e4115f77f3a4a750f6616ff189b70345a
dad064a371b7ec0790becc0b31c224528948d6252b5124f355ef9d4f6f4fbab2
dce489cd546a620a4e17d857d1605a4f462ef4036a78cfa924320a7601eb55a1
de2f3f8f85d0772d16e470185c313b2534169c996379fcc1657dc40ec3d1f46d
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e18594f70fa57aab69b88487678590a08787c94bdb5085c3e4f2c1951341105c
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e239bcaf54a160a9e999a4d13614980728bb8c2c1ad418af5dfd8d22233b1e2b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e96025711e7811f14dcd9988db56623e438aebf23f89dc7551a87b20c5007fb8
eb477584eed8af92a8c3297c4b2bae2596ddefeb54561a8dc5fa1ab3662515ff
ec9864744088b6d14694f3ce1f27029473cc65aee5f38fad5e2b5a3705dd6423
ed669d3d03394b3e0f0887580e22a65196c6b89371edcbd3e4c4f674598336c7
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
f03b5b1c099aae95a9bbd2e039f916814a05579df63327e1015db3b2a4e20049
f184bf969d58b613a4af3ac3895756a7a2e485b0bc2cc8985d5ba96ec58c1d9d
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3d7092e6eb6f3aa0c572e52e061a59cc88a3e9eff581c95c4bd7456800904d0
f442e878d9ac300ddb06642ce94d6542b92f115a0238af9b9fcb757b01df05db
f5f48c02692bd5d8044836018be9f76909dcab3ceabe1d8a29f1f9375e9a90b0
f7396b354608a930e9000f1a74623f0de84cfac53bb665a690eb59c248772c23
f9d16e706114d9945cc713d2ee9111bf47b76880bcd55053de1d70e96596faa2
fc2aca93db900e86617695358f604194e17ba784069aed82a26dc331d349bcc3
fc4329759e39cfe4f35cf1a9e8c53343c77f1c8154f88f2adba18415c5f47bf9
fc913fbbd87effc772ccbcb627cd91afd5d05ad8611a0982628312b786909a94
fe9ad9796d39e706fe661ddf90151c0ebc03251164354d55f1ee95ca06878b40
fece31149f61a70987e7420ff6e035cef0757e2c8408fb5989c7ab7fb07afe4a
ffb6413073471b3f4efaceb98948ca193e95b9ea01f6e137f72912e860340eca

facemask3ply.com Open in urlscan Pro 185.98.131.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

180 Requests

73 %HTTPS

50 %IPv6

32 Domains

48 Subdomains

40 IPs

5 Countries

2536 kBTransfer

9094 kBSize

1 Cookies

10 Outgoing links

Redirected requests

180 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

facemask3ply.com Open in urlscan Pro
185.98.131.209 Public Scan

Screenshot
Live screenshot

Full Image

180
Requests

73 %
HTTPS

50 %
IPv6

32
Domains

48
Subdomains

40
IPs

5
Countries

2536 kB
Transfer

9094 kB
Size

1
Cookies

180 HTTP transactions
4 data transactions