online2pdf.com Open in urlscan Pro
92.42.142.174 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://online2pdf.com/
Submission Tags: falconsandbox
Submission: On August 15 via api (August 15th 2022, 8:51:24 am UTC) from US — Scanned from DE

Summary HTTP 205 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 42 IPs in 10 countries across 33 domains to perform 205 HTTP transactions. The main IP is 92.42.142.174, located in Vienna, Austria and belongs to NESSUS, AT. The main domain is online2pdf.com. The Cisco Umbrella rank of the primary domain is 196561.
TLS certificate: Issued by R3 on May 23rd 2022. Valid for: 3 months.

This is the only time online2pdf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	92.42.142.174 92.42.142.174	47692 (NESSUS) (NESSUS)
2	92.42.142.175 92.42.142.175	47692 (NESSUS) (NESSUS)
4	2a02:26f0:150... 2a02:26f0:1500::5c7b:d549	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	13.224.195.78 13.224.195.78	16509 (AMAZON-02) (AMAZON-02)
16	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 3	37.252.173.22 37.252.173.22	29990 (ASN-APPNEX) (ASN-APPNEX)
1	3.121.203.249 3.121.203.249	16509 (AMAZON-02) (AMAZON-02)
1	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2602:803:c003... 2602:803:c003:200::61	26667 (RUBICONPR...) (RUBICONPROJECT)
1	145.40.88.5 145.40.88.5	54825 (PACKET) (PACKET)
1	2606:4700:10:... 2606:4700:10::ac43:8ae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
1	185.86.137.113 185.86.137.113	201081 (SMARTADSE...) (SMARTADSERVER)
1	185.64.190.77 185.64.190.77	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	2606:4700:20:... 2606:4700:20::681a:932	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:78b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
4	2606:4700:20:... 2606:4700:20::681a:246	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
2	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
5	37.157.6.247 37.157.6.247	198622 (ADFORM) (ADFORM)
4	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
7	37.157.5.72 37.157.5.72	198622 (ADFORM) (ADFORM)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	74.119.119.139 74.119.119.139	19750 (AS-CRITEO) (AS-CRITEO)
1	2a00:1450:400... 2a00:1450:400e:80c::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
4	2a02:26f0:350... 2a02:26f0:3500:58b::4469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 9	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
3 5	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	213.254.244.112 213.254.244.112	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	37.157.2.237 37.157.2.237	198622 (ADFORM) (ADFORM)
1 1	2600:9000:20e... 2600:9000:20eb:9800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	54.175.87.114 54.175.87.114	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
205	42

42 92.42.142.174 (Vienna, Austria)

ASN47692 (NESSUS, AT)
PTR: s4.online2pdf.com

online2pdf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.42.142.175 (Vienna, Austria)

ASN47692 (NESSUS, AT)
PTR: s5.online2pdf.com

ads.online2pdf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:1500::5c7b:d549 (Munich, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.fuseplatform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.224.195.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-78.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.19.126 (None, )

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

publift-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.173.22 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.203.249 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-203-249.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::61 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.40.88.5 (Secaucus, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:8ae (United States)

ASN13335 (CLOUDFLARENET, US)

i.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.113 (France)

ASN201081 (SMARTADSERVER, FR)

prg8.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.77 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:932 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

publift-com.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:78b (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:246 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.6.247 (Denmark)

ASN198622 (ADFORM, DK)

track.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.157.5.72 (Denmark)

ASN198622 (ADFORM, DK)

s1.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:80c::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3500:58b::4469 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.162 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.18.126 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.254.244.112 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.237 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:9800:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.175.87.114 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-87-114.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	online2pdf.com online2pdf.com — Cisco Umbrella Rank: 196561 ads.online2pdf.com — Cisco Umbrella Rank: 878664	177 KB
43	googlesyndication.com 3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 124 ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	246 KB
32	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 222 ad.doubleclick.net — Cisco Umbrella Rank: 214 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 cm.g.doubleclick.net — Cisco Umbrella Rank: 208 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 313	443 KB
12	seadform.net track.seadform.net — Cisco Umbrella Rank: 27635 s1.seadform.net — Cisco Umbrella Rank: 369583	201 KB
9	google.com adservice.google.com — Cisco Umbrella Rank: 98 www.google.com — Cisco Umbrella Rank: 10	3 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	288 KB
7	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 323	84 KB
6	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 475 rtb0.doubleverify.com — Cisco Umbrella Rank: 658 tps.doubleverify.com — Cisco Umbrella Rank: 487	130 KB
6	casalemedia.com 3 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 560 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 530	6 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 8117	1 KB
4	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1324	2 KB
4	btloader.com btloader.com — Cisco Umbrella Rank: 1206 api.btloader.com — Cisco Umbrella Rank: 1317	21 KB
4	33across.com ssc.33across.com — Cisco Umbrella Rank: 1917	806 B
4	criteo.com 1 redirects bidder.criteo.com — Cisco Umbrella Rank: 732 gum.criteo.com — Cisco Umbrella Rank: 401 mug.criteo.com — Cisco Umbrella Rank: 2755	8 KB
4	fuseplatform.net cdn.fuseplatform.net — Cisco Umbrella Rank: 25811	270 KB
3	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 238	14 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 289	122 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 277	796 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 603	1 KB
2	gstatic.com fonts.gstatic.com	65 KB
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 627	57 KB
2	videoplayerhub.com 2 redirects publift-com.videoplayerhub.com — Cisco Umbrella Rank: 45291	821 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 704	437 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 13065	553 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3213	104 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	1 KB
1	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 518	118 B
1	smartadserver.com prg8.smartadserver.com — Cisco Umbrella Rank: 20076	340 B
1	connectad.io i.connectad.io — Cisco Umbrella Rank: 7744	479 B
1	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 1237	279 B
1	rubiconproject.com fastlane.rubiconproject.com — Cisco Umbrella Rank: 528	1 KB
1	3lift.com tlx.3lift.com — Cisco Umbrella Rank: 652	509 B
1	openx.net publift-d.openx.net — Cisco Umbrella Rank: 36076	380 B
205	33

	Domain	Requested by
42	online2pdf.com	online2pdf.com
22	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com
17	tpc.googlesyndication.com	securepubads.g.doubleclick.net 3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com tpc.googlesyndication.com ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com
16	securepubads.g.doubleclick.net	cdn.fuseplatform.net securepubads.g.doubleclick.net online2pdf.com www.googletagservices.com
9	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
8	www.googletagservices.com	3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com securepubads.g.doubleclick.net ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com cdn.doubleverify.com www.googletagservices.com ad.doubleclick.net
7	s1.seadform.net	track.seadform.net s1.seadform.net online2pdf.com
7	c.amazon-adsystem.com	cdn.fuseplatform.net c.amazon-adsystem.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	track.seadform.net	3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com s1.seadform.net
5	adservice.google.com	securepubads.g.doubleclick.net
5	adservice.google.de	securepubads.g.doubleclick.net
4	cdn.doubleverify.com	ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com cdn.doubleverify.com online2pdf.com
4	www.google.com	3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com tpc.googlesyndication.com ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
4	ad-delivery.net	ads.online2pdf.com publift-com.videoplayerhub.com
4	ssc.33across.com	cdn.fuseplatform.net
4	cdn.fuseplatform.net	ads.online2pdf.com cdn.fuseplatform.net
3	ad.doubleclick.net	ads.online2pdf.com publift-com.videoplayerhub.com www.googletagservices.com
3	ib.adnxs.com	1 redirects cdn.fuseplatform.net googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	ad.doubleclick.net
2	s0.2mdn.net	ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com ad.doubleclick.net
2	ups.analytics.yahoo.com	2 redirects
2	c1.adform.net	2 redirects
2	googleads.g.doubleclick.net	ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com online2pdf.com
2	fonts.gstatic.com	fonts.googleapis.com
2	gum.criteo.com	1 redirects static.criteo.net
2	static.criteo.net	cdn.fuseplatform.net static.criteo.net
2	ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	api.btloader.com	publift-com.videoplayerhub.com
2	3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	btloader.com	ads.online2pdf.com
2	publift-com.videoplayerhub.com	2 redirects
2	ads.online2pdf.com	online2pdf.com
1	tps.doubleverify.com	cdn.doubleverify.com
1	s.ad.smaato.net	1 redirects
1	ads.travelaudience.com	1 redirects
1	dclk-match.dotomi.com	ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	fonts.googleapis.com	s1.seadform.net
1	mug.criteo.com
1	hbopenbid.pubmatic.com	cdn.fuseplatform.net
1	prg8.smartadserver.com	cdn.fuseplatform.net
1	i.connectad.io	cdn.fuseplatform.net
1	prebid.a-mo.net	cdn.fuseplatform.net
1	fastlane.rubiconproject.com	cdn.fuseplatform.net
1	bidder.criteo.com	cdn.fuseplatform.net
1	tlx.3lift.com	cdn.fuseplatform.net
1	publift-d.openx.net	cdn.fuseplatform.net
1	htlb.casalemedia.com	cdn.fuseplatform.net
205	49

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.xing.com
www.instagram.com
typing-speed.net

Subject Issuer	Validity	Valid
online2pdf.com R3	`2022-05-23` - `2022-08-21`	3 months	crt.sh
cdn.fuseplatform.net R3	`2022-06-06` - `2022-09-04`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-22` - `2023-06-21`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.a-mo.net R3	`2022-07-11` - `2022-10-09`	3 months	crt.sh
connectad.io Cloudflare Inc ECC CA-3	`2022-04-15` - `2023-04-15`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2022-07-17` - `2022-10-15`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2022-06-22` - `2022-09-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.seadform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-11-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-12-23` - `2022-12-23`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh

This page contains 23 frames:

Primary Page: https://online2pdf.com/
Frame ID: 1DE1CD99B0DB80E3559E686EFC145541
Requests: 42 HTTP requests in this frame

Frame: https://ads.online2pdf.com/vertical
Frame ID: 48C875C0745AE5C26DB654B151F98B59
Requests: 44 HTTP requests in this frame

Frame: https://ads.online2pdf.com/horizontal
Frame ID: 7FD44053F6A458C368E997E85CC39057
Requests: 20 HTTP requests in this frame

Frame: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 9637A3906CD36AEA1A6E93479102231C
Requests: 1 HTTP requests in this frame

Frame: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: A507940421A688EF8F4984CBDB3EDE27
Requests: 1 HTTP requests in this frame

Frame: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 421D696DF0F894B4F7BA817C47453EAB
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4497573D599D53C0452A09B8429965E8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 15EEA03FDFC4E8BBAAA49723D257C3C1
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E5FA9A33D8A8121DC3DDFCE616EE5AB5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AEF7C4992DAB03BD3A703E62437C68DB
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRjSl29ApEI87uT_gCyfi6gWQBYV4Or7UhFl27lCKtqmnRUt48mCjR8Tp8Vbhs9G3N90Tp7Rgep_EtXXxHqnVU1Mhui1qmKDwRHhoShA-TdfC4wcCsH5LxCeHRC65gFFGU0RIiCfLFLv2Yda8Vp6XGTvJU1QByZMpWRkNaaqPW860cVdyx4Aq7PmeJrZ9xv9OSsDISn3xIcnZyudr_uvya5iGWryvvTzZTmhJoOOaLK8QEB3kfncu4NxXAAnD6BXlQToa6tOHX8FcjUDMJbQyYLB4POSGRFIyjG_dLlLOCnQC9DNFx0v50zGbd2eClgYydcOHX5rMP-UDHNz8UcMmsN-wzn0Np1PGsC-Bq&sai=AMfl-YSG6KhhxRTZYHBDL4e8tnxfXgr6Sg5bcc-zFAXcxF3yp2D8UC_DfqIum41tOgMmArRjNXgYJLKSVY9jRdWYkUJF3fhGHFvKZr4PfbBAJn8&sig=Cg0ArKJSzNP4CqVNeZGKEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 7EA86D352A5455403067D637CCC34CCE
Requests: 4 HTTP requests in this frame

Frame: https://s1.seadform.net/Banners/Elements/Files/33069/8154594/8154594.js?ADFassetID=8154594&bv=1541
Frame ID: BF909F0442FD0A02B3D42DFF8B43B218
Requests: 12 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=online2pdf.com
Frame ID: 3AD39D22AE9DEE966FD62EFFFAF7089D
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvQ3cQON6vb_xMbXas38XlB6ExM1Pc_VLwFNPp-WnU_fm5cRPKVDwS8mbxAaIIIEOzpL8NwD7vwpAVg1rqG3QvGmyPH6_-R3B042NKaywS5JPL9xT92JNtbGjzz-5uzaHKza1Tf4wC0cHQ39DOXHmShVUcEjbItp3hpDza2ZNN2X76yxPYAmDbPLbFYUaCztMBW-YAzDSyBl5FHD29-WdIf63bFEIBzGPmrSd7HPWlKosiYtWoQhd1nV0MzYet6LKGJd6ftMdht0VI6omRfRLgwM26LHhv6OYLZVCDMvtuOd2LzkMeKR8M1Ct76zwt7olpDI2OHlSrecOMitfXyF6OvODCxBt75MoxQ5RAD&sai=AMfl-YQ8Yr5P5_laOhxOIepK4_egt2C0LmGKpFxXcn_9qs95KniVxp6Gvyb7pj86-K6Y_XETk20WTlJzN0-guBhSiSz5SqcOpYHo5sYHAof9N4Bl-YiUstOjaDB70HvxhQ&sig=Cg0ArKJSzNRnyYfqLZHsEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: EE43DBFACC5331918B3DCF967981467B
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstvBfPaT9toq87xtNyRY29Cq6zQvPoT5iCjD9dKWcxkA3E_WAhJjtyqrs2TCtn_LBc701hl5QROkFuMju5dXWQXa32yViw17yKFGW4i0XjFiOq5D5kvUQwXjncbd5nibG43MQ40RAu6R-4DFDu-BkrdqLgw8FcL6_TJC2g2Antb_oqR7EovNWAI8lwjuJ_lYBgWozKj-GkwO4WOh9S7qQEpRRjgUOm-KjguXwjFMWxYMKs7gwNfGLGMg4nSiNkRrxXJHg1IoVymwswAWpSvwIpAXnBbXLZylWOP6aiBRaStMGerEOvTXrytipJaxNBXiPQzfrX3OIc9Iz5U8lkAgr_Mc-ZqFib3pYZXqJiW&sai=AMfl-YQWzFRmmDYTG1_n88XKXVG1T0VmRZFoQFEIic69LAjkaoj8AhTABwP08TtY5oYkkGyqSmgaMKGjGT415GtSkb9KpvLqpiq3SIlaLzsBs2Q81WZjVP442hPZ9yJgjg&sig=Cg0ArKJSzFvFMC7JQ06REAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 1F0C464AB23E2B7BFB17F8DBFE5D2FE0
Requests: 4 HTTP requests in this frame

Frame: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 37A266BDBC7B40A7E7D088F7E6634EC8
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARja3uelATAB&v=APEucNVum5uJLajvKnO8j_UdKVxNXhWpIa_tt178oHKUgUrqI7SukgzMtFSDxC4MuKw-FlCvNQ_uAYuD1bMem2agTearsJqt5aZYUQorooofn9b3gKtMl9CpvekKYgbX9F2CVJBXpTVG2YKFacO0xeviZBfIoESYkJzmRie_XHM23pBPA-ShCxo
Frame ID: F60EAB86D119A2157CBB60300A22E245
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 790AAAE05D07232358BEA04B20C63B8C
Requests: 3 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=90.265;sz=160x600;u_sd=1;dc_adk=754613076;ord=usgdxn;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fonline2pdf.com$2,https%3A%2F%2Fads.online2pdf.com%2F$0;xdt=1;crlt=*eH7lXUeLb;stc=1;chaa=1;sttr=25;prcl=s
Frame ID: CD4368DA9192F0A3021C6C9E2216DD77
Requests: 11 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements2960.js
Frame ID: 2AF35A73944D3DFA9AB8254CB78D58E5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C670C5D022083426360914EB30C58ED7
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 629B6A997D4D83C04B9836BEE1B7D7AD
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js
Frame ID: 1811397E0E59EBDFE2804D11A2CB7ED2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online PDF Konverter - PDF Dateien zusammenfügen & verkleinern

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

205
Requests

93 %
HTTPS

46 %
IPv6

33
Domains

49
Subdomains

42
IPs

10
Countries

2140 kB
Transfer

6010 kB
Size

26
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Online2PDF

Search URL Search Domain Scan URL

URL: https://twitter.com/Online2PDF

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/online2pdf

Search URL Search Domain Scan URL

URL: https://www.xing.com/pages/online2pdf

Search URL Search Domain Scan URL

URL: https://www.instagram.com/online2pdf

Search URL Search Domain Scan URL

URL: https://typing-speed.net/
Title: Typing-Speed.netWie schnell können Sie tippen?Testen Sie Ihre Tippgeschwindigkeit.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 72

https://publift-com.videoplayerhub.com/galleryplayer.js HTTP 301
https://btloader.com/tag?h=publift-com&upapi=true

Request Chain 73

https://publift-com.videoplayerhub.com/galleryplayer.js HTTP 301
https://btloader.com/tag?h=publift-com&upapi=true

Request Chain 139

https://gum.criteo.com/sid/json?origin=publishertag&domain=online2pdf.com&sn=ChromeSyncframe&so=0&topUrl=online2pdf.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=d7ko8Hx4QnhDVER3WFNudzRLUkFwTTZhYW9oSVlzelY5bUJZNlRpWlZpWnhOTCtZUGlzMWpDbnp2VktQcWdlUElDTG5BeWRpbTdwYnA1eUFoL1lsTUdwb0NraXJTWmdmaGw4QXBDaUp1UlpPSmV1WGt4VDJPT3FFK0xXazRsT3RIdTJjUG8veWd5WTh1SmtTQ0pGUUxqMXZybzZmNVVsMCtFUFhtZWRxSW1VTDk0b0E5M2JYT21VbEhXSTBOSGpkR254NFVoekUzWTZmOExnWXhPNTdwd0NQMWRsOUdGcUlhYmtOaVIydnhXWEpRMlBIajVmV0RFT3A3WTZVMkhaWkIyT0F5VEM0bmJibFpCTEFjL0V1TTcrSEdVV1JRb3g5YUEzelZmMzJsNHoxY2tWST18&cppv=2

Request Chain 166

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1&C=1

Request Chain 167

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YvoJCsC3NBKCO04.oGePawAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1&google_hm=2

Request Chain 168

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEB5zJVshXti2uon3MFtdh3c&google_cver=1

Request Chain 169

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ2OTAzMTY0MDMzODM0MjAz

Request Chain 187

https://ads.travelaudience.com/google_pixel?google_gid=CAESEGH84eP1DNaSOrC-agAs68w&google_cver=1&google_push=AehlK4Dvw39vsmpQxz4PEE9ke8wKPs0NVJtHT8eawwVY4dAOfHKEPh0jtXNhROYvHlY5ko1W0Se8-XI86E_tfmNEdRF98g8j3bA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=GRtxhcRiREW2dvVPv8ELuQ2&google_push=AehlK4Dvw39vsmpQxz4PEE9ke8wKPs0NVJtHT8eawwVY4dAOfHKEPh0jtXNhROYvHlY5ko1W0Se8-XI86E_tfmNEdRF98g8j3bA

Request Chain 188

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEEUkT3WvAwkxXFB81xwn0c&google_cver=1&google_push=AehlK4BWA5072Ssqaera-iKOMjVLU5c9d5E31jZk8_HZT9mycYOvjgyYXOYeIZQRrTPxBCFcn2dbw2XBmaVcCBJ32ucmf157TQo HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEEUkT3WvAwkxXFB81xwn0c&google_cver=1&google_push=AehlK4BWA5072Ssqaera-iKOMjVLU5c9d5E31jZk8_HZT9mycYOvjgyYXOYeIZQRrTPxBCFcn2dbw2XBmaVcCBJ32ucmf157TQo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTAwNzQzODk5ODMxNjgwOTAxNA&google_push=AehlK4BWA5072Ssqaera-iKOMjVLU5c9d5E31jZk8_HZT9mycYOvjgyYXOYeIZQRrTPxBCFcn2dbw2XBmaVcCBJ32ucmf157TQo

Request Chain 189

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESELqrUzq0cuV0t-JMiyBezkE&google_cver=1&google_push=AehlK4C-aypSCfKH7euPsHXDDx48Rma2pI1pQScQY3Yw-YMq0e6ouQJYjf0ur20u-sAQh2TchDDtoKKTR8i49lOmVYbKU31hpKxI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AehlK4C-aypSCfKH7euPsHXDDx48Rma2pI1pQScQY3Yw-YMq0e6ouQJYjf0ur20u-sAQh2TchDDtoKKTR8i49lOmVYbKU31hpKxI

Request Chain 190

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIK5oVYJRv1FrS6-D0WE2Zw&google_cver=1&google_push=AehlK4C7n_nHi1ghJL9wwW6VhEUQvB-SbZbtyNpLy2pgTSmrM9ylfAh-eiEJVDGtPrjwcqqTLzy5pVu6Cp_urtdYRh6h-_CICMpmKg HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIK5oVYJRv1FrS6-D0WE2Zw&google_cver=1&google_push=AehlK4C7n_nHi1ghJL9wwW6VhEUQvB-SbZbtyNpLy2pgTSmrM9ylfAh-eiEJVDGtPrjwcqqTLzy5pVu6Cp_urtdYRh6h-_CICMpmKg&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1WVHNVdGlwRTJ1RVdTaVE4alJXV1dLNnI4bEFuTDFDU35B&google_push=AehlK4C7n_nHi1ghJL9wwW6VhEUQvB-SbZbtyNpLy2pgTSmrM9ylfAh-eiEJVDGtPrjwcqqTLzy5pVu6Cp_urtdYRh6h-_CICMpmKg

205 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
online2pdf.com/ 80 KB
14 KB 159ms
95ms Document
text/html 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to

Full URL

https://online2pdf.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),

Reverse DNS

s4.online2pdf.com

Software

Apache /

Resource Hash

faebf2994a921cb025d5301f3dba240663e6d6bf137d1424f800d9363ac5f929

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 15 Aug 2022 08:51:19 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Origin-Agent-Cluster: ?0
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK 9.5.1-11.css
online2pdf.com/de/style/ 43 KB
9 KB 38ms
38ms Stylesheet
text/css 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to

Full URL: https://online2pdf.com/de/style/9.5.1-11.css
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 519ec9de08db7a8e50fad24a010028f1618b1201a2ea76c2ce0adbc214eeade3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css;charset=UTF-8
Origin-Agent-Cluster: ?0
Cache-Control: public, max-age=3600
Transfer-Encoding: chunked
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK 9.5.1-11.js Show response
online2pdf.com/de/script/ 198 KB
39 KB 115ms
76ms Script
application/javascript 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to

Full URL: https://online2pdf.com/de/script/9.5.1-11.js
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: b65bc26802e2597a6a5d734c9c02b65ce9addfc7254a3d89e8e1273e0a9679de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Origin-Agent-Cluster: ?0
Cache-Control: public, max-age=3600
Transfer-Encoding: chunked
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98

GET
H/1.1 200
OK ads.js Show response
online2pdf.com/showad/ 19 B
317 B 92ms
36ms Script
application/javascript 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to

Full URL: https://online2pdf.com/showad/ads.js
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: f47e1908774417e324ba48098e7bdd6fd0d05280c224629d2adf48282a695a1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Origin-Agent-Cluster: ?0
Transfer-Encoding: chunked
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK flag_de.png
online2pdf.com/images/9.3.0/ 2 KB
2 KB 27ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/flag_de.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 5a68ef8b63c5914e354aa61e913e48452bb44f8f06262483b27717cdbac83eb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:18:46 GMT
Server: Apache
ETag: "658-59f0949e0f09d"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1624

GET
H/1.1 200
OK flag_en.png
online2pdf.com/images/9.3.0/ 2 KB
3 KB 27ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/flag_en.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 7bcf2bac32babb6a03adea909582627f60c69b35b617c6a2bafdc964474ba843

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:19:02 GMT
Server: Apache
ETag: "967-59f094ad2a36f"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2407

GET
H/1.1 200
OK flag_fr.png
online2pdf.com/images/9.3.0/ 1 KB
2 KB 28ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/flag_fr.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 6ca3c3b408e842f1d30e443ec9d7588f371fc2c3e50c02f51d506651c439b703

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:19:34 GMT
Server: Apache
ETag: "5f7-59f094cc37fb6"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1527

GET
H/1.1 200
OK flag_es.png
online2pdf.com/images/9.3.0/ 2 KB
2 KB 29ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/flag_es.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 160a20bb1f82b7851d7d063b20ecf4ce8af251867e1c112a27a8825e76097f4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:19:17 GMT
Server: Apache
ETag: "8ed-59f094bb99c83"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2285

GET
H/1.1 200
OK flag_it.png
online2pdf.com/images/9.3.0/ 2 KB
2 KB 48ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/flag_it.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 204c3361b4063d7d3c5017455d87516838b2bf2a11f0cdeef39abcea55221e9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:19:50 GMT
Server: Apache
ETag: "773-59f094db2f6cd"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1907

GET
H/1.1 200
OK flag_pt.png
online2pdf.com/images/9.3.0/ 3 KB
3 KB 48ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/flag_pt.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: d64d69e7dcf31e33e8ff0ca402114db859a13e8514ee0777a964430e8dfc8900

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:20:07 GMT
Server: Apache
ETag: "a20-59f094eb0d1dd"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 2592

GET
H/1.1 200
OK pdf_icon.png
online2pdf.com/images/9.3.0/ 19 KB
20 KB 58ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/pdf_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: a040eccd56269b4b1cff436d49f3328a673c968517fcf6c6da0f46d9ae5e4743

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 21:51:23 GMT
Server: Apache
ETag: "4ddc-59f08e7f6bea2"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 19932

GET
H/1.1 200
OK online2pdf_text.png
online2pdf.com/images/9.3.0/ 26 KB
27 KB 176ms
28ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/online2pdf_text.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 9a675ea5f409c66886094320441c46a00e85e7ba76201df0046f3712be427959

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 21:53:40 GMT
Server: Apache
ETag: "69bd-59f08f024006a"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 27069

GET
H/1.1 200
OK arrow_down.png
online2pdf.com/images/9.3.0/ 2 KB
3 KB 177ms
29ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/arrow_down.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 129fd31d9148b4e7cf9cdf6b99db533ca7f1a62f7ad98a764272fd943f3a0052

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:07:44 GMT
Server: Apache
ETag: "9ab-59f092266d5ad"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 2475

GET
H/1.1 200
OK menu_button.png
online2pdf.com/images/9.3.0/ 1 KB
1 KB 29ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/menu_button.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 8774fc2d7df2f003b97bb7faf6170572f8b80c6d2e7c2d1ed883b5078f014acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:21:41 GMT
Server: Apache
ETag: "4de-59f09544fa0b3"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1246

GET
H/1.1 200
OK facebook_icon.png
online2pdf.com/images/9.3.0/socialmedia/ 1 KB
1 KB 81ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/socialmedia/facebook_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 79d9d0cb995a45ed1d63a59cc6d7ee01ed1e2e01d54c1fd6da7bde3c786e69d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:29:24 GMT
Server: Apache
ETag: "419-59f096feb90aa"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1049

GET
H/1.1 200
OK twitter_icon.png
online2pdf.com/images/9.3.0/socialmedia/ 2 KB
2 KB 74ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/socialmedia/twitter_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 83afa0a7a3ed44befb6e2c53b69be58d040463f0dafac394bfe3df0d882d03b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:30:14 GMT
Server: Apache
ETag: "623-59f0972e2da84"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 1571

GET
H/1.1 200
OK linkedin_icon.png
online2pdf.com/images/9.3.0/socialmedia/ 844 B
1 KB 90ms
28ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/socialmedia/linkedin_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: a643e3b28d0dab5d1a015ffb03b60e790bfa2d111475b9b624da23996b43cc33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Mon, 04 May 2020 14:51:35 GMT
Server: Apache
ETag: "34c-5a4d3aadf9485"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 844

GET
H/1.1 200
OK xing_icon.png
online2pdf.com/images/9.3.0/socialmedia/ 2 KB
2 KB 75ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/socialmedia/xing_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 025b6f80b0784d0ecb031a02df7b0ee7048ffec09b71a7269be5cf008412a87b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Mon, 04 May 2020 15:44:22 GMT
Server: Apache
ETag: "74d-5a4d467a3173d"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 1869

GET
H/1.1 200
OK instagram_icon.png
online2pdf.com/images/9.3.0/socialmedia/ 3 KB
3 KB 89ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/socialmedia/instagram_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 8fe958140956e46fe97220f508de9e588ea2c33bc30f92e4d6aeda2b71d99f4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Mon, 01 Aug 2022 15:39:47 GMT
Server: Apache
ETag: "caf-5e52fcf4249a6"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3247

GET
H/1.1 200
OK ssl.png
online2pdf.com/images/9.3.0/ 8 KB
8 KB 94ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/ssl.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: d5ce4ea56dcebba22aa104344763baf784401ad477ec9c5a935a77eebb6b5bd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:24:30 GMT
Server: Apache
ETag: "2008-59f095e66f25b"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 8200

GET
H/1.1 200
OK step_one.png
online2pdf.com/images/9.3.0/ 448 B
716 B 106ms
26ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/step_one.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 7a024b3a515404415c303d7919b04405dac6994811c1e6af29b0a936cfa714ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:25:20 GMT
Server: Apache
ETag: "1c0-59f096155ace5"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 448

GET
H/1.1 200
OK step_two.png
online2pdf.com/images/9.3.0/ 770 B
1 KB 105ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/step_two.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: b460fb43c0d18b583b113c5fbb8eaf6f317db3df4ade6b2898f44971190cc4e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:25:56 GMT
Server: Apache
ETag: "302-59f09638292e0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 770

GET
H/1.1 200
OK step_three.png
online2pdf.com/images/9.3.0/ 794 B
1 KB 105ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/step_three.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 657a6270acd4d75e521ead362617cadcaaddea44b685e2974d2edcf632e6e1d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:25:40 GMT
Server: Apache
ETag: "31a-59f09628d4c93"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 794

GET
H/1.1 200
OK info.png
online2pdf.com/images/9.3.0/ 3 KB
3 KB 30ms
29ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/info.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: fb88fd8b1c6da5a5596e484dfc2698ede30654596bd081f9558e25d20578ca06

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:20:41 GMT
Server: Apache
ETag: "c1d-59f0950bcfa92"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 3101

GET
H/1.1 200
OK preferences_compression_icon.png
online2pdf.com/images/9.3.0/preferences/ 844 B
1 KB 98ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/preferences/preferences_compression_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 67a0cd3879eb0b17424177823ebc4d20069197e97bb483fe63f2a629b3f4e138

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:40:13 GMT
Server: Apache
ETag: "34c-59f09969cdf2c"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 844

GET
H/1.1 200
OK preferences_view_icon.png
online2pdf.com/images/9.3.0/preferences/ 694 B
962 B 65ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/preferences/preferences_view_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: eb87d6943cde131a0710f9c48fa641b4f65866455668ce3439052cbd3234d109

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:41:36 GMT
Server: Apache
ETag: "2b6-59f099b817de6"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 694

GET
H/1.1 200
OK preferences_image_icon.png
online2pdf.com/images/9.3.0/preferences/ 955 B
1 KB 84ms
29ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/preferences/preferences_image_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: fe7d221e7ccf2543f75855d55d8052df7876bcf6a8b7a372f900d5d2ab7f58ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:40:54 GMT
Server: Apache
ETag: "3bb-59f0999064275"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 955

GET
H/1.1 200
OK preferences_protection_icon.png
online2pdf.com/images/9.3.0/preferences/ 678 B
946 B 82ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/preferences/preferences_protection_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 6f0552daf770cff2789f4951a83a8913c2eafaa082785f1ba0a29700ce64ab87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:41:23 GMT
Server: Apache
ETag: "2a6-59f099abc20c4"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 678

GET
H/1.1 200
OK preferences_headerfooter_icon.png
online2pdf.com/images/9.3.0/preferences/ 534 B
802 B 71ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/preferences/preferences_headerfooter_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 3134ead8cde3b183908742311737674a75dd44b201fd269ea20c7df28a38c7d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:40:41 GMT
Server: Apache
ETag: "216-59f09984220f6"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 534

GET
H/1.1 200
OK preferences_excel_icon.png
online2pdf.com/images/9.3.0/preferences/ 883 B
1 KB 67ms
28ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/preferences/preferences_excel_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 2722c954a8ba72763a8b76c7f4ff1dea2c543c3a1ff14837dea2a9fe789a8942

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:40:28 GMT
Server: Apache
ETag: "373-59f099780d51a"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 883

GET
H/1.1 200
OK preferences_layout_icon.png
online2pdf.com/images/9.3.0/preferences/ 213 B
480 B 86ms
30ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/preferences/preferences_layout_icon.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: eacea388d593b25ed247ec1f6c94b68e266a5f9b9ead59bf3a0b2a32b6f414d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:41:06 GMT
Server: Apache
ETag: "d5-59f0999c1d8d8"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 213

GET
H/1.1 200
OK help.png
online2pdf.com/images/9.3.0/ 906 B
1 KB 31ms
30ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/help.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 71c77b11affd8a8f825dce30164019fcbd612b0cfabaf91f1f73cdff3562f731

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:20:24 GMT
Server: Apache
ETag: "38a-59f094fbe2b67"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 906

GET
H/1.1 200
OK tooltip_arrow.png
online2pdf.com/images/9.3.0/ 368 B
636 B 29ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/tooltip_arrow.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 730f8076b0de7120b1a302aac1256ab376b6637edb87485590dc9413daa27554

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:26:29 GMT
Server: Apache
ETag: "170-59f09657b2fe5"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 368

GET
H/1.1 200
OK word.png
online2pdf.com/images/9.3.0/file_icon/ 2 KB
2 KB 66ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/file_icon/word.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 517d69e9ba18ba94dc1d595b01a4a6253d127e07a2e5b3c8d50072c35f86be77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:36:41 GMT
Server: Apache
ETag: "687-59f0989f0bccb"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1671

GET
H/1.1 200
OK excel.png
online2pdf.com/images/9.3.0/file_icon/ 2 KB
2 KB 62ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/file_icon/excel.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 89b41f25cc4a5d2672857d6038ab85e975f71b54e056cc8598963b8f8cfd7c5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:32:54 GMT
Server: Apache
ETag: "700-59f097c6928b3"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1792

GET
H/1.1 200
OK powerpoint.png
online2pdf.com/images/9.3.0/file_icon/ 2 KB
2 KB 62ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/file_icon/powerpoint.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: da2b63fefed1687611db88864450bdc8162f0b3a6c11d0b0cb1472821e48eeb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:35:09 GMT
Server: Apache
ETag: "62e-59f098479412e"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1582

GET
H/1.1 200
OK publisher.png
online2pdf.com/images/9.3.0/file_icon/ 2 KB
2 KB 102ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/file_icon/publisher.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: bf3f98017b277064d325789b391f88c47f5668fc852258bdd7f276db542481e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:35:41 GMT
Server: Apache
ETag: "6da-59f09865e4ee0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 1754

GET
H/1.1 200
OK image.png
online2pdf.com/images/9.3.0/file_icon/ 1 KB
1 KB 47ms
28ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/file_icon/image.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 4a68b17866cc125378f37d90b56c4ac5ecd36ea37f1be71e12681eaca4831039

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:33:07 GMT
Server: Apache
ETag: "4a8-59f097d3723ea"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 1192

GET
H/1.1 200
OK odf_write.png
online2pdf.com/images/9.3.0/file_icon/ 2 KB
2 KB 92ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/file_icon/odf_write.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 822ca33fd3327e591efb7df27161328ff3b035a19f03218c3c5de686fca5e2bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:34:22 GMT
Server: Apache
ETag: "615-59f0981a6a9df"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1557

GET
H/1.1 200
OK xps.png
online2pdf.com/images/9.3.0/file_icon/ 1 KB
2 KB 101ms
27ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/file_icon/xps.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: 4a6a9091297d86c3d40e17c33b76dcda3bc20fc059522c3eb046db923d0e681a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:36:58 GMT
Server: Apache
ETag: "5fa-59f098af63882"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 1530

GET
H/1.1 200
OK pdf_format.png
online2pdf.com/images/9.3.0/file_icon/ 1 KB
2 KB 47ms
28ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/file_icon/pdf_format.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: c558d2c2f86b94d74442397a88c53c5bf27e812b165926f50b7dd07ba069e802

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 20 Feb 2020 22:34:56 GMT
Server: Apache
ETag: "510-59f0983b1ea6c"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1296

GET
H/1.1 200
OK false2.png
online2pdf.com/images/9.3.0/ 1 KB
1 KB 29ms
26ms Image
image/png 92.42.142.174
NESSUS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online2pdf.com/images/9.3.0/false2.png
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.174 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s4.online2pdf.com
Software: Apache /
Resource Hash: efd2fe255e4154630d6cfba7635156bee870a053148dfee8618fe28d31703639

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:19 GMT
Last-Modified: Thu, 27 Feb 2020 14:26:03 GMT
Server: Apache
ETag: "473-59f8f8037a7b3"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 1139

GET
H/1.1 200
OK vertical Show response
ads.online2pdf.com/ Frame 48C8 2 KB
1 KB 143ms
36ms Document
text/html 92.42.142.175
NESSUS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.online2pdf.com/vertical
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/de/script/9.5.1-11.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.175 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s5.online2pdf.com
Software: Apache /
Resource Hash: e30aaafd4c7dd534259b8e35db4af9af5913b5dc7734364ac0e232c677d1f2e4

Request headers

Referer: https://online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 15 Aug 2022 08:51:19 GMT
Keep-Alive: timeout=5, max=100
Origin-Agent-Cluster: ?0
Server: Apache
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H/1.1 200
OK horizontal Show response
ads.online2pdf.com/ Frame 7FD4 2 KB
1 KB 143ms
36ms Document
text/html 92.42.142.175
NESSUS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.online2pdf.com/horizontal
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/de/script/9.5.1-11.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.42.142.175 Vienna, Austria, ASN47692 (NESSUS, AT),
Reverse DNS: s5.online2pdf.com
Software: Apache /
Resource Hash: efb6f9331a30ebe5adfbccc4aacf53fdbb5c6fd74edcc0fb64bac144b5a46d2b

Request headers

Referer: https://online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 15 Aug 2022 08:51:19 GMT
Keep-Alive: timeout=5, max=100
Origin-Agent-Cluster: ?0
Server: Apache
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 fuse.js Show response
cdn.fuseplatform.net/publift/tags/2/2825/ Frame 48C8 192 KB
47 KB 193ms
74ms Script
application/x-javascript 2a02:26f0:1500::5c7b:d549
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.fuseplatform.net/publift/tags/2/2825/fuse.js
Requested by: Host: ads.online2pdf.com
URL: https://ads.online2pdf.com/vertical
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1500::5c7b:d549 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8e69d5b37fade9258cc077f5e205a840c12a461220fe0dc1e6eac75d08fe7168

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:19 GMT
content-encoding: gzip
last-modified: Thu, 11 Aug 2022 06:15:11 GMT
server: AkamaiNetStorage
etag: "18905d22aff5371589c4641d97b23fea:1660198511.586862"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1800
accept-ranges: bytes
content-length: 47489
expires: Mon, 15 Aug 2022 09:21:19 GMT

GET
H2 200 fuse.js Show response
cdn.fuseplatform.net/publift/tags/2/2825/ Frame 7FD4 192 KB
47 KB 198ms
79ms Script
application/x-javascript 2a02:26f0:1500::5c7b:d549
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.fuseplatform.net/publift/tags/2/2825/fuse.js
Requested by: Host: ads.online2pdf.com
URL: https://ads.online2pdf.com/horizontal
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1500::5c7b:d549 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8e69d5b37fade9258cc077f5e205a840c12a461220fe0dc1e6eac75d08fe7168

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:19 GMT
content-encoding: gzip
last-modified: Thu, 11 Aug 2022 06:15:11 GMT
server: AkamaiNetStorage
etag: "18905d22aff5371589c4641d97b23fea:1660198511.586862"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1800
accept-ranges: bytes
content-length: 47489
expires: Mon, 15 Aug 2022 09:21:19 GMT

GET
H2 200 prebid.js Show response
cdn.fuseplatform.net/publift/tags/2/2825/ Frame 48C8 281 KB
88 KB 39ms
39ms Script
application/x-javascript 2a02:26f0:1500::5c7b:d549
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/fuse.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1500::5c7b:d549 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 1b97323ecf0a41f85d34ef3b38b6140521b9c74bd82e2a5ea88643cd3f91949d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:19 GMT
content-encoding: gzip
last-modified: Thu, 11 Aug 2022 06:15:11 GMT
server: AkamaiNetStorage
etag: "c0144ebdf8e3928f9bae55bc33fc1634:1660198511.561079"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1800
accept-ranges: bytes
content-length: 89818
expires: Mon, 15 Aug 2022 09:21:19 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 48C8 140 KB
39 KB 81ms
18ms Script
application/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/fuse.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b95939599754deb2250672a0ecba1494e7af2352a3598695df9684d77f953d73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 15 Aug 2022 07:56:06 GMT
content-encoding: gzip
last-modified: Thu, 30 Jun 2022 20:51:38 GMT
server: AmazonS3
age: 3314
etag: W/"72916dde70b34122b394074010b382ce"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ed4565467c6c9847b6a3fcb6cec799e4.cloudfront.net (CloudFront), 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA2-C1
x-amz-cf-id: kW-GbpdI_e_zE-50Gmdl1J6t_ncbH-ob2p9QLeJcxrn8cUnidH6YNQ==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 48C8 83 KB
29 KB 90ms
24ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/fuse.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

60eb12486bd244f9b2c77d851a209c7f1cf81a9a82bce5662efb019b50b6f56c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28772
x-xss-protection: 0
server: sffe
etag: "1304 / 454 of 1000 / last-modified: 1660341990"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 15 Aug 2022 08:51:20 GMT

GET
H2 200 prebid.js Show response
cdn.fuseplatform.net/publift/tags/2/2825/ Frame 7FD4 281 KB
88 KB 43ms
42ms Script
application/x-javascript 2a02:26f0:1500::5c7b:d549
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/fuse.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1500::5c7b:d549 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 1b97323ecf0a41f85d34ef3b38b6140521b9c74bd82e2a5ea88643cd3f91949d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:19 GMT
content-encoding: gzip
last-modified: Thu, 11 Aug 2022 06:15:11 GMT
server: AkamaiNetStorage
etag: "c0144ebdf8e3928f9bae55bc33fc1634:1660198511.561079"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1800
accept-ranges: bytes
content-length: 89818
expires: Mon, 15 Aug 2022 09:21:19 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 7FD4 140 KB
39 KB 84ms
32ms Script
application/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/fuse.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b95939599754deb2250672a0ecba1494e7af2352a3598695df9684d77f953d73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 15 Aug 2022 07:56:06 GMT
content-encoding: gzip
last-modified: Thu, 30 Jun 2022 20:51:38 GMT
server: AmazonS3
age: 3314
etag: W/"72916dde70b34122b394074010b382ce"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ed4565467c6c9847b6a3fcb6cec799e4.cloudfront.net (CloudFront), 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA2-C1
x-amz-cf-id: wyAX1Ah49_di7a3z12iSWGLPWc2mKX6O4GFDxhTyoHGe7EGl9zs3Kw==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 7FD4 83 KB
28 KB 95ms
39ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/fuse.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

93af25a5d3c24d7d17b3e4b44453be93abd3f54c836ae6e7b99a718561dd8d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28765
x-xss-protection: 0
server: sffe
etag: "1304 / 759 of 1000 / last-modified: 1660553016"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 15 Aug 2022 08:51:20 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 48C8 4 KB
2 KB 162ms
118ms XHR
application/json 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=844728&v=7.2&r=%7B%22id%22%3A%2214d0e5d5177b94%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22222a99420ba505%22%2C%22ext%22%3A%7B%22siteID%22%3A%22844728%22%2C%22sid%22%3A%22120x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A120%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2236ed7d202e0595%22%2C%22ext%22%3A%7B%22siteID%22%3A%22844728%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%224f5fadf73097ee%22%2C%22ext%22%3A%7B%22siteID%22%3A%22844728%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%225a92ebe6407fd7%22%2C%22ext%22%3A%7B%22siteID%22%3A%22844728%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%5D%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fonline2pdf.com%2F%22%2C%22page%22%3A%22https%3A%2F%2Fonline2pdf.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22publift.com%22%2C%22sid%22%3A%2201G47GECJV6Y4SCXCV15STK2KH%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17889fbe0a5a0e77b4f58973bdfd8feb6fa534352e9be69cd831b31649a71c91

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KgT3sJUBqI4twq%2BxMuv1Mn4hkCWVucZrEHYDxi6kdvK2Y9Txy8apEk5u4bc7PyRNJTd1URFN1oeWeKMKinQDUErQQZqjMNeIqze4kCGHV9RB6OkHaV0H8cQo%2BE2whjqPic35Zolb"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://ads.online2pdf.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73b0b0127ef99012-FRA
expires: 0

GET
H2 200 arj Show response
publift-d.openx.net/w/1.0/ Frame 48C8 73 B
380 B 66ms
29ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://publift-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fonline2pdf.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.2&dddid=8ca07eeb-f1ee-4e10-b9b8-0fbe83183264%2C8ca07eeb-f1ee-4e10-b9b8-0fbe83183264%2C8ca07eeb-f1ee-4e10-b9b8-0fbe83183264%2C8ca07eeb-f1ee-4e10-b9b8-0fbe83183264&nocache=1660553480013&schain=1.0%2C1!publift.com%2C01G47GECJV6Y4SCXCV15STK2KH%2C1%2C%2C%2C&aus=120x600%2C160x600%2C300x250%2C300x600%7C120x600%2C160x600%2C300x250%2C300x600%7C120x600%2C160x600%2C300x250%2C300x600%7C120x600%2C160x600%2C300x250%2C300x600&divIds=fuse-slot-22756694728-1%2Cfuse-slot-22756694728-1%2Cfuse-slot-22756694728-1%2Cfuse-slot-22756694728-1&auid=557545879%2C557545879%2C557545879%2C557545879
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 2332a4979816a8f9f4fe2261d2277d5dd75e849f7c1601acf40c3443a60c78df

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://ads.online2pdf.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 48C8 20 KB
12 KB 221ms
181ms XHR
application/json 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

060ffcd79e610c3c1d28296fc009ae767fdd2168eaaa509e15b540ce82804b77

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 Aug 2022 08:51:20 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.31; 217.64.151.31; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e5d3529b-f288-4ce0-abe7-b5c4b3a9b6fe
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://ads.online2pdf.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 48C8 19 B
509 B 134ms
95ms XHR
application/json 3.121.203.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.27.1&referrer=https%3A%2F%2Fonline2pdf.com%2F&tmax=1000

Requested by

Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.121.203.249 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-121-203-249.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:20 GMT
accept-ch: sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://ads.online2pdf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 48C8 0
220 B 72ms
23ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.27.1&cb=45268113377

Requested by

Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 15 Aug 2022 08:51:19 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://ads.online2pdf.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 48C8 265 B
1 KB 294ms
142ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20884&site_id=433180&zone_id=2477104&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!publift.com,01G47GECJV6Y4SCXCV15STK2KH,1,,,&rf=https%3A%2F%2Fonline2pdf.com%2F&tk_flint=pbjs_lite_v3.27.1&x_source.tid=8ca07eeb-f1ee-4e10-b9b8-0fbe83183264&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7183038957451153
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: d9272902467388c0b7b6387712e6ea04286462e652f0112273b435efab1c31af

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 Aug 2022 08:51:20 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://ads.online2pdf.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 265
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame 48C8 0
279 B 407ms
174ms XHR
text/plain 145.40.88.5
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ads.online2pdf.com
date: Mon, 15 Aug 2022 08:51:20 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 63
vary: origin, Accept-Encoding

POST
H2 200 v2 Show response
i.connectad.io/api/ Frame 48C8 107 B
479 B 136ms
85ms XHR
application/json 2606:4700:10::ac43:8ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://i.connectad.io/api/v2
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41da6d9bd0ca1e07d9b58bbad215dcac1facdedf35d504b318aad27060c9850b

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://ads.online2pdf.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 73b0b01288ca01db-ZRH
content-type: application/json
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ Frame 48C8 66 B
332 B 166ms
107ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 250952133a6dac078436b58494dfea0ea7a0f9565be355a0a0348018fbc5e3c6

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://ads.online2pdf.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ Frame 48C8 66 B
158 B 178ms
119ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: dee9cc2ae9b94346af4eaf91a2e7ae9de7b1cc912df1c0ca2ca46d8a278e2fcc

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://ads.online2pdf.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ Frame 48C8 66 B
158 B 267ms
208ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: f20d4b0a4399ede8c79186f15221344753f304f0c56532704294445c2387ef95

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://ads.online2pdf.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ Frame 48C8 66 B
158 B 168ms
110ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 4c9997ff71353207a2e1e9ebb5d4459bf7f70d89c3f78181d4be9437e65a5add

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://ads.online2pdf.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H/1.1 200
OK v1 Show response
prg8.smartadserver.com/prebid/ Frame 48C8 0
340 B 132ms
30ms XHR
application/json 185.86.137.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg8.smartadserver.com/prebid/v1
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:19 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://ads.online2pdf.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 48C8 0
118 B 123ms
41ms XHR
text/plain 185.64.190.77
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.77 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.online2pdf.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ads.online2pdf.com
date: Mon, 15 Aug 2022 08:51:19 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 48C8 6 KB
3 KB 48ms
16ms XHR
application/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: JXufo2ctue2uysHllG2MRpKE8F0E4.a0
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 26158
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 03 Aug 2022 22:19:11 GMT
server: AmazonS3
date: Mon, 15 Aug 2022 01:35:23 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 9nc_BefOhFWTEaO-mP-RSZbtqf523TlHwONNiUSooU4skVYFclPUPQ==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 48C8 0
308 B 17ms
17ms XHR
text/plain 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fads.online2pdf.com&pubid=8b48e249-e9e6-4a52-8b48-396ea93403e8
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:47:40 GMT
via: 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
server: Server
age: 219
x-cache: Hit from cloudfront
access-control-allow-origin: https://ads.online2pdf.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: tzVECk-3rvx_7QagGDmRbctM3fnaPI7T4B9wptRieFmlWzopzKDKhg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 7FD4 6 KB
3 KB 45ms
16ms XHR
application/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: JXufo2ctue2uysHllG2MRpKE8F0E4.a0
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 26158
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 03 Aug 2022 22:19:11 GMT
server: AmazonS3
date: Mon, 15 Aug 2022 01:35:23 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: qmLxrACTqPnFraE49sGDaaNmfCdXJ-L8BABNAfN9X9BAEEC6NO7ASg==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 7FD4 0
309 B 17ms
17ms XHR
text/plain 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fads.online2pdf.com&pubid=8b48e249-e9e6-4a52-8b48-396ea93403e8
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:47:40 GMT
via: 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
server: Server
age: 219
x-cache: Hit from cloudfront
access-control-allow-origin: https://ads.online2pdf.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: CwZOcRK8sVZa3Ar5CBtQm2zBaZDTQbSn0hpBJ900TFZym7U-nwYM2A==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ Frame 7FD4 23 B
493 B 56ms
56ms XHR
text/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fonline2pdf.com%2F&pr=https%3A%2F%2Fonline2pdf.com%2F&pid=slO9emgY8VDjp&cb=0&ws=970x120&v=8.1.0&t=2000&slots=%5B%7B%22sd%22%3A%22fuse-slot-22757043374-1%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F71161633%2C21681366940%2FONLIN2PDF_online2pdf%2Fconvert_footer%22%7D%5D&schain=1.0%2C1!publift.com%2C01G47GECJV6Y4SCXCV15STK2KH%2C1%2C%2C%2C&pubid=8b48e249-e9e6-4a52-8b48-396ea93403e8&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A0%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.195.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-195-78.fra2.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
via: 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: M0MYHZ8JH6ABHZF9ACM4
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ads.online2pdf.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: gBvx48WUT67GxnSZHwpmPXJK534SzElMMPKYLBDl2Df_3u9ju1Vpdw==

GET
H2 200 pubads_impl_2022080901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 48C8 385 KB
132 KB 16ms
15ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

e618a577f0277d37fa43eaa36bcde1a98e6698356705294205887f6ace5134d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 04:28:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15782
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134589
x-xss-protection: 0
last-modified: Tue, 09 Aug 2022 08:35:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 15 Aug 2023 04:28:18 GMT

GET
H2 200 pubads_impl_2022080901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 7FD4 385 KB
132 KB 28ms
28ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

e618a577f0277d37fa43eaa36bcde1a98e6698356705294205887f6ace5134d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 15:55:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60948
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134589
x-xss-protection: 0
last-modified: Tue, 09 Aug 2022 08:35:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 14 Aug 2023 15:55:32 GMT

GET
H2

200

tag Show response
btloader.com/ Frame 48C8
Redirect Chain

https://publift-com.videoplayerhub.com/galleryplayer.js
https://btloader.com/tag?h=publift-com&upapi=true

36 KB
10 KB

94ms
35ms

Script
application/javascript

2606:4700:20::681a:78b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?h=publift-com&upapi=true
Requested by: Host: ads.online2pdf.com
URL: https://ads.online2pdf.com/vertical
Protocol: H2
Server: 2606:4700:20::681a:78b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 737cc4ec5816fcee5916c2e3a8f99bc83ce92d994e37f8267806d63c4c151926

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73b0b013ccb20f56-MXP
date: Mon, 15 Aug 2022 08:51:20 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 15 Aug 2022 08:09:11 GMT
server: cloudflare
age: 2456
etag: W/"360725d752124a469551e8e28fad74ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IO5n2E7h02pxct1rGN7feTkyUWj834zc6uX5X4v9X9vFFKadryUstQOdmNoI%2Brw%2F2KdcAVuk2s5SJGq%2B6HWqFEipGSFo5UzM%2By2MNYRJ1Dd0Kshagk612yBE3Ldq7UZx3%2BmePX1bou2YdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br

Redirect headers

date: Mon, 15 Aug 2022 08:51:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1FkYU%2Br7NHqxCrtd8Zwdw3YlSH%2BKBlZUey5H8OgWCIPSxZKnkCwFQ8H8hVOChsKipSVtPpDLTHh39sv%2B1MFxGXmmmBxZhpcz2d4fMpubUrLm7pmlEKTZOUi6kV%2F6Q74azTd0bgsnBuiAwkAoobShelYhS3hNVC9ehspLjg%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://btloader.com/tag?h=publift-com&upapi=true
cache-control: max-age=3600
cf-ray: 73b0b0133eb08397-MXP
expires: Mon, 15 Aug 2022 09:51:20 GMT

GET
H2

200

tag Show response
btloader.com/ Frame 7FD4
Redirect Chain

https://publift-com.videoplayerhub.com/galleryplayer.js
https://btloader.com/tag?h=publift-com&upapi=true

36 KB
10 KB

92ms
32ms

Script
application/javascript

2606:4700:20::681a:78b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?h=publift-com&upapi=true
Requested by: Host: ads.online2pdf.com
URL: https://ads.online2pdf.com/horizontal
Protocol: H2
Server: 2606:4700:20::681a:78b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 737cc4ec5816fcee5916c2e3a8f99bc83ce92d994e37f8267806d63c4c151926

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73b0b013ccb10f56-MXP
date: Mon, 15 Aug 2022 08:51:20 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 15 Aug 2022 08:09:11 GMT
server: cloudflare
age: 2456
etag: W/"360725d752124a469551e8e28fad74ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8KwwHtqH08mAzyIpx3%2F5XJwFFbVquFLrK7aaLKp%2Ft4VqgpvWM3maRuFybyHJl6WZwlyU4MhoauDQKIXU1MBsWwXmUNUWJUQWGg7ZXr%2Fr26yFT0ytPjbw7Z21SWFINDPBvvANcYyTAypEw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br

Redirect headers

date: Mon, 15 Aug 2022 08:51:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i66BRwGfFBTfYW0n2YSgOMgBi4QS4YDEMbdeFcDgnP6%2FLmPfRewnkgA5g0O5asas4CsDvqXHgR%2BLVM2ttVD5H10ubbNWYs1NZwTD4zJ6TxhwMq%2BNRmsGg%2FePwSXZmWf2fT%2BfLgKw9yf%2FODCRNHFx927E0XQf%2F3RRiXQnKA%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://btloader.com/tag?h=publift-com&upapi=true
cache-control: max-age=3600
cf-ray: 73b0b0133eb18397-MXP
expires: Mon, 15 Aug 2022 09:51:20 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 7FD4 107 B
792 B 104ms
25ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7FD4 107 B
549 B 77ms
24ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7FD4 36 KB
13 KB 316ms
316ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3756586784704226&correlator=3196375680725409&eid=31068457%2C31068501%2C31068922%2C31068928%2C31064018&output=ldjh&gdfp_req=1&vrg=2022080901&ptt=17&impl=fifs&iu_parts=71161633%3A21681366940%2CONLIN2PDF_online2pdf%2Cconvert_footer&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x90&ifi=1&adks=564771284&sfv=1-0-38&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26is_refresh%3Dfalse%26slot_prev_count%3D0%26adunit_prev_count%3D0&eri=1&cust_params=fuse_profanity%3Dfalse%26fuse_site%3Dads.online2pdf.com%26fuse_path%3D%252Fhorizontal%26fuse_query%3D%26fuse_category%3Dhorizontal%26fuse_industry%3DIAB19%26testmode%3Dfalse%26inskin_yes%3Dtrue%26fuse_uuid%3D6598748c-a74c-50d4-a126-e0d772882b75%26fuse_publication_id%3D5%26GPT_READY_MS%3D500-999%26PREBID_READY_MS%3D500-999%26UAM_READY_MS%3D500-999%26CMP_DETERMINED_MS%3Ddisabled%26FUSE_LOADED_MS%3Dover_9999%26CMP_JURISDICTION%3Dunknown%26CMP_ALLOW_PERSONAL%3Dtrue%26GPT_AUCTION_START_MS%3D500-999&sc=1&cookie_enabled=1&cdm=ads.online2pdf.com&abxe=1&dt=1660553480151&lmt=1660553480&dlt=1660553479662&idt=465&adxs=121&adys=0&biw=-12245933&bih=-12245933&isw=970&ish=120&scr_x=-12245933&scr_y=-12245933&ucis=cgz7gn6dfjt9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fads.online2pdf.com%2Fhorizontal&ref=https%3A%2F%2Fonline2pdf.com%2F&top=https%3A%2F%2Fonline2pdf.com%2F&frm=24&vis=1&psz=970x120&msz=728x0&fws=384&ohw=0&ea=0&ga_vid=1053472190.1660553480&ga_sid=1660553480&ga_hid=823958936&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

51d126fda82a5e01424fdc8f428264d586a0bb080169727f0de2805b8642488f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13472
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.online2pdf.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9637 6 KB
4 KB 90ms
24ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:51:20 GMT
expires: Tue, 15 Aug 2023 08:51:20 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 px.gif
ad-delivery.net/ Frame 7FD4 43 B
350 B 99ms
32ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: ads.online2pdf.com
URL: https://ads.online2pdf.com/horizontal
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date: Mon, 15 Aug 2022 08:51:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13094
x-guploader-uploadid: ADPycdvQY4GxNLPTR-c0qyC9LZXI499YbmvVH5qEyOP7CzDUQAUFqgLpF42abIfPEcE4Xg-u8Jz74ibsivC9g3tDBl46lTvL11J5
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-type: image/gif
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3bwaOt%2FZCp6YDPS7%2B1ekv1hiNjP71Z6Sa9X%2Bql6Dho5j%2BY3fV0t0Jxh%2B%2Fnxl1hK2CKORLkRndiEVe%2BqNC2yPMxJrPaDs3%2BiQZ3S7g%2FJbr5jLzoXYSIRX%2BVl%2B3BNllsC9VRUS90NUbzrgOPJR1A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620242732037093
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 73b0b0148f4783b2-MXP
expires: Mon, 15 Aug 2022 06:13:06 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ Frame 7FD4 1 KB
664 B 74ms
15ms Image
image/x-icon 142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: ads.online2pdf.com
URL: https://ads.online2pdf.com/horizontal

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 15:11:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63591
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 15 Aug 2022 15:11:29 GMT

GET
H2 200 px.gif
ad-delivery.net/ Frame 7FD4 43 B
939 B 96ms
31ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.10912591791924564
Requested by: Host: ads.online2pdf.com
URL: https://ads.online2pdf.com/horizontal
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date: Mon, 15 Aug 2022 08:51:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13094
x-guploader-uploadid: ADPycdvQY4GxNLPTR-c0qyC9LZXI499YbmvVH5qEyOP7CzDUQAUFqgLpF42abIfPEcE4Xg-u8Jz74ibsivC9g3tDBl46lTvL11J5
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-type: image/gif
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dEMUhFgjHk7O7t0gcEvc4MsN2gkfFY6zegd9ELzdNJGG9xjkRmybFICJpy4VUQUeNOqXVJs912Q3E7RCbXrkdyPgE%2FcbgJwEUR8j5lgDKR3aKNWYfN6DVFJKkHNKk7lbZmwy3Utr43xunwL0MQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620242732037093
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 73b0b0148f4a83b2-MXP
expires: Mon, 15 Aug 2022 06:13:06 GMT

GET
H2 200 px.gif
ad-delivery.net/ Frame 48C8 43 B
339 B 88ms
33ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: publift-com.videoplayerhub.com
URL: https://publift-com.videoplayerhub.com/galleryplayer.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date: Mon, 15 Aug 2022 08:51:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13094
x-guploader-uploadid: ADPycdvQY4GxNLPTR-c0qyC9LZXI499YbmvVH5qEyOP7CzDUQAUFqgLpF42abIfPEcE4Xg-u8Jz74ibsivC9g3tDBl46lTvL11J5
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-type: image/gif
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WJkAW5tVZoewGQThkTOcdDafgePdMcaPjK7ycywpSmEenoiGFNi7V5wvF4zT7j1lEO2bxX%2BaSUwJ9%2B8suzJMOQPd6QFnJNjJFH8EM%2Fg0tkEdoh6xUbNOl4dvn9UdOOC4WIhWuluyTxUFWthpZg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620242732037093
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 73b0b0148f4e83b2-MXP
expires: Mon, 15 Aug 2022 06:13:06 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ Frame 48C8 1 KB
165 B 64ms
17ms Image
image/x-icon 142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: publift-com.videoplayerhub.com
URL: https://publift-com.videoplayerhub.com/galleryplayer.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 15:11:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63591
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 15 Aug 2022 15:11:29 GMT

GET
H2 200 px.gif
ad-delivery.net/ Frame 48C8 43 B
345 B 85ms
32ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.46126303847505645
Requested by: Host: ads.online2pdf.com
URL: https://ads.online2pdf.com/vertical
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date: Mon, 15 Aug 2022 08:51:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13094
x-guploader-uploadid: ADPycdvQY4GxNLPTR-c0qyC9LZXI499YbmvVH5qEyOP7CzDUQAUFqgLpF42abIfPEcE4Xg-u8Jz74ibsivC9g3tDBl46lTvL11J5
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-type: image/gif
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcoJ3SORSiyMpSt7K2CSepowbvOzWBsQYTPmAGduM%2F2bsvq%2FyE5lMMIO9LhNpWOtAz8mcTjr2ylhwAoLUi9zfH%2Fvg7fLAv%2BY0R5gA6148fvZ%2BlV%2Fzi1dXFmq5K3vsvKDA%2FzpVIO1svpXh7%2BJsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620242732037093
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 73b0b0148f4d83b2-MXP
expires: Mon, 15 Aug 2022 06:13:06 GMT

GET
H2 204 pv Show response
api.btloader.com/ Frame 7FD4 0
128 B 169ms
128ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=g28lxLOGlb&w=5681095387906048&o=5708166709903360&cv=2.0.9-1-g2cac8e3&r=false&vr=970x120&pageURL=https%3A%2F%2Fads.online2pdf.com%2Fhorizontal&upapi=true
Requested by: Host: publift-com.videoplayerhub.com
URL: https://publift-com.videoplayerhub.com/galleryplayer.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
cache-control: no-cache, no-store, must-revalidate
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7FD4 14 KB
11 KB 68ms
28ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022080901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e552fdeff03b091c23869902aedbc4ff39bb3c58c1b7a2d1dfd29c5d0f71bd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11046
x-xss-protection: 0

GET
H2 204 pv Show response
api.btloader.com/ Frame 48C8 0
40 B 170ms
131ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=Jh10Vj54&w=5681095387906048&o=5708166709903360&cv=2.0.9-1-g2cac8e3&r=false&vr=300x600&pageURL=https%3A%2F%2Fads.online2pdf.com%2Fvertical&upapi=true
Requested by: Host: publift-com.videoplayerhub.com
URL: https://publift-com.videoplayerhub.com/galleryplayer.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
cache-control: no-cache, no-store, must-revalidate
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 48C8 107 B
122 B 57ms
24ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 48C8 107 B
122 B 59ms
26ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48C8 56 KB
19 KB 412ms
412ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

853df1cf4198a8cdb0b49e241027710087162052787c4203cec09dc82cf36e53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19916
x-xss-protection: 0
google-lineitem-id: 6010844073
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138372682709
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.online2pdf.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 48C8 14 KB
11 KB 47ms
31ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022080901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c96d5a358aa7aae42526bf6031bbe3df52294151e2ea88907686f79c327aa762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11110
x-xss-protection: 0

GET
H2 200 container.html Show response
ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A507 6 KB
3 KB 38ms
23ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:51:20 GMT
expires: Tue, 15 Aug 2023 08:51:20 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 421D 6 KB
3 KB 57ms
23ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:51:20 GMT
expires: Tue, 15 Aug 2023 08:51:20 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7FD4 17 KB
7 KB 69ms
29ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 08:51:20 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 48C8 17 KB
6 KB 75ms
39ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 08:51:20 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 421D 0
0 74ms
74ms Fetch
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CALoiCAn6YrffDMmm9u8Pmda10Am_y5ThasKL06bfC_-m-fu6GxABINPLzjBglYKAgJgHoAGl4IzcA8gBCakCsYCKU3M2sT7gAgCoAwGqBPIBT9CiCjZpmGMDB62thu1AlzeyB0B4WmwqVp0067rww3rd1NypIKdFmjMVj4cf2SAVemDrvNAyHZqfpfXugLYtO_lAIqaPm5CC9nWUsZXCWhIGvqOfOwXhpscUpYFKWtEt1ulDYuND19W8B-pkN__stVKF7jhig4HelzAnDa0kh8kbMjS8Uoj1NVxZ8Re6M6Hah-Xr97EMfqer8OvVOqs8EqEzmw_GtbA9B_FYnnMIH1OunDjIfwTMNiB9nlwHqjmTTCqp10L2DGigVgTQ8aW-tvn8mOwjiJIB15PEOJY-oNKmIix_uCckAilTSj9WR4iDLfvABJjC7p6lA-AEAaAGEYAHs5GrKKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKaODNIIEgiI4YAQEAEYHTIDqoIBOgKAQIAKA8gLAdgTA9AVAYAXAbIXHgocCAASFHB1Yi01ODg0Mjk0NDc5MzkxNjM4GJnSIQ&sigh=QGR1aop_Yts&uach_m=[UACH]
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 / Show response
track.seadform.net/adfscript/ Frame 421D 1 KB
2 KB 172ms
37ms Script
text/javascript 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.seadform.net/adfscript/?bn=39127509;click=https://adclick.g.doubleclick.net/aclk?sa=l&ai=CuDgjCAn6YrffDMmm9u8Pmda10Am_y5ThasKL06bfC_-m-fu6GxABINPLzjBglYKAgJgHoAGl4IzcA8gBCakCsYCKU3M2sT7gAgCoAwGqBPUBT9CiCjZpmGMDB62thu1AlzeyB0B4WmwqVp0067rww3rd1NypIKdFmjMVj4cf2SAVemDrvNAyHZqfpfXugLYtO_lAIqaPm5CC9nWUsZXCWhIGvqOfOwXhpscUpYFKWtEt1ulDYuND19W8B-pkN__stVKF7jhig4HelzAnDa0kh8kbMjS8Uoj1NVxZ8Re6M6Hah-Xr97EMfqer8OvVOqs8EqEzmw_GtbA9B_FYnnMIH1OunDjIfwTMNiB9nlwHqjmTTCqp10L2DGjiVCVCMmwK8gBIghavumSl147OlZwQuE1Lth6JFoozLjGSppMSvrwd0nA-D4PABJjC7p6lA-AEAaAGEYAHs5GrKKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAG4DAHYEwPQFQH4FgGAFwE&num=1&sig=AOD64_3IioZ8vM6Za6V5vqZ9ltiaSkC82g&client=ca-pub-5884294479391638&adurl=

Requested by

Host: 3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
URL: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

fe6ff0fd7b06ad1f45c4d303ee01d7df20e1b7438b08356a164d23ba89b291a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1315
expires: -1

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/ Frame 421D 34 KB
14 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
URL: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b493e2e2fc6205daea36c1339205681e5cbaf2c816401d9d52baf9c30e19c17b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 07:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14050
x-xss-protection: 0
server: cafe
etag: 7129214490944754455
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 07:59:58 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/ Frame 421D 3 KB
1 KB 31ms
29ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
URL: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:48:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 08:48:17 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 421D 140 KB
44 KB 118ms
36ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
URL: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 08:51:20 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/ Frame 421D 17 KB
8 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
URL: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:40:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 08:40:03 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 421D 0
0 98ms
24ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSZMWtc_t0btnx_o8YtjBga3TNz_4_BPNKjdXGSsd6dMoNFyrEeyJB7wV-Y5YikFjWZwND-bwaMnaeimLVc8PN2qDd6NQ
Requested by: Host: 3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
URL: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220810/r20110914/ Frame 421D 23 KB
10 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220810/r20110914/abg_lite_fy2021.js

Requested by

Host: 3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
URL: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 309
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 08:46:11 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4497 13 KB
5 KB 73ms
15ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1211
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:31:09 GMT
expires: Tue, 15 Aug 2023 08:31:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 15EE 783 B
1001 B 81ms
27ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1e866177b20c63918d3eee2557ea041d676b3bc6b7f44cba812fad7d7cbc4272

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LmhNqZQQPdnwA7uUNsUD-w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-LmhNqZQQPdnwA7uUNsUD-w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:51:20 GMT
expires: Mon, 15 Aug 2022 08:51:20 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E5FA 13 KB
5 KB 57ms
17ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1211
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:31:09 GMT
expires: Tue, 15 Aug 2023 08:31:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AEF7 783 B
738 B 64ms
28ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ae58f0762dfe3c0f1beee43115fbaa6eb133fe22d4a67139e4160d8e52f5f470

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ebKFgAxYsZdSkL8e5U5AFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-ebKFgAxYsZdSkL8e5U5AFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:51:20 GMT
expires: Mon, 15 Aug 2022 08:51:20 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 15EE 0
0 81ms
50ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022080901&jk=3756586784704226&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AEF7 0
0 79ms
49ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022080901&jk=2782118750056554&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js Show response
pagead2.googlesyndication.com/bg/ Frame 4497 36 KB
14 KB 44ms
15ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b0017894202085bdaa7072b328cd5cae82afd6c78611ea6ddcdba732306c8f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 06:34:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8199
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14174
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 06:34:41 GMT

GET
H3 200 KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js Show response
pagead2.googlesyndication.com/bg/ Frame E5FA 36 KB
14 KB 46ms
18ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b0017894202085bdaa7072b328cd5cae82afd6c78611ea6ddcdba732306c8f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 06:34:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8199
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14174
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 06:34:41 GMT

GET
H2 200 bootstrap.js Show response
s1.seadform.net/stoat/626/s1.seadform.net/ Frame 421D 33 KB
16 KB 197ms
33ms Script
text/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.seadform.net/stoat/626/s1.seadform.net/bootstrap.js
Requested by: Host: track.seadform.net
URL: https://track.seadform.net/adfscript/?bn=39127509;click=https://adclick.g.doubleclick.net/aclk?sa=l&ai=CuDgjCAn6YrffDMmm9u8Pmda10Am_y5ThasKL06bfC_-m-fu6GxABINPLzjBglYKAgJgHoAGl4IzcA8gBCakCsYCKU3M2sT7gAgCoAwGqBPUBT9CiCjZpmGMDB62thu1AlzeyB0B4WmwqVp0067rww3rd1NypIKdFmjMVj4cf2SAVemDrvNAyHZqfpfXugLYtO_lAIqaPm5CC9nWUsZXCWhIGvqOfOwXhpscUpYFKWtEt1ulDYuND19W8B-pkN__stVKF7jhig4HelzAnDa0kh8kbMjS8Uoj1NVxZ8Re6M6Hah-Xr97EMfqer8OvVOqs8EqEzmw_GtbA9B_FYnnMIH1OunDjIfwTMNiB9nlwHqjmTTCqp10L2DGjiVCVCMmwK8gBIghavumSl147OlZwQuE1Lth6JFoozLjGSppMSvrwd0nA-D4PABJjC7p6lA-AEAaAGEYAHs5GrKKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAG4DAHYEwPQFQH4FgGAFwE&num=1&sig=AOD64_3IioZ8vM6Za6V5vqZ9ltiaSkC82g&client=ca-pub-5884294479391638&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: a27d9175457bbf67a00b3b2c6ce70e6c80aafe05558e6f0a950c6acced196951

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
last-modified: Wed, 27 Jul 2022 07:02:09 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 16 Aug 2022 11:38:02 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E5FA 0
10 B 15ms
14ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?TvZlyg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4497 0
10 B 14ms
14ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ggN18Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7EA8 0
0 52ms
51ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRjSl29ApEI87uT_gCyfi6gWQBYV4Or7UhFl27lCKtqmnRUt48mCjR8Tp8Vbhs9G3N90Tp7Rgep_EtXXxHqnVU1Mhui1qmKDwRHhoShA-TdfC4wcCsH5LxCeHRC65gFFGU0RIiCfLFLv2Yda8Vp6XGTvJU1QByZMpWRkNaaqPW860cVdyx4Aq7PmeJrZ9xv9OSsDISn3xIcnZyudr_uvya5iGWryvvTzZTmhJoOOaLK8QEB3kfncu4NxXAAnD6BXlQToa6tOHX8FcjUDMJbQyYLB4POSGRFIyjG_dLlLOCnQC9DNFx0v50zGbd2eClgYydcOHX5rMP-UDHNz8UcMmsN-wzn0Np1PGsC-Bq&sai=AMfl-YSG6KhhxRTZYHBDL4e8tnxfXgr6Sg5bcc-zFAXcxF3yp2D8UC_DfqIum41tOgMmArRjNXgYJLKSVY9jRdWYkUJF3fhGHFvKZr4PfbBAJn8&sig=Cg0ArKJSzNP4CqVNeZGKEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: online2pdf.com
URL: https://online2pdf.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7EA8 140 KB
43 KB 61ms
30ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 08:51:20 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 48C8 107 B
122 B 23ms
23ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 48C8 107 B
122 B 38ms
38ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48C8 49 KB
17 KB 352ms
352ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2782118750056554&correlator=3133016891095176&eid=31068458%2C31068915%2C31068923%2C31068925%2C31068927%2C31068921&output=ldjh&gdfp_req=1&vrg=2022080901&ptt=17&impl=fifs&iu_parts=71161633%3A21681366940%2CONLIN2PDF_online2pdf%2Cconvert_vrec&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600&ifi=2&adks=798583804&sfv=1-0-38&rcs=1&fsapi=false&prev_scp=hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D120x600%26hb_pb%3D0.02%26hb_adid%3D505a446b8e79abc%26hb_bidder%3Dappnexus%26is_refresh%3Dfalse%26slot_prev_count%3D0%26adunit_prev_count%3D0%26in2w_key%3D2%26in2w_key2%3Dnope%2Coptimization%26in2w_key4%3D--3-33%2C--3---%26in2w_key5%3Doptimization%26in2w_key6%3D--3h33h--qgz%26in2w_key7%3D1488%26in2w_key8%3D2%252C3%252C4%26in2w_key9%3Doptimization_request%26in2w_key15%3Do0%26in2w_key16%3D10%26in2w_keypm%3Dfuse-slot-22756694728-1%26in2w_key9001%3D1&eri=1&cust_params=fuse_profanity%3Dfalse%26fuse_site%3Dads.online2pdf.com%26fuse_path%3D%252Fvertical%26fuse_query%3D%26fuse_category%3Dvertical%26fuse_industry%3DIAB19%26testmode%3Dfalse%26inskin_yes%3Dtrue%26fuse_uuid%3D6598748c-a74c-50d4-a126-e0d772882b75%26fuse_publication_id%3D5%26GPT_READY_MS%3D500-999%26PREBID_READY_MS%3D0-499%26UAM_READY_MS%3D500-999%26CMP_DETERMINED_MS%3Ddisabled%26FUSE_LOADED_MS%3Dover_9999%26CMP_JURISDICTION%3Dunknown%26CMP_ALLOW_PERSONAL%3Dtrue%26amznbid%3D0%26amznp%3D0%26GPT_AUCTION_START_MS%3D500-999&sc=1&cookie=ID%3D405da4680dbb7af2%3AT%3D1660553480%3AS%3DALNI_MZo14LWtS43SGp__NnDGPSlpQ7nlQ&cdm=ads.online2pdf.com&abxe=1&dt=1660553480895&lmt=1660553480&dlt=1660553479646&idt=460&adxs=0&adys=0&biw=120&bih=1200&isw=300&ish=600&scr_x=0&scr_y=0&ucis=j2tbxnin4lpa&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fads.online2pdf.com%2Fvertical&ref=https%3A%2F%2Fonline2pdf.com%2F&top=https%3A%2F%2Fonline2pdf.com%2F&frm=24&vis=1&psz=300x600&msz=300x0&fws=256&ohw=0&ea=0&ga_vid=1702220147.1660553480&ga_sid=1660553480&ga_hid=1096611428&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

46900a82215d1cf8cef04df5a6f371efdc01c21dd319ca4837d715ab50d8d5b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17592
x-xss-protection: 0
google-lineitem-id: 5792540072
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376928999
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.online2pdf.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.seadform.net/adfserve/ Frame 421D 8 KB
4 KB 38ms
37ms Script
text/javascript 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.seadform.net/adfserve/?CC=1&bn=39127509;click=https://adclick.g.doubleclick.net/aclk?sa=l&ai=CuDgjCAn6YrffDMmm9u8Pmda10Am_y5ThasKL06bfC_-m-fu6GxABINPLzjBglYKAgJgHoAGl4IzcA8gBCakCsYCKU3M2sT7gAgCoAwGqBPUBT9CiCjZpmGMDB62thu1AlzeyB0B4WmwqVp0067rww3rd1NypIKdFmjMVj4cf2SAVemDrvNAyHZqfpfXugLYtO_lAIqaPm5CC9nWUsZXCWhIGvqOfOwXhpscUpYFKWtEt1ulDYuND19W8B-pkN__stVKF7jhig4HelzAnDa0kh8kbMjS8Uoj1NVxZ8Re6M6Hah-Xr97EMfqer8OvVOqs8EqEzmw_GtbA9B_FYnnMIH1OunDjIfwTMNiB9nlwHqjmTTCqp10L2DGjiVCVCMmwK8gBIghavumSl147OlZwQuE1Lth6JFoozLjGSppMSvrwd0nA-D4PABJjC7p6lA-AEAaAGEYAHs5GrKKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAG4DAHYEwPQFQH4FgGAFwE&num=1&sig=AOD64_3IioZ8vM6Za6V5vqZ9ltiaSkC82g&client=ca-pub-5884294479391638&adurl=;js=1;adfxid=1x;2643;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fonline2pdf.com

Requested by

Host: s1.seadform.net
URL: https://s1.seadform.net/stoat/626/s1.seadform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e505786a78ea38e9b5a3030dcbc7fa2d386880e21680dddf8b5ca0ea4fcdd598

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:20 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3513
expires: -1

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7EA8 0
0 83ms
51ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu1cTsItqemAiiRVkK-IDYvlyB20TPoEAcX9nvfmsMIrgM0X0bwu4vzN5o_re59uVB1ifyf2CzDU9jqjCsZMgpqSvdmqGOzwNt-R1reQh6coYsJOHBGUd0OKEtxrnQ_LK76ZU00uGhWClxMexoy_J3C6W7WjB-Tw47rXWUCiF4JJjkeoMzzQxbC06j-eRqlYCkQWqBFleJLpHnzwEWYcpzuuDD9kQ182a7NkpQcaae8JLiZdzPAlJ-nkYLNjdnOV2ghtDwqB-WMjx2wVai76yTzelzGChFBD7wDdIMMGd2YB302p_YqPexKDY5bGdNBi6uxhLpwmCBxPCdfy2OcAKjEKMRi5mEKnMljZGBkK4s&sai=AMfl-YTBsVmDxdOPUT-2hoA_DxXzMMVLx5Rpc7KaRvC29CJcmVKBM5myWAU0W3cpaLysqATQjD7hvdV084dYdD62dvB2JAs3B4qFBloeCRW-X20&sig=Cg0ArKJSzFfWUiimfJNJEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 15 Aug 2022 08:51:21 GMT

GET
DATA 200
OK truncated
/ Frame 421D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 442f60e4415f60a20f1296e6b9214a01910545b417c09a2b6d54c370524e6129

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 48C8 87 KB
28 KB 92ms
41ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2825/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

aeb925bb204a686701ed5795fc9a381422a479fca1cacbe35de200ac65319988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 12:51:23 GMT
server: nginx
etag: W/"62e91dcb-15b76"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Aug 2022 08:51:21 GMT

GET
H2 200 Standard Show response
s1.seadform.net/stoat/626/s1.seadform.net/load/v/0.0.221/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 421D 90 KB
39 KB 50ms
50ms Script
text/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.seadform.net/stoat/626/s1.seadform.net/load/v/0.0.221/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.seadform.net
URL: https://s1.seadform.net/stoat/626/s1.seadform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b7eeadc317a496e1de4fee39506d782aa7279cb5cb0de186bcff680b2f84fee8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
last-modified: Wed, 27 Jul 2022 07:02:09 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 16 Aug 2022 11:52:57 GMT

POST
H2 200 /
track.seadform.net/csimpr/ Frame 421D 35 B
503 B 38ms
38ms Ping
image/gif 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.seadform.net/csimpr/?bn=39127509&csi=iQ8H8gtQnRDeqgOuc0QCPfriKM4ZdgYmwOnXAYtZe1fZKGWOLEEutt6vWmW1dlSa0

Requested by

Host: s1.seadform.net
URL: https://s1.seadform.net/stoat/626/s1.seadform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:21 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 8154594.js Show response
s1.seadform.net/Banners/Elements/Files/33069/8154594/ Frame BF90 13 KB
6 KB 36ms
36ms Script
application/x-javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.seadform.net/Banners/Elements/Files/33069/8154594/8154594.js?ADFassetID=8154594&bv=1541
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 731fa3d6dcc73971dbb4c6c49223076a744d3e8eab66f86ce1ab83dd45cfa0bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
last-modified: Mon, 30 May 2022 17:50:21 GMT
server: nginx
x-amz-request-id: tx00000000000001d155316-0062fa06a0-3275313e-default
etag: W/"2c1ce5080766681aaac0a27cbbd5fbc8"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 3AD3 15 KB
6 KB 82ms
26ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=online2pdf.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

507add04d1c6597d1eaca7599452be07bd58c4fca04d195808df2909d610d9e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:51:20 GMT
server-processing-duration-in-ticks: 2308
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 48C8 87 KB
28 KB 88ms
42ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

aeb925bb204a686701ed5795fc9a381422a479fca1cacbe35de200ac65319988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 12:51:23 GMT
server: nginx
etag: W/"62e91dcb-15b76"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 16 Aug 2022 08:51:21 GMT

GET
H2 200 Adform.DHTML.js Show response
s1.seadform.net/banners/scripts/rmb/ Frame BF90 30 KB
13 KB 40ms
38ms Script
application/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.seadform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.seadform.net
URL: https://s1.seadform.net/stoat/626/s1.seadform.net/load/v/0.0.221/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
server: nginx
x-amz-request-id: tx000000000000071bb69bf-0062f9ffc9-3233e6c5-default
etag: W/"4731aef0a5114a59b4311776d270e848"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800

GET
H2 200 index_8bd1cd474465b6c94fd0.js Show response
s1.seadform.net/Banners/Elements/Files/33069/8154594/bvpath_1541/ Frame BF90 22 KB
9 KB 42ms
41ms Script
application/x-javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.seadform.net/Banners/Elements/Files/33069/8154594/bvpath_1541/index_8bd1cd474465b6c94fd0.js
Requested by: Host: s1.seadform.net
URL: https://s1.seadform.net/stoat/626/s1.seadform.net/load/v/0.0.221/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 380071f7bce78fce7dea7acb9d2c465584295889205c26c5be3ed55d1d60e71b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
last-modified: Mon, 30 May 2022 17:50:21 GMT
server: nginx
x-amz-request-id: tx00000000000001d07a890-0062fa0062-3275313e-default
etag: W/"c5598286a8540e3f481383fe92b77e4d"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 7EA8 0
0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EE43 0
0 52ms
51ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvQ3cQON6vb_xMbXas38XlB6ExM1Pc_VLwFNPp-WnU_fm5cRPKVDwS8mbxAaIIIEOzpL8NwD7vwpAVg1rqG3QvGmyPH6_-R3B042NKaywS5JPL9xT92JNtbGjzz-5uzaHKza1Tf4wC0cHQ39DOXHmShVUcEjbItp3hpDza2ZNN2X76yxPYAmDbPLbFYUaCztMBW-YAzDSyBl5FHD29-WdIf63bFEIBzGPmrSd7HPWlKosiYtWoQhd1nV0MzYet6LKGJd6ftMdht0VI6omRfRLgwM26LHhv6OYLZVCDMvtuOd2LzkMeKR8M1Ct76zwt7olpDI2OHlSrecOMitfXyF6OvODCxBt75MoxQ5RAD&sai=AMfl-YQ8Yr5P5_laOhxOIepK4_egt2C0LmGKpFxXcn_9qs95KniVxp6Gvyb7pj86-K6Y_XETk20WTlJzN0-guBhSiSz5SqcOpYHo5sYHAof9N4Bl-YiUstOjaDB70HvxhQ&sig=Cg0ArKJSzNRnyYfqLZHsEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: online2pdf.com
URL: https://online2pdf.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EE43 140 KB
43 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 08:51:21 GMT

GET
DATA 200
OK truncated
/ Frame BF90 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 94851f470921dead8767d5d7ad0249b722ae03fbf5a3810c472a3e608ebc249f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BF90 200 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4126dfd320a683caf3dec4d47ae01c9a4c613572357f295629812574cd8d2b6d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BF90 198 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51b64d295549b8ec4848952b647a9093299133bef0900736ec931e682fd8d471

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 48C8 107 B
122 B 25ms
25ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 48C8 107 B
122 B 25ms
24ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48C8 50 KB
17 KB 408ms
408ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2782118750056554&correlator=3133016891095176&eid=31068458%2C31068915%2C31068923%2C31068925%2C31068927%2C31068921&output=ldjh&gdfp_req=1&vrg=2022080901&ptt=17&impl=fifs&iu_parts=71161633%3A21681366940%2CONLIN2PDF_online2pdf%2Cconvert_vrec&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50|120x600|300x250|300x600|160x600&fluid=height&ifi=3&adks=798583804&sfv=1-0-38&rcs=2&fsapi=false&prev_scp=hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D120x600%26hb_pb%3D0.02%26hb_adid%3D505a446b8e79abc%26hb_bidder%3Dappnexus%26is_refresh%3Dfalse%26slot_prev_count%3D0%26adunit_prev_count%3D0%26amznp%3D0%26amznbid%3D0%26cmp_allow_personal%3Dtrue%26cmp_determined_ms%3Ddisabled%26cmp_jurisdiction%3Dunknown%26fuse_category%3Dvertical%26fuse_industry%3DIAB19%26fuse_loaded_ms%3Dover_9999%26fuse_path%3D%252Fvertical%26fuse_profanity%3Dfalse%26fuse_publication_id%3D5%26fuse_site%3Dads.online2pdf.com%26fuse_uuid%3D6598748c-a74c-50d4-a126-e0d772882b75%26gpt_auction_start_ms%3D500-999%26gpt_ready_ms%3D500-999%26in2w_key%3D3%26in2w_key15%3Do0%26in2w_key16%3D10%26in2w_key2%3Dnope%2Coptimization%26in2w_key4%3D--3---%2C--3---%26in2w_key5%3Doptimization%26in2w_key6%3D--3h33h--qgz%26in2w_key7%3D1488%26in2w_key8%3D2%2C3%2C4%26in2w_key9001%3D2%26in2w_keypm%3Dfuse-slot-22756694728-1%26inskin_yes%3Dtrue%26prebid_ready_ms%3D0-499%26testmode%3Dfalse%26uam_ready_ms%3D500-999&eri=1&cust_params=fuse_profanity%3Dfalse%26fuse_site%3Dads.online2pdf.com%26fuse_path%3D%252Fvertical%26fuse_query%3D%26fuse_category%3Dvertical%26fuse_industry%3DIAB19%26testmode%3Dfalse%26inskin_yes%3Dtrue%26fuse_uuid%3D6598748c-a74c-50d4-a126-e0d772882b75%26fuse_publication_id%3D5%26GPT_READY_MS%3D500-999%26PREBID_READY_MS%3D0-499%26UAM_READY_MS%3D500-999%26CMP_DETERMINED_MS%3Ddisabled%26FUSE_LOADED_MS%3Dover_9999%26CMP_JURISDICTION%3Dunknown%26CMP_ALLOW_PERSONAL%3Dtrue%26amznbid%3D0%26amznp%3D0%26GPT_AUCTION_START_MS%3D500-999&sc=1&cookie=ID%3D405da4680dbb7af2%3AT%3D1660553480%3AS%3DALNI_MZo14LWtS43SGp__NnDGPSlpQ7nlQ&cdm=ads.online2pdf.com&abxe=1&dt=1660553481337&lmt=1660553481&dlt=1660553479646&idt=460&adxs=0&adys=0&biw=-12245933&bih=-12245933&isw=300&ish=600&scr_x=-12245933&scr_y=-12245933&ucis=j2tbxnin4lpa&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fads.online2pdf.com%2Fvertical&ref=https%3A%2F%2Fonline2pdf.com%2F&top=https%3A%2F%2Fonline2pdf.com%2F&frm=24&vis=1&psz=300x600&msz=300x0&fws=256&ohw=0&ea=0&ga_vid=1702220147.1660553480&ga_sid=1660553480&ga_hid=1096611428&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

f6b66c9f9cb0f019c53f8dfaf188b74ff7f4e86c886cd34cc9e5aa4d1a1ade0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17875
x-xss-protection: 0
google-lineitem-id: 5792540072
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376928990
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.online2pdf.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 3AD3
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=online2pdf.com&sn=ChromeSyncframe&so=0&topUrl=online2pdf.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=d7ko8Hx4QnhDVER3WFNudzRLUkFwTTZhYW9oSVlzelY5bUJZNlRpWlZpWnhOTCtZUGlzMWpDbnp2VktQcWdlUElDTG5BeWRpbTdwYnA1eUFoL1lsTUdwb0NraXJTWmdmaGw4QXBDaUp1UlpPSmV1WGt4VDJPT3FFK0xXaz...

446 B
639 B

380ms
103ms

Fetch
application/json

74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=d7ko8Hx4QnhDVER3WFNudzRLUkFwTTZhYW9oSVlzelY5bUJZNlRpWlZpWnhOTCtZUGlzMWpDbnp2VktQcWdlUElDTG5BeWRpbTdwYnA1eUFoL1lsTUdwb0NraXJTWmdmaGw4QXBDaUp1UlpPSmV1WGt4VDJPT3FFK0xXazRsT3RIdTJjUG8veWd5WTh1SmtTQ0pGUUxqMXZybzZmNVVsMCtFUFhtZWRxSW1VTDk0b0E5M2JYT21VbEhXSTBOSGpkR254NFVoekUzWTZmOExnWXhPNTdwd0NQMWRsOUdGcUlhYmtOaVIydnhXWEpRMlBIajVmV0RFT3A3WTZVMkhaWkIyT0F5VEM0bmJibFpCTEFjL0V1TTcrSEdVV1JRb3g5YUEzelZmMzJsNHoxY2tWST18&cppv=2

Protocol

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Resource Hash

48df9398efd700f0d26c6e62aa56898eab4f484f407f27e6208193ff32ff6945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4660
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:20 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=d7ko8Hx4QnhDVER3WFNudzRLUkFwTTZhYW9oSVlzelY5bUJZNlRpWlZpWnhOTCtZUGlzMWpDbnp2VktQcWdlUElDTG5BeWRpbTdwYnA1eUFoL1lsTUdwb0NraXJTWmdmaGw4QXBDaUp1UlpPSmV1WGt4VDJPT3FFK0xXazRsT3RIdTJjUG8veWd5WTh1SmtTQ0pGUUxqMXZybzZmNVVsMCtFUFhtZWRxSW1VTDk0b0E5M2JYT21VbEhXSTBOSGpkR254NFVoekUzWTZmOExnWXhPNTdwd0NQMWRsOUdGcUlhYmtOaVIydnhXWEpRMlBIajVmV0RFT3A3WTZVMkhaWkIyT0F5VEM0bmJibFpCTEFjL0V1TTcrSEdVV1JRb3g5YUEzelZmMzJsNHoxY2tWST18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1552
content-length: 567
expires: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EE43 0
0 52ms
52ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8JbxtwEa1rxxsRnYNcPiNVPYFqZlPMA-z7KkfjcyNWAm34fFuFBeNd3Tp8SjMMLZtbZ3jt-_R13-7Fxe-qWpZ3hDycx5ehWvS9HSF4jL6OwxjI9MKQSu0XOzeTSFE7oDq_ynj9JWVmVTZy-GRTUAYlv1rWGdlB6m3xfPgz-G7EytGskc3aPBOJlDJlqmg5ajyHAA_4OTM4jEGaLB8yywv6cpCclk_D08g-GWHydwHS1Q21lZc3OrlmY9x35riLduL7Ip_SzkdUj-pPMXLrfcAQCvFFv03RC05h0ErNbWjugp6qZEsMkXWR7EBJUBAXSHmGDG33brisJRGeQ15WXpmv14L-dhYQIRK_KPF3Ew&sai=AMfl-YSQGiCjgkVJJafs8lMEeOx8Q36Qv6dB7YxtmzvCtJ7DxPkXfyAMahR3my01f1C__fyLbOxCdIXZ1gLD0qtrajMldTNkkFj1aDfu7o0YR8d1k6e_bfubZ9D3ZqQjnQ&sig=Cg0ArKJSzEwd3bnbUivGEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 15 Aug 2022 08:51:21 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame BF90 4 KB
1 KB 73ms
28ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Slab:400,700

Requested by

Host: s1.seadform.net
URL: https://s1.seadform.net/Banners/Elements/Files/33069/8154594/bvpath_1541/index_8bd1cd474465b6c94fd0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8b5f43a98e4a9b8d03d599594db018b3df4e3681eadb1ddcf7d21c0d13ae3ff4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:34:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 15 Aug 2022 08:51:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 Aug 2022 08:51:21 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 48C8 0
0 51ms
51ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022080901&jk=2782118750056554&bg=!RkWlRQHNAAa4hXTbmIU7ACkAdvg8WlAJffkwzyNmgg5LMXfyOLBM84ntXWoA_IyXJteB3uhloNbLgQIAAACIUgAAAAFoAQcKAHrSS3VsaD8tYYUQ6YIZfwFlPWknzcQUJ-IsBfp1OTMo2Pv-oUvH_mi_AqawaFgcIZ86DsuJ1EE9duxBKYCy7u-wfECrp8KY6ZA4KCeZUP6O2erZ9X-qeGVPkJm9DjgLLQWw7BeoYaXx00MXIzr0xrnkIUyqn6QqhA4Pc5kC67gGR3rzGBNNPSPBSsheIclY4KPT3by4y3GXm9vgkDcfAIDqCBlXcIwkr1e1L5A9RW2UyxaJwLq8wu2u4adzu-ZGxqfLLJM_CHHWl0cB2ysp6giCKRxdQWTQBi2eG7r1zetVfgqh_FKJBmZP9hAgriwohR69gl90V6awRa16wrQIV2akCX_VV0-poqvRU-XkvC5pTFalmKXVM2dnoLQq1Wr0oY08aye4Zgi46l4LlEz7YOr9vBwvWTzrodyr1WYjYpzF2To17WmatnCSXMC6ari7n1HjUkZriKPbKNIJ0hW1X8xyTmaH5Jm4-nd1Dg1kLaxju136dRAC4vXb4DcoonJ66IX2LCiR1IXOLuc_BAvhhFWXT58XpJTzRp5xtsIoY2mce8-YByd0kRp2qEm1pt2BqNYCPL--DnPMomOQVRSI3xOd4ITULZsl7y1TnDz1T3gra8ft4NhyE8LqNuPEYyaIpvVtJ6iGh7a7Vgdzst5ED0Noj11mqoKRKKnigcvz8pox-rRy64pxEiAW6jFdBai0b3iQdE-Zz8hpb_Id_wAFD7jWzoxmo_gFjIQ7JW71sq8tzt6tSEmBdfwMknC4Cg_gzI6XPiTlPXHWUYioVXUrX7yaLkv_H6OU9eE5jWHIGVrOfj347aybLXAbVuQOhgg-WE17ZatP76ryiRUa68kViV_AnmiBCmUoUE2mtGqp6eTlkLu4WRZDzDjl2YCw4-0ldFrvFJGzVBQiREVNx-j4Jxq8YgBV039pqRPsXY9QyjvHNC49mwK1qKTTacRTa-9RhFgLSypPWugUbutd6CmEjHhtZ5GTVWZ_kR1hatfHTD09Uj8hNtO1EpnZUPmoNYM68xAM7FmoAv7xeRVsdtzogWQt8iX5YO633hYZAiWC9f7K4NbuOrXlGt-cVfOISTuruTnQKaG-4rT7_3HSwgZ14SvEBGLFJTBV1Rc0fqkTRjsx_v7S19WuujKOdmaAyK1K45SiIIQZHQEK2g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7FD4 0
0 53ms
52ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022080901&jk=3756586784704226&bg=!hYalhsLNAAa4hXTbmIU7ACkAdvg8Wrqu0nYZLghlswGEB550-lEwYhE8WUE3p5atG6V5V8nc5wFBgwIAAAB5UgAAAAJoAQcKALMTiHhJT5nw0uwBGH_0Kgfp7wCyC41InhSC0I849eoHDH0Ukjva1a1Nb5vhG76IcWsGbiEQNO-YP6OF5C0U2E2_Ko-AmzpStmD2ykqYDjpPE80gKy7-G3AWtyoZGbdvy2YxgDLlOSC7KbKWPEL6E1oZvIPJ6i8wfYjxSyyK6RI5QNDvd9EzpUYwOLRNuBJ9LiQzbUo2HOXtlWq0x2CtA0sX0qqV607ToS_O5UyTHmj7pxuYJpkC5ZVwMjBc_g4q6ailxOzO86cb6WLQyxTPCia0HlHHUfahyruusI_CcuJozGgahMxE0XwvUvS4r8PQTqR4FneETX2OFRGWYoTGjoXNhxhMjyucM1t6wPOSV1jcH415KTx5mHDuWatEIx2ofJJhhdLI345huK7znhehaqfqEMR_nkmRfKdUqf5rCOlUFGlot_aOBK3Mlmn6j68CsSZFadCUy4ppJVBeydROEEISt8o0eMbZlAB83knkNJ74cNINJ3fm3DsUGdEo3hg5FVi-a7UmuPtvXTkRzq1ghXfJIyfH-iyOYGrbs6um0Zzp8q_6-xkXg8_UCMmOmyS-oR0INH5tHAuIEgrgndtCL-MNkqFJI1T1mSzUTkSZezBpe0112WHGY9klxrbUHIxxVEi72LFsoQGE5cQU1XW_Gj0qJkQ3QCIpHhDueQqKoRaPpCafQ90tLoUlD1kC9ZI42Vv4IbvhJLQRgilOrtJ-OuA5gNI6KOFNtMBzbJq7w3Fx1MSvLPyBrvW86Tvo9VCbHOoEoyPQ82vhBstv99JHMWfqfAoT21GwqcYb7345TFu1Sula6RW9qhytvANl1y0H5erUCHEXI49BizYk5z0TH4e2eTJ2KUzbwFMetHJMPg6fVirwlhZY7NIdvyP431G1Ub9NmTBl0YZzcSPcVus9qFP95Z5rdZtv02o1nc4WRTBTVVe7Mw2gOjsiqULGAsPCIUFosc0DO8f0k8I7pk4AmPueyt-dMa6esTZJlJ6QTS_TVbiVh3CPjiupQ6fxXzZPN3Ep6TTFo7DgUBrH7nPc3DjV05twaOI7qGc28YRoD7kHbznjEqv7AJycpNb4sZApa4QXB0b_Gta59vZyrtRK4ao88cdX856u9sKvTfjZrDcc1GMVQdmI4U-PsQxXZAGnGA2oV2QSq44saQElPCfpKtQaZj8J5RXBBrUhSTP91SASFh7ahZGv-ETC1CWg5i9XoXDNgb8bi5bYyskQwg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v24/ Frame BF90 32 KB
33 KB 62ms
16ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v24/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Slab:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a3993918629dfd6a59c4563e9b4d464152b51d4113957ab8ebfbdcbcdc7f536

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 09:06:46 GMT
x-content-type-options: nosniff
age: 517475
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32860
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 19:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Aug 2023 09:06:46 GMT

GET
H2 200 BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v24/ Frame BF90 32 KB
32 KB 76ms
32ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v24/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Slab:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a3993918629dfd6a59c4563e9b4d464152b51d4113957ab8ebfbdcbcdc7f536

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 09:06:46 GMT
x-content-type-options: nosniff
age: 517475
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32860
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 19:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Aug 2023 09:06:46 GMT

GET
H2 200 / Show response
track.seadform.net/dco/recommendations/ Frame BF90 972 B
545 B 76ms
74ms Script
application/javascript 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.seadform.net/dco/recommendations/?aid=33069&tid=29703&tv=1&icid=0&eid=376064&rotseqno=1&smid=0&dco=2&bnrid=39993081&intid=1844264621972127723&geo=1712,10478,276&bn=39127509&gcnt=100&pgsz=100&format=json&callback=adform_com_bo9ta9hryc

Requested by

Host: s1.seadform.net
URL: https://s1.seadform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7cb1bf030680b75275f9941c6a2afaf9002aecca78b7d58f0832fc770d5ec481

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

correlationid: 772f109e-cd4e-46be-891b-18efe10e107e
date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
x-origin: dcotar001prpitx
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript;charset=utf-8
content-length: 343

GET activeview
pagead2.googlesyndication.com/pcs/ Frame EE43 0
0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1F0C 0
0 52ms
51ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstvBfPaT9toq87xtNyRY29Cq6zQvPoT5iCjD9dKWcxkA3E_WAhJjtyqrs2TCtn_LBc701hl5QROkFuMju5dXWQXa32yViw17yKFGW4i0XjFiOq5D5kvUQwXjncbd5nibG43MQ40RAu6R-4DFDu-BkrdqLgw8FcL6_TJC2g2Antb_oqR7EovNWAI8lwjuJ_lYBgWozKj-GkwO4WOh9S7qQEpRRjgUOm-KjguXwjFMWxYMKs7gwNfGLGMg4nSiNkRrxXJHg1IoVymwswAWpSvwIpAXnBbXLZylWOP6aiBRaStMGerEOvTXrytipJaxNBXiPQzfrX3OIc9Iz5U8lkAgr_Mc-ZqFib3pYZXqJiW&sai=AMfl-YQWzFRmmDYTG1_n88XKXVG1T0VmRZFoQFEIic69LAjkaoj8AhTABwP08TtY5oYkkGyqSmgaMKGjGT415GtSkb9KpvLqpiq3SIlaLzsBs2Q81WZjVP442hPZ9yJgjg&sig=Cg0ArKJSzFvFMC7JQ06REAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: online2pdf.com
URL: https://online2pdf.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1F0C 140 KB
43 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 08:51:21 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 48C8 107 B
122 B 25ms
25ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 48C8 107 B
122 B 26ms
25ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ads.online2pdf.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48C8 24 KB
12 KB 420ms
419ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2782118750056554&correlator=3133016891095176&eid=31068458%2C31068915%2C31068923%2C31068925%2C31068927%2C31068921&output=ldjh&gdfp_req=1&vrg=2022080901&ptt=17&impl=fifs&iu_parts=71161633%3A21681366940%2CONLIN2PDF_online2pdf%2Cconvert_vrec&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50|120x600|160x600|300x250|300x600&fluid=height&ifi=4&adks=798583804&sfv=1-0-38&rcs=3&fsapi=false&prev_scp=hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D120x600%26hb_pb%3D0.02%26hb_adid%3D505a446b8e79abc%26hb_bidder%3Dappnexus%26is_refresh%3Dfalse%26slot_prev_count%3D0%26adunit_prev_count%3D0%26amznp%3D0%26amznbid%3D0%26cmp_allow_personal%3Dtrue%26cmp_determined_ms%3Ddisabled%26cmp_jurisdiction%3Dunknown%26fuse_category%3Dvertical%26fuse_industry%3DIAB19%26fuse_loaded_ms%3Dover_9999%26fuse_path%3D%252Fvertical%26fuse_profanity%3Dfalse%26fuse_publication_id%3D5%26fuse_site%3Dads.online2pdf.com%26fuse_uuid%3D6598748c-a74c-50d4-a126-e0d772882b75%26gpt_auction_start_ms%3D500-999%26gpt_ready_ms%3D500-999%26inskin_yes%3Dtrue%26prebid_ready_ms%3D0-499%26testmode%3Dfalse%26uam_ready_ms%3D500-999%26in2w_key%3D4%26in2w_key15%3Do0%26in2w_key16%3D1%26in2w_key2%3Dnope%2Coptimization%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3h33h--qgz%26in2w_key7%3D1488%26in2w_key8%3D2%2C3%2C4%26in2w_key9001%3D3%26in2w_keypm%3Dfuse-slot-22756694728-1%26in2w_key3%3Dadx1488%26in2w_key12%3Doptimization&eri=1&cust_params=fuse_profanity%3Dfalse%26fuse_site%3Dads.online2pdf.com%26fuse_path%3D%252Fvertical%26fuse_query%3D%26fuse_category%3Dvertical%26fuse_industry%3DIAB19%26testmode%3Dfalse%26inskin_yes%3Dtrue%26fuse_uuid%3D6598748c-a74c-50d4-a126-e0d772882b75%26fuse_publication_id%3D5%26GPT_READY_MS%3D500-999%26PREBID_READY_MS%3D0-499%26UAM_READY_MS%3D500-999%26CMP_DETERMINED_MS%3Ddisabled%26FUSE_LOADED_MS%3Dover_9999%26CMP_JURISDICTION%3Dunknown%26CMP_ALLOW_PERSONAL%3Dtrue%26amznbid%3D0%26amznp%3D0%26GPT_AUCTION_START_MS%3D500-999&sc=1&cookie=ID%3D405da4680dbb7af2%3AT%3D1660553480%3AS%3DALNI_MZo14LWtS43SGp__NnDGPSlpQ7nlQ&cdm=ads.online2pdf.com&abxe=1&dt=1660553481789&lmt=1660553481&dlt=1660553479646&idt=460&adxs=0&adys=0&biw=-12245933&bih=-12245933&isw=300&ish=600&scr_x=-12245933&scr_y=-12245933&ucis=j2tbxnin4lpa&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fads.online2pdf.com%2Fvertical&ref=https%3A%2F%2Fonline2pdf.com%2F&top=https%3A%2F%2Fonline2pdf.com%2F&frm=24&vis=1&psz=300x600&msz=300x0&fws=256&ohw=0&ea=0&ga_vid=1702220147.1660553480&ga_sid=1660553480&ga_hid=1096611428&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

6c8e8e9a1a49698bba91f4f99ce5e520bd25bc53a2558735dee5f4d0d2a61b17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12171
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.online2pdf.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1F0C 0
0 52ms
51ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsss31iuVyA0J7gsO3cPDW5BZ9lLPzQjvy-1xHNkfQDbjUqpdDml3k9l5DsTqPeXmkBP6rmEs2LxbYzM9cehEGvynYIw45qjfb9B8feyPe-SM1p_NzANKAWM5NsWSLLDSSqtHXzXZRSTT2llGrM9z97NMLXIMJkp7z4F1njl0i4GLbAl8kf-fPErmD5CtTXLn5WSh_exlrDeChYjp8fTBl7RN7hoxHR7tA7MLFGO1scXJbFsCJsj3PD4X43k7W8isSQag6HQaQydod7hkEfYgKjvxtlRLlY8s6byP6ocLhCesFTn0yfl8sLGWOla9NPTzqcUfk1hsXejlO990O0vU3IPZJj2ZPG0EcEU4PSVqug&sai=AMfl-YRFjmfIgjt7XoxtbX0APnbDdzLm2USSvcrZHghdAvAh1dqDKOK7xbIMLnax8xvMomySGCpnxuXU23HOH0nRCMxs0akmryYFup23kEX-O1Q5NLwIu6RDK6K2XX3Dfg&sig=Cg0ArKJSzM15CP2nkIMREAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.online2pdf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 15 Aug 2022 08:51:21 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 421D 42 B
64 B 54ms
53ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsugoV5yL3CxwvuE-lmOUb-wsf7kAAZr3URAoAFzUTNYsecugwGxpokjphSERdM2hyG-QarZX_q7wUIP4I_NwwEWxwYcG_LuA0rFISKcdDVlvOur8uNCnp5B-c2IkD2-dRGL5PDwwkvb7kj7ImhN1xrIy4Qse2RH-y-z3tnlcwuF02ipG-p1Rk4gVg8sKrutFnLpk-DtiZ2s6nR6l2BdJS_p2rin9JgbEv1q-gHRUI-yZTWxQxzhBzsBu9BUW2PLLfK3Bz3xjG1rBsuMXAuYz8Bqg1fcKyrXT8Azrf8JT83S6TiZ-jdY73EJ7rkM-gzSo8PQwRSEZ-pcJX5yhvfNVlW9IhzatPjmQodQEKcVfUqRdQHUfPsFGwIDEvoQ6257aDXVir1ArPJZ6DJ5SZ3sLNN6SUDJ4mkUKAWptJ2YDGVBK-f9PNfh0eXZD-Z-BH5bBELWObYMzLqeeZFXIKfVK6Wf45hJl_nWT4XP5vrcQJ_4N-Q-FCLLbTkpioD9US7ALU_nuS79nGE8py8gjjzpGOTnlkBhy7Vqt5SNOspMcWvAurLRVV34_1hz3c3FBhZcbpMJnXwZmMx5vqig8nggByK-4gbYwGXkGlbzY1NMgyZbmv0O0ndZw-2XdmOnvQYLeYqjthGYKjNaWX3ZrA_5Z-2yi6LiMQBmW_I0Y6GtQHySo3n4Exhkqjm3-PPWHHj1-mD7mKsMJB96pJrDP8Z2sHkx2ieqkHRxFj4_B6guVOzzBgtzW-yPZboatLoARrTCb_mV-ecuXpExXP5aZ_zq3i6kIYXeVhICMlVFbQTK156VjdTxIfKkZErawnxzBe5Wr0wrbHBwGAufHgPEXtvhu7syuTNtzTMNGjM3coPo77dfgeJA1yojIR-DZdNVAIhmSPEg6MUP-ruBQh-Teopz3BsSBHzl2M_kxaRlFHrowMJw8WToIIbilfiT9a6rrqVnnMUR_-FDSjYOCEGlrJXMRjqBEUoYgoHLnmSezCuE9FkugQXZwbTKtlPeaJjDktVSvrEwCEWk_wIqRl3ooGI&sai=AMfl-YRys4qHSLYTTtXL3vBWb5hDFXn3v24t70sxBzmqNmL84SlJjjoaM2o7Mf6JdxVzSW8Q7x9Wt8NHzdQBdC8uuOB1eg3s52hjq085E6I81r2kiVpCD2R0I-ZBcMAG-gK223bWoSUsgPaBfkBX&sig=Cg0ArKJSzI2z5f2ucti7EAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220810&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=564771284&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660553480483&rpt=539&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 1F0C 0
0

GET
H3 200 container.html Show response
ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 37A2 6 KB
3 KB 23ms
23ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080901.js?cb=31068915

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.online2pdf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:51:22 GMT
expires: Tue, 15 Aug 2023 08:51:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F60E 624 B
657 B 31ms
31ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARja3uelATAB&v=APEucNVum5uJLajvKnO8j_UdKVxNXhWpIa_tt178oHKUgUrqI7SukgzMtFSDxC4MuKw-FlCvNQ_uAYuD1bMem2agTearsJqt5aZYUQorooofn9b3gKtMl9CpvekKYgbX9F2CVJBXpTVG2YKFacO0xeviZBfIoESYkJzmRie_XHM23pBPA-ShCxo

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:51:22 GMT
expires: Mon, 15 Aug 2022 08:51:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 37A2 27 KB
17 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D50_AAcXccqjC38cSJlXEomcgTEQ9QkoXsdoNPf3AhLWVinPD-ewLsWfWTyB3OxVPZMDQ-a_ELp_IozNOtuYN8y7CtTice-KdHgZoq_FPORkuqAWNLDLcrAEYOUJwG5CO0WY8Nr8IJzzmu1kxuWbI7BbjRiA&cry=1&dbm_d=AKAmf-CpKUnFwAJSB7oNUZgq7IjhH9NXfSSexWMiOUR0Pu8RwajLAm5VJ1cHLBYM-elftCmI0mCCWPvwnZHz5hokgvVDWmuxeotGF6EwaWelBtqOuTJthmmiebWPb5AI1Y_Txdq_M3q0baQACjvAEfEpdI6AE7vGgwY1C75RLpJ0lcsms14yLy8PXBRL7Y1I9CxkpU3-ujBxLl-scQ7CqvN-aA4ax3nli0BmCvVtdxqZL-Vir-iM_vgTSvXxtMVRHstO0xJQTnsivScYx8ySG_FforbmgfHvTtXy-CtmDEZLIq_ghGLT_RpSWTVOPYOULoghkdYyzgyTZgeC0QM0W70VnBVI_heLXl0Alb5mwWqsyZwuSgX1606_l_3hthBUGlE_ripvCe0O0wQbn2CCEKRIxZ98_lrratkdkLGzWNQW3TxkQRicSNHHb9g99WOqgYe9N3N1OW51V7oiiJ86gm9g9nQz8EbmZv-KdJgmgkW4A8frhQETHCtFBUC7bdJ_5aTP8mrqZzDz5NQf6e6QRQ9O2yxhFMTzP16i0vHTLnzwKj4M4MpM6Tf7EYmILZEMjOtCW7ZXHPjuuCiPsJCfzy6gdCPAhIUgZj9isi89cPHpFZYbLHOTMDAMk9dHOMNVlHGOtc2SNOgfYEIls1_VQTO75jF8vdgxYhCgqvM0J09xSbC-QWYcCh2iVxFXUg8ESx7GGob4QPdLYT86q1Q6QbO0RfrTgB1Oi7jO-Bo2_fxD0yi12Ts7RQhYq5mDe7_l31alGu27G_SiM6ByCDcBfM_427MT_VCUFta6ivVFzbw8eJl7D28-G8aKr13jR1IluIAQUh8nd-69sEcZXxG8QDWDZK9N--XVxE0XiqMu_dOpIgrQov9lvWinPUENUM7-7WQ22cLu4CP3nxJ6f1l7eiQ393XFwRQKWw35qyckvySiLIVnf60LgS8GY1dfzOgt8JVnT6x0pQRKU_DVKXeiapQSmR5G7MSOujKqSd4kEXBbxcRpf7Xbz9Xote58Cv01V6a-R6DIrFvmNMiQy614105e02ZrfyQenFNkAkLnVFXw8N2PIXL6mEQlx0tzr-cW_I77VQUafioIGVox6nuktJLDk5rD7d8W6DyPJvG7LB3EgnVSCrewI7egZpOLN0BJAPjKnqN2gnoI8JUNApeeza33wEac25Y5fa-aRPzv0hDwkTYZW0Bl9hDSJ9Cp1EpRaC1NprqhXNAU5yW5cC2UPHQZ-HQ-CuVMEKHZmULR3wnPTJNxf3phxdxx_kV9iM7VzTYfbNeH2em5YCTkQLhmB86gAfrJwn1pLznsMYXC0z9D08ijNInTWittLwgxBK1lqBtC6FVNR9cC6Xxw_r98lg7i-3A8kfynTfcOIKl0zK0U14mbJygTe-MWBhrc408as-hWPyyPh1DTO3qDIUL1Q9GOSkgMDkSmZ_uDqZguDc7Pi9oDNmuzIhRhal-h2jzSH9q1XZnofYGDLnGIU9UObXMR6X1pVU9ol5j4R9YaR4W3kFDbSgTmAhy9bzkaVAuOMS6iFWtrYijXYwr104Mg_bbsFknz3u2WywFCtJ6Hved2YYsk_RrgiujyD5O1Zuz5BaIvcO6jHsRmEsE-e03SKthvcfQndFYyTM-fxKCXGTN7zjNGKsKRcy6fHj7S2Tsf-SPIY9otOzMJPBOispgxXXVoKf1stFzypeEXyZShI1kDrtpajrv-pdZ7zWBTvoWDibmlefo9hn1qmRFxodPdpfQhhLqbQnGXeYKvHwgKOBP6d-ZjkJ19C_8s6CazpFuRelv0AFkEnjSvoWOHuyvn5YFaoC5zK6cf26cmQLP7Q4HxLfRBnnp_Hu3XDev-N2h8Mjj25owQ2x1FE95EbGjKVtIw-1baxnLpiJ52GGF_XDUNIq25EsHhIpG402s_2MJUgghP0aCcOKj8namVmZYgDAWuJpiMNuyKDbqucUHbi0yHeh6Mf6KV8516mezZ2koAOWJ1XlQ37d1bYOluvKorNmkvnb6vPva4-1NA6fhgX49IL4s6ltGZDy3bLssQThuSgmsRQssWwSKWMWr42t_GfEpkcv9spUUK4T2KNWyRQ0aTArVB8uksmqZGPUYgvqneN8stdsaabLQvTlucg-GCwjkFlnAdBdVU4MHv3JziOgOigHQoIwYAlHS7HJ2eVvuLnrS53yY758n98dyHiq0OINFami1YNtux6UXeUJ67RakYJAtcuYtc4VuFcM76Pl8sajGQB01fWF-icjAcyNWEJkr2hDAuhbPDL64mf7sXcijmy91gv0_5LhvOsngprkOaI_MF0DqmgLAU4hZyPLIwNjfPAAT3yMES1tFKKONPTHpNSo6SeZ1f2KcpHciWZMxIxeCTeIlLRQMeIFcp9iUtpRdhYoZq3VF7iI71OGMzbkojPjxpv7jWyCo9bk4ECq9mDZTN7qSaCYXMrQqbT838Gov5x2GwpyQZdq9-gc_lWLJowVqVsLCsZnGyPjzjNZtNxs9z8r7IhvdBu1OMAQ4KIVKMRSdF9C0_lL93zO6P7ZXDnEmBjlLGmgE3HlS2HIr3uhAkosvmW2OVP1VbNtFje1cVDv8HRWIroQAgFV-6kfJ8Cq4zDHbcxEOrN7ss86qa-78LoA-XheCJjMsq5AFuglC0ZKSM3yWd9E3Fzbzlj08SCf-Te0M_Uuvdy4H8ahjZeMhnD50XefFjxkqcnTHrMdw3J6brpKAgp1y6lOLHnt1rAiOOmqRf6iYthX1GVHlQqeZLZLH-t5MjyXRBt4_TIXucMNCPRwOpTerffzHArA40LaUpG4bpxeKc495e4eHE9LbjcIVbBBlAi-YInAeiUnw0mzwvTrAteIBonfb2rMNLNlQ1N41OHWJwV4c644_ii6HEDjjAIn7KMjnZqS-YhD4Yw1kx_28WsGdWWv8bOj0huXMPJRoU7WFhi-GwN6qY23bVQv1M_ORmzYTDWbTMWReinCxhe262nJIZsKnOOAwQ64OmHa9N3vCSvQnAKXzmqtpS8GPiDxCzJcodeFwpZ9rUzRp8Z4DcfJv7GCgc0Pjvwm8xquIRqZ9GesF4CHCHYOZWXadXBliq44poeqcbgmxMsSOu1WNX-DSGV-9vr1xl3MciGuCEDA9fWFxTSEeSURs-QoETb9-SNuCvND0smfxPGH7Q8bytBw&cid=CAASJORo0FGj4HNt-yrjRlv7mewf4qdT5W-GZ4EBj7DGwC-mDTIEDQ&rfl=2%2Chttps%253A%252F%252Fonline2pdf.com%242%2Chttps%253A%252F%252Fads.online2pdf.com%252F%240

Requested by

Host: online2pdf.com
URL: https://online2pdf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c7823652162a495cfbecff5a898d83b409fac9c03b837de7a9c9810e08485da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16765
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 37A2 42 B
63 B 49ms
49ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A9GC5sNi4_X14-xmvWTM55hwrvIr_vNX9r59RriDBZGcLcXQB5xUSnu9CkBgkoE_OoCSOV47NQS_Ea5L5OercIVJ8rqzJGgRRirp6aWecjOQbOTT8

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 37A2 2 KB
1 KB 92ms
23ms Script
application/javascript 2a02:26f0:3500:58b::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115739&plc=4253578&sid=18330&dvregion=0&unit=160x600&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hwHQMHygcUH8yKjlQDRYCp&DVP_DBM_1=3060631&DVP_DBM_2=11796640&DVP_DBM_3=32180595&DVP_DBM_4=347729754&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=101267064791&turl=https://ads.online2pdf.com/vertical&DVP_PP_BUNDLE_ID=
Requested by: Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58b::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e4fd699d785da5ba9b6cc4de5686c4c2220fb0dcb726cd80c879aa3798b5e888

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:22 GMT
Content-Encoding: gzip
Last-Modified: Sun, 17 Jul 2022 08:29:57 GMT
Server: Microsoft-IIS/10.0
ETag: "f8e0a365b799d81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1170

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 37A2 8 KB
4 KB 91ms
23ms Script
application/javascript 2a02:26f0:3500:58b::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hwHQMHygcUH8yKjlQDRYCp&DVP_DBM_1=3060631&DVP_DBM_2=11796640&DVP_DBM_3=32180595&DVP_DBM_4=347729754&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=101267064791&turl=https://ads.online2pdf.com/vertical&DVP_PP_BUNDLE_ID=
Requested by: Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58b::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4075e4e380188626166832e49f139f780a4d7a98a12cd8d83ef1aac70fc57489

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:22 GMT
Content-Encoding: gzip
Last-Modified: Sun, 07 Aug 2022 11:29:43 GMT
Server: Microsoft-IIS/10.0
ETag: "806d3afd50aad81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3314

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/ Frame 37A2 3 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/window_focus_fy2021.js

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:37:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 848
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 08:37:14 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 37A2 140 KB
43 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 08:51:22 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/ Frame 37A2 17 KB
7 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220810/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:40:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 679
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 08:40:03 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 37A2 0
0 58ms
23ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRmnre02zWPZRx9YuBOSARlGoVPKiE_PZOTqdItGMi3ZFKMwbVH5q4trAnUHwuSQyLcno1cvsbW_YmFAIM2LGDUxtgIdg
Requested by: Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F60E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1&C=1

43 B
917 B

36ms
36ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARja3uelATAB&v=APEucNVum5uJLajvKnO8j_UdKVxNXhWpIa_tt178oHKUgUrqI7SukgzMtFSDxC4MuKw-FlCvNQ_uAYuD1bMem2agTearsJqt5aZYUQorooofn9b3gKtMl9CpvekKYgbX9F2CVJBXpTVG2YKFacO0xeviZBfIoESYkJzmRie_XHM23pBPA-ShCxo
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73b0b0215b645ca4-FRA
pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DuIxbcZ5jPs%2BycW4%2F9ICKIILb9IkOMSl6eRE%2FhqvsXYwEyHIjYS%2B4%2F7eTveBBNbRgEDl36Sd7en8drplJXxqLHDMjEgYd9tbVO0AiBikLuVIP4hkJU%2BETiD6LveHW09Oh%2BFU3xyVh9h%2BgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B3D2vEC4c%2FRZBW4PMDZv55GjHCepCPf%2BiEbukhMlfviReZU6A8C6MN3HVgg36bJrH%2BRy4bph%2Fi7szbzw049f87ozYdi9fUHAtHGCkAaf0uhLSp6vlvZ8UUqE9Onu2K0C2tF6cSfJR6qh0w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1&C=1
cache-control: no-cache
cf-ray: 73b0b0210ae392b3-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F60E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YvoJCsC3NBKCO04.oGePawAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1&google_hm=2

43 B
909 B

34ms
33ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARja3uelATAB&v=APEucNVum5uJLajvKnO8j_UdKVxNXhWpIa_tt178oHKUgUrqI7SukgzMtFSDxC4MuKw-FlCvNQ_uAYuD1bMem2agTearsJqt5aZYUQorooofn9b3gKtMl9CpvekKYgbX9F2CVJBXpTVG2YKFacO0xeviZBfIoESYkJzmRie_XHM23pBPA-ShCxo
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73b0b021cc055ca4-FRA
pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E96HjTZYckda5d3Eh%2Fj4BGCN14vrtck6ciElcWTO1DgV1DvoVCI%2BJ53J79YrpVXcBt3RGLGCsQcOD2Mlxu9zFaNEU3wlk%2FeOD05OVA146RCRSHCkbijghwNT4XVyE3Vo9YRFGi3K25RgDw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMGeYwHASpuJHcIxgZxv6Ys&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame F60E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEB5zJVshXti2uon3MFtdh3c&google_cver=1

43 B
1015 B

16ms
15ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEB5zJVshXti2uon3MFtdh3c&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARja3uelATAB&v=APEucNVum5uJLajvKnO8j_UdKVxNXhWpIa_tt178oHKUgUrqI7SukgzMtFSDxC4MuKw-FlCvNQ_uAYuD1bMem2agTearsJqt5aZYUQorooofn9b3gKtMl9CpvekKYgbX9F2CVJBXpTVG2YKFacO0xeviZBfIoESYkJzmRie_XHM23pBPA-ShCxo

Protocol

HTTP/1.1

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 Aug 2022 08:51:22 GMT
X-Proxy-Origin: 217.64.151.31; 217.64.151.31; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: db573c21-f482-49ca-bfbb-e825b11cb454
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEB5zJVshXti2uon3MFtdh3c&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F60E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ2OTAzMTY0MDMzODM0MjAz

170 B
502 B

62ms
26ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ2OTAzMTY0MDMzODM0MjAz

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 15 Aug 2022 08:51:22 GMT
X-Proxy-Origin: 217.64.151.31; 217.64.151.31; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 4f1972f1-bfff-4321-9ef5-9622a370886d
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ2OTAzMTY0MDMzODM0MjAz
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220810/r20110914/ Frame 37A2 30 KB
12 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220810/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D50_AAcXccqjC38cSJlXEomcgTEQ9QkoXsdoNPf3AhLWVinPD-ewLsWfWTyB3OxVPZMDQ-a_ELp_IozNOtuYN8y7CtTice-KdHgZoq_FPORkuqAWNLDLcrAEYOUJwG5CO0WY8Nr8IJzzmu1kxuWbI7BbjRiA&cry=1&dbm_d=AKAmf-CpKUnFwAJSB7oNUZgq7IjhH9NXfSSexWMiOUR0Pu8RwajLAm5VJ1cHLBYM-elftCmI0mCCWPvwnZHz5hokgvVDWmuxeotGF6EwaWelBtqOuTJthmmiebWPb5AI1Y_Txdq_M3q0baQACjvAEfEpdI6AE7vGgwY1C75RLpJ0lcsms14yLy8PXBRL7Y1I9CxkpU3-ujBxLl-scQ7CqvN-aA4ax3nli0BmCvVtdxqZL-Vir-iM_vgTSvXxtMVRHstO0xJQTnsivScYx8ySG_FforbmgfHvTtXy-CtmDEZLIq_ghGLT_RpSWTVOPYOULoghkdYyzgyTZgeC0QM0W70VnBVI_heLXl0Alb5mwWqsyZwuSgX1606_l_3hthBUGlE_ripvCe0O0wQbn2CCEKRIxZ98_lrratkdkLGzWNQW3TxkQRicSNHHb9g99WOqgYe9N3N1OW51V7oiiJ86gm9g9nQz8EbmZv-KdJgmgkW4A8frhQETHCtFBUC7bdJ_5aTP8mrqZzDz5NQf6e6QRQ9O2yxhFMTzP16i0vHTLnzwKj4M4MpM6Tf7EYmILZEMjOtCW7ZXHPjuuCiPsJCfzy6gdCPAhIUgZj9isi89cPHpFZYbLHOTMDAMk9dHOMNVlHGOtc2SNOgfYEIls1_VQTO75jF8vdgxYhCgqvM0J09xSbC-QWYcCh2iVxFXUg8ESx7GGob4QPdLYT86q1Q6QbO0RfrTgB1Oi7jO-Bo2_fxD0yi12Ts7RQhYq5mDe7_l31alGu27G_SiM6ByCDcBfM_427MT_VCUFta6ivVFzbw8eJl7D28-G8aKr13jR1IluIAQUh8nd-69sEcZXxG8QDWDZK9N--XVxE0XiqMu_dOpIgrQov9lvWinPUENUM7-7WQ22cLu4CP3nxJ6f1l7eiQ393XFwRQKWw35qyckvySiLIVnf60LgS8GY1dfzOgt8JVnT6x0pQRKU_DVKXeiapQSmR5G7MSOujKqSd4kEXBbxcRpf7Xbz9Xote58Cv01V6a-R6DIrFvmNMiQy614105e02ZrfyQenFNkAkLnVFXw8N2PIXL6mEQlx0tzr-cW_I77VQUafioIGVox6nuktJLDk5rD7d8W6DyPJvG7LB3EgnVSCrewI7egZpOLN0BJAPjKnqN2gnoI8JUNApeeza33wEac25Y5fa-aRPzv0hDwkTYZW0Bl9hDSJ9Cp1EpRaC1NprqhXNAU5yW5cC2UPHQZ-HQ-CuVMEKHZmULR3wnPTJNxf3phxdxx_kV9iM7VzTYfbNeH2em5YCTkQLhmB86gAfrJwn1pLznsMYXC0z9D08ijNInTWittLwgxBK1lqBtC6FVNR9cC6Xxw_r98lg7i-3A8kfynTfcOIKl0zK0U14mbJygTe-MWBhrc408as-hWPyyPh1DTO3qDIUL1Q9GOSkgMDkSmZ_uDqZguDc7Pi9oDNmuzIhRhal-h2jzSH9q1XZnofYGDLnGIU9UObXMR6X1pVU9ol5j4R9YaR4W3kFDbSgTmAhy9bzkaVAuOMS6iFWtrYijXYwr104Mg_bbsFknz3u2WywFCtJ6Hved2YYsk_RrgiujyD5O1Zuz5BaIvcO6jHsRmEsE-e03SKthvcfQndFYyTM-fxKCXGTN7zjNGKsKRcy6fHj7S2Tsf-SPIY9otOzMJPBOispgxXXVoKf1stFzypeEXyZShI1kDrtpajrv-pdZ7zWBTvoWDibmlefo9hn1qmRFxodPdpfQhhLqbQnGXeYKvHwgKOBP6d-ZjkJ19C_8s6CazpFuRelv0AFkEnjSvoWOHuyvn5YFaoC5zK6cf26cmQLP7Q4HxLfRBnnp_Hu3XDev-N2h8Mjj25owQ2x1FE95EbGjKVtIw-1baxnLpiJ52GGF_XDUNIq25EsHhIpG402s_2MJUgghP0aCcOKj8namVmZYgDAWuJpiMNuyKDbqucUHbi0yHeh6Mf6KV8516mezZ2koAOWJ1XlQ37d1bYOluvKorNmkvnb6vPva4-1NA6fhgX49IL4s6ltGZDy3bLssQThuSgmsRQssWwSKWMWr42t_GfEpkcv9spUUK4T2KNWyRQ0aTArVB8uksmqZGPUYgvqneN8stdsaabLQvTlucg-GCwjkFlnAdBdVU4MHv3JziOgOigHQoIwYAlHS7HJ2eVvuLnrS53yY758n98dyHiq0OINFami1YNtux6UXeUJ67RakYJAtcuYtc4VuFcM76Pl8sajGQB01fWF-icjAcyNWEJkr2hDAuhbPDL64mf7sXcijmy91gv0_5LhvOsngprkOaI_MF0DqmgLAU4hZyPLIwNjfPAAT3yMES1tFKKONPTHpNSo6SeZ1f2KcpHciWZMxIxeCTeIlLRQMeIFcp9iUtpRdhYoZq3VF7iI71OGMzbkojPjxpv7jWyCo9bk4ECq9mDZTN7qSaCYXMrQqbT838Gov5x2GwpyQZdq9-gc_lWLJowVqVsLCsZnGyPjzjNZtNxs9z8r7IhvdBu1OMAQ4KIVKMRSdF9C0_lL93zO6P7ZXDnEmBjlLGmgE3HlS2HIr3uhAkosvmW2OVP1VbNtFje1cVDv8HRWIroQAgFV-6kfJ8Cq4zDHbcxEOrN7ss86qa-78LoA-XheCJjMsq5AFuglC0ZKSM3yWd9E3Fzbzlj08SCf-Te0M_Uuvdy4H8ahjZeMhnD50XefFjxkqcnTHrMdw3J6brpKAgp1y6lOLHnt1rAiOOmqRf6iYthX1GVHlQqeZLZLH-t5MjyXRBt4_TIXucMNCPRwOpTerffzHArA40LaUpG4bpxeKc495e4eHE9LbjcIVbBBlAi-YInAeiUnw0mzwvTrAteIBonfb2rMNLNlQ1N41OHWJwV4c644_ii6HEDjjAIn7KMjnZqS-YhD4Yw1kx_28WsGdWWv8bOj0huXMPJRoU7WFhi-GwN6qY23bVQv1M_ORmzYTDWbTMWReinCxhe262nJIZsKnOOAwQ64OmHa9N3vCSvQnAKXzmqtpS8GPiDxCzJcodeFwpZ9rUzRp8Z4DcfJv7GCgc0Pjvwm8xquIRqZ9GesF4CHCHYOZWXadXBliq44poeqcbgmxMsSOu1WNX-DSGV-9vr1xl3MciGuCEDA9fWFxTSEeSURs-QoETb9-SNuCvND0smfxPGH7Q8bytBw&cid=CAASJORo0FGj4HNt-yrjRlv7mewf4qdT5W-GZ4EBj7DGwC-mDTIEDQ&rfl=2%2Chttps%253A%252F%252Fonline2pdf.com%242%2Chttps%253A%252F%252Fads.online2pdf.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 297
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11819
x-xss-protection: 0
server: cafe
etag: 10563440404697844360
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 08:46:25 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 37A2 41 KB
15 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 17:19:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 315137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Aug 2023 17:19:05 GMT

GET
H2 200 endscreen.svg
s1.seadform.net/banners/elements/files/171352/8159148//endscreens/728x90/ Frame BF90 155 KB
56 KB 43ms
43ms Image
image/svg+xml 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.seadform.net/banners/elements/files/171352/8159148//endscreens/728x90/endscreen.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 56d931bf96702e70241697108fba12f1fe673bd849e55af582f6f7bee5ccbc1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:22 GMT
content-encoding: gzip
last-modified: Wed, 25 May 2022 21:23:54 GMT
server: nginx
x-amz-request-id: tx0000000000000c31ff0f3-0062fa0187-3233e7e3-default
etag: W/"41b42723296caea555ff873f3f255b82"
x-cache-status: HIT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 790A 22 KB
8 KB 15ms
15ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 315136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 11 Aug 2022 17:19:06 GMT
expires: Fri, 11 Aug 2023 17:19:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK dvbs_src_internal107.js Show response
cdn.doubleverify.com/ Frame 37A2 55 KB
18 KB 25ms
25ms Script
application/javascript 2a02:26f0:3500:58b::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal107.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115739&plc=4253578&sid=18330&dvregion=0&unit=160x600&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hwHQMHygcUH8yKjlQDRYCp&DVP_DBM_1=3060631&DVP_DBM_2=11796640&DVP_DBM_3=32180595&DVP_DBM_4=347729754&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=101267064791&turl=https://ads.online2pdf.com/vertical&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58b::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: d3d6498e9829a788ca3d572159ca1a9f9941d4d3287cbe1cfc79186cdc90565f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:22 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Jun 2022 14:27:50 GMT
Server: Microsoft-IIS/10.0
ETag: "0f7cd18d7cd81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18120

GET
H3 200 KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js Show response
pagead2.googlesyndication.com/bg/ Frame 790A 36 KB
14 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b0017894202085bdaa7072b328cd5cae82afd6c78611ea6ddcdba732306c8f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 06:34:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8201
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14174
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 06:34:41 GMT

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 37A2 1 KB
883 B 281ms
25ms Script
text/javascript 213.254.244.112
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_563826723030&jsTagObjCallback=__tagObject_callback_563826723030&num=6&ctx=1828362&cmp=115739&plc=4253578&sid=18330&advid=&adsrv=&unit=160x600&isdvvid=&uid=563826723030&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.30&dvpx_strhd=0.30&brid=3&brver=104&bridua=3&dup=null&turl=https://ads.online2pdf.com/vertical&srcurlD=1&ssl=1&refD=2&htmlmsging=1&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hwHQMHygcUH8yKjlQDRYCp&DVP_DBM_1=3060631&DVP_DBM_2=11796640&DVP_DBM_3=32180595&DVP_DBM_4=347729754&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=101267064791&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=4&fcifrms=2&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=155&eparams=DC4FC%3Dl9EEADTbpTauTau25D%5D%40%3F%3D%3A%3F6aA57%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau%40%3F%3D%3A%3F6aA57%5D4%40%3ETar9EEADTbpTauTau25D%5D%40%3F%3D%3A%3F6aA57%5D4%40%3ETar9EEADTbpTauTau557ea6fffbgbg273d36b534c5dd5_4b6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau25D%5D%40%3F%3D%3A%3F6aA57%5D4%40%3ETauG6CE%3A42%3D&dvp_exetime=4.90&callbackName=__verify_callback_563826723030
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal107.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.112 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 055becebc9958298fa38f2b894e61c381a59bb56f2068f2ff2e3ab340f24e3de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 Aug 2022 08:51:22 GMT
Content-Encoding: br
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Transfer-Encoding: chunked
X-DV-Response: 1
Expires: 08/14/2022 08:51:22

GET
H2 200 endscreen.svg
s1.seadform.net/banners/elements/files/171352/8159148//endscreens/728x90/ Frame BF90 155 KB
56 KB 42ms
42ms Image
image/svg+xml 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.seadform.net/banners/elements/files/171352/8159148//endscreens/728x90/endscreen.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 56d931bf96702e70241697108fba12f1fe673bd849e55af582f6f7bee5ccbc1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:22 GMT
content-encoding: gzip
last-modified: Wed, 25 May 2022 21:23:54 GMT
server: nginx
x-amz-request-id: tx0000000000000c31ff0f3-0062fa0187-3233e7e3-default
etag: W/"41b42723296caea555ff873f3f255b82"
x-cache-status: HIT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 790A 0
20 B 51ms
51ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQsoPCgn6YpjFErGI4gHtx73oCAAAAAA4AeAEAg&bg=!EhGlEVXNAAa4hXTbmIU7ACkAdvg8WnD-wucX6ES-iJboDvPlUrmmY4wZt_TDHSki7KR_kvI6dhRYbAIAAABJUgAAAAFoAQeZA0AqbX8DkK6AvcgDEDCnfhiIOAxDdyD7XdefbRvHrMwFp8g4WK2v4HzFB5NSewV3ROtsrVJYZOFR6Hzp-Y2FYpVCYvjaKizE1T2OHl86j2FkDg-OQJLBeLkfIpH_PD3hNW5uIMOaLn50Kkytdby0STWyRVaA7tXIs4dVb89N4kF6SL_jfoo2FQ7ptQYy125fexjZxPh-jxoEwu5hSmjPgfgOl896yIcVElPqfp37eY3cx7-JBty75Uk8qAh2XYErQRfwD0F-vM4IqUEYvt9SaYGUN7YpQf38ILJ6Uaq-3lfj98_OnGKlj8i4EOWC0F4ZXv-NxAABHHOzvjt_ynWz1x5ef1Mhu7DCdg4EVmS8GK1wRL5GIz5KPnVThCqFiU4nGqpLTRG4PUl2hnDsmo4PZ4xitZcmh5vN3NRPtvrTHwe-9FQE4O0dQ6NFTKjRJ2aJREw3cmdYbJFCmDL7d8Y20MQFGEm14Cj9OBeix35oIA8GVbA3jb7cISrYWnxXol9zjKZD-LXzAGRZ-3Po4J2k6Vvmnmz4DeLkLkiguSk28U8nmyIv5L6wnhbunPrVI2wxFclsbVuDCBWw0HwBil11W6084GMd28_lFLVOPOXEo1zoH-BzbPH0xUCFKm8r8bFgXzizlzrQ9e6npJWvgP5LVGmLYiftAO7Qwp2lvGy-bVxmJejT_PDGEt8VyrMJhLbOQ7aXQ12OK-Xxs4vBRj2luCahCPGp5BV7yIgrbfg1NpfCU_qnyzlDywkm5RSOFpsJlZtAqoZTeaYU1TF6WeoVt0ev7k_vfyMn-kvF6jrP4Xw5FF70jYJnV_SGzlQVKq-E9L1iQPoq3Af9fwyZJ1F6n9vi0lVe47DPahAm0Gl6SBydg9VtQuCPXhUIXMtKvF1nhaWWdaetVY5J6nqg528P8Zxv7abnkI3GvGpLczW4eu1hdJaZsBgM_vR_jLlgwyrN1R1sP6JI7C2mDOtU8GbJjoVlfYPAFm_nvT6KNppWjJAgU4hh0B3Q17HUkUp6hdAnRai0-UA4ZQAhORjYoOFO8IKv-59fCBffPBF5Etu5Llru4sEGhrUUlZ1LhU9iUvS9F3amkYJr7Qd3SXO6z8f0_5pI

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.seadform.net/serving/unload/ Frame 421D 35 B
503 B 36ms
36ms Ping
image/gif 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.seadform.net/serving/unload/?version=15&unload=0@@39127509,1844264621972127723,100|1100|0|0|0|0|0|0|0||38|1|||||1|0|0||||11||0

Requested by

Host: s1.seadform.net
URL: https://s1.seadform.net/stoat/626/s1.seadform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 37A2 23 KB
9 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal107.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a40641661b54c304ebe64ce944b1261fd061962a6f2b86558f3b3d98237ca0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8749
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 21:33:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 15 Aug 2022 09:29:42 GMT

GET
H3 200 impl_v90.js Show response
www.googletagservices.com/dcm/ Frame 37A2 54 KB
21 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v90.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aafbe63767b52106445fc908e63387cf0c3064c6f9b9545d70b77b123f626cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 16:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 318100
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21331
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 13:07:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 11 Aug 2023 16:29:42 GMT

GET
H3 200 B9689862.280626343;dc_ver=90.265;sz=160x600;u_sd=1;dc_adk=754613076;ord=usgdxn;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fonline2pdf.com$2,https%3A%2F%2Fad... Show response
ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/ Frame CD43 48 KB
24 KB 85ms
53ms Document
text/html 142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=90.265;sz=160x600;u_sd=1;dc_adk=754613076;ord=usgdxn;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fonline2pdf.com$2,https%3A%2F%2Fads.online2pdf.com%2F$0;xdt=1;crlt=*eH7lXUeLb;stc=1;chaa=1;sttr=25;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v90.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

1d5ac3c4948de140e1100106a6258787a16f10fa5673ff12db208cdd24c6ff83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 24109
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 Aug 2022 08:51:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK dv-measurements2960.js Show response
cdn.doubleverify.com/ Frame 2AF3 552 KB
106 KB 28ms
28ms Script
application/javascript 2a02:26f0:3500:58b::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements2960.js
Requested by: Host: online2pdf.com
URL: https://online2pdf.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58b::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 643942a00b0c0700ad1d39d440c61776f2cb6d3d1267830dc128637e15ecf9fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 15 Aug 2022 08:51:22 GMT
Content-Encoding: gzip
Last-Modified: Sun, 07 Aug 2022 10:10:38 GMT
Server: Microsoft-IIS/10.0
ETag: "0e3fcf045aad81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 107745

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C670 1 KB
749 B 15ms
15ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59045
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 14 Aug 2022 16:27:17 GMT
etag: 48472445140208031
expires: Mon, 15 Aug 2022 16:27:17 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 37A2 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02fb31270eb75cb2bae6139a3ccb228c44b1cb46edc2299e99c04b094433bfa8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame C670 0
104 B 127ms
41ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEGn88zm9u5In8NAnh_kyapA&google_cver=1&google_push=AehlK4Dkjay0bMwmr4y3b89TqZZ0I_GD2mIX_V7kb7qH4Te8vi1KLXrY-zd8TgAyy6VUr46M0G8jeJ8AhpyJurkKvPUgjnyHr8M
Requested by: Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C670
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEGH84eP1DNaSOrC-agAs68w&google_cver=1&google_push=AehlK4Dvw39vsmpQxz4PEE9ke8wKPs0NVJtHT8eawwVY4dAOfHKEPh0jtXNhROYvHlY5ko1W0Se8-XI86E_tfmNE...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=GRtxhcRiREW2dvVPv8ELuQ2&google_push=AehlK4Dvw39vsmpQxz4PEE9ke8wKPs0NVJtHT8eawwVY4dAOfHKEPh0jtXNhROYvHlY5ko1W0Se8-XI86E_tfmNEdRF98g8j3bA

170 B
188 B

28ms
27ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=GRtxhcRiREW2dvVPv8ELuQ2&google_push=AehlK4Dvw39vsmpQxz4PEE9ke8wKPs0NVJtHT8eawwVY4dAOfHKEPh0jtXNhROYvHlY5ko1W0Se8-XI86E_tfmNEdRF98g8j3bA

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 Aug 2022 08:51:22 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=GRtxhcRiREW2dvVPv8ELuQ2&google_push=AehlK4Dvw39vsmpQxz4PEE9ke8wKPs0NVJtHT8eawwVY4dAOfHKEPh0jtXNhROYvHlY5ko1W0Se8-XI86E_tfmNEdRF98g8j3bA
x-host: tde-deliveryengine-production-7b45b4797c-4mxp7
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C670
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEEUkT3WvAwkxXFB81xwn0c&google_cver=1&google_push=AehlK4BWA5072Ssqaera-iKOMjVLU5c9d5E31jZk8_HZT9mycYOvjgyYXOYeIZQRrTPxBCFcn2dbw2XB...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEEUkT3WvAwkxXFB81xwn0c&google_cver=1&google_push=AehlK4BWA5072Ssqaera-iKOMjVLU5c9d5E31jZk8_HZT9mycYOvjgyYXOYeIZQRrTPxBCFcn2d...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTAwNzQzODk5ODMxNjgwOTAxNA&google_push=AehlK4BWA5072Ssqaera-iKOMjVLU5c9d5E31jZk8_HZT9mycYOvjgyYXOYeIZQRrTPxBCFcn2dbw2...

170 B
188 B

27ms
27ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTAwNzQzODk5ODMxNjgwOTAxNA&google_push=AehlK4BWA5072Ssqaera-iKOMjVLU5c9d5E31jZk8_HZT9mycYOvjgyYXOYeIZQRrTPxBCFcn2dbw2XBmaVcCBJ32ucmf157TQo

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTAwNzQzODk5ODMxNjgwOTAxNA&google_push=AehlK4BWA5072Ssqaera-iKOMjVLU5c9d5E31jZk8_HZT9mycYOvjgyYXOYeIZQRrTPxBCFcn2dbw2XBmaVcCBJ32ucmf157TQo
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C670
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESELqrUzq0cuV0t-JMiyBezkE&google_cver=1&google_push=AehlK4C-aypSCfKH7euPsHXDDx48Rma2pI1pQScQY3Yw-YMq0e6ouQJYjf0ur20u-sAQh2TchDDtoKKTR8i49lOm...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AehlK4C-aypSCfKH7euPsHXDDx48Rma2pI1pQScQY3Yw-YMq0e6ouQJYjf0ur20u-sAQh2TchDDtoKKTR8i49lOmVYbKU31hpKxI

170 B
188 B

29ms
28ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AehlK4C-aypSCfKH7euPsHXDDx48Rma2pI1pQScQY3Yw-YMq0e6ouQJYjf0ur20u-sAQh2TchDDtoKKTR8i49lOmVYbKU31hpKxI

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 Aug 2022 08:51:22 GMT
via: 1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA2-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AehlK4C-aypSCfKH7euPsHXDDx48Rma2pI1pQScQY3Yw-YMq0e6ouQJYjf0ur20u-sAQh2TchDDtoKKTR8i49lOmVYbKU31hpKxI
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: L8rDrjtiQ0BFLAEUyvZeFMYYce2x06TjFbxc9Gw0ZLnoOYlJ-7ffQg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C670
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIK5oVYJRv1FrS6-D0WE2Zw&google_cver=1&google_push=AehlK4C7n_nHi1ghJL9wwW6VhEUQvB-SbZbtyNpLy2pgTSmrM9ylfAh-eiEJVDGtPrjwcqqTLz...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIK5oVYJRv1FrS6-D0WE2Zw&google_cver=1&google_push=AehlK4C7n_nHi1ghJL9wwW6VhEUQvB-SbZbtyNpLy2pgTSmrM9ylfAh-eiEJVDGtPrjwcqqTLz...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1WVHNVdGlwRTJ1RVdTaVE4alJXV1dLNnI4bEFuTDFDU35B&google_push=AehlK4C7n_nHi1ghJL9wwW6VhEUQvB-SbZbtyNpLy2pgTSmrM9ylfAh-e...

170 B
188 B

26ms
25ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1WVHNVdGlwRTJ1RVdTaVE4alJXV1dLNnI4bEFuTDFDU35B&google_push=AehlK4C7n_nHi1ghJL9wwW6VhEUQvB-SbZbtyNpLy2pgTSmrM9ylfAh-eiEJVDGtPrjwcqqTLzy5pVu6Cp_urtdYRh6h-_CICMpmKg

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1WVHNVdGlwRTJ1RVdTaVE4alJXV1dLNnI4bEFuTDFDU35B&google_push=AehlK4C7n_nHi1ghJL9wwW6VhEUQvB-SbZbtyNpLy2pgTSmrM9ylfAh-eiEJVDGtPrjwcqqTLzy5pVu6Cp_urtdYRh6h-_CICMpmKg
date: Mon, 15 Aug 2022 08:51:23 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 dot.gif
s0.2mdn.net/ Frame C670 43 B
184 B 138ms
58ms Image
image/gif 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEEoeCzw9XPiiEO_KjrIhfnQ&google_cver=1&google_push=AehlK4DDrT3ihQ1u-3ZwGnyJCaqYVtCgef-MEofFYeRAITisZO0c8fSQAwJnazYScIP_HaVoeWAwsGnbefmc8VMeqyEzkw-3Zgivqg

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Aug 2022 08:51:22 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C670 0
12 B 24ms
23ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LaO4J2uWq2Qs-_PPp89EGXspty5uAPXbgUKYJOamx8-lnB5k1G1yjGkHb363OcPV2H

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 2AF3 694 B
681 B 334ms
41ms Script
text/javascript 213.254.244.112
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=80&ttfrms=27&brid=3&brver=104.0.5112.79&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau25D%5D%40%3F%3D%3A%3F6aA57%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau%40%3F%3D%3A%3F6aA57%5D4%40%3ETar9EEADTbpTauTau25D%5D%40%3F%3D%3A%3F6aA57%5D4%40%3ETar9EEADTbpTauTau557ea6fffbgbg273d36b534c5dd5_4b6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau25D%5D%40%3F%3D%3A%3F6aA57%5D4%40%3ETauG6CE%3A42%3D&srcurlD=1&aUrlD=-1&ssl=https:&uid=1660553482852205&jsCallback=dvCallback_1660553482852641&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F104.0.5112.79%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=450&winw=120&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=2960&tgjsver=2960&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Fddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D1&fcifrms=2&brh=2&sdf=2&dvp_epl=359&noc=4&nav_pltfrm=Win32&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://ads.online2pdf.com/vertical&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hwHQMHygcUH8yKjlQDRYCp&DVP_DBM_1=3060631&DVP_DBM_2=11796640&DVP_DBM_3=32180595&DVP_DBM_4=347729754&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=101267064791&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=3587222499.391621&dvp_tukv=701562578998.5289&dvp_uuid=709729138079.8816&dvp_strhd=0.3000011444091797&dvpx_strhd=0.3000011444091797&dvp_tuid=656660772265
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements2960.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.112 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 8fe4a2e48384878e2fde5256bc624846dcf88c6a4c99a135fcc391b69a6b5b01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 Aug 2022 08:51:22 GMT
Content-Encoding: br
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 08/14/2022 08:51:23

GET
H2 200 11505016127833275095
s0.2mdn.net/simgad/ Frame CD43 121 KB
122 KB 17ms
17ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/11505016127833275095?sqp=-oaymwEOCKABENgEIAFIZFABWAE&rs=AOga4qkufYWKvbxKKRP4xM2o8PZ4UshI0Q

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=90.265;sz=160x600;u_sd=1;dc_adk=754613076;ord=usgdxn;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fonline2pdf.com$2,https%3A%2F%2Fads.online2pdf.com%2F$0;xdt=1;crlt=*eH7lXUeLb;stc=1;chaa=1;sttr=25;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67cf9b4bc639937fbbd4d3e5d1a9a43ebffce2577ff3bb0a9b3def6b4088a68e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 15:16:53 GMT
x-content-type-options: nosniff
age: 495269
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124106
x-xss-protection: 0
last-modified: Mon, 16 May 2022 16:38:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 09 Aug 2023 15:16:53 GMT

GET
H3 200 sodar_loader.js Show response
pagead2.googlesyndication.com/pagead/js/r20220810/r20110914/xfa/ Frame CD43 10 KB
4 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220810/r20110914/xfa/sodar_loader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

874e545a5055f7c8602c30ffd711768e8105bb75c87045a794f934d9cffa30c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 18:18:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52372
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4037
x-xss-protection: 0
server: cafe
etag: 4842123143989086801
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 28 Aug 2022 18:18:30 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220810/r20110914/elements/html/ Frame CD43 8 KB
3 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220810/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:42:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 547
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 18418590997839133011
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 08:42:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CD43 140 KB
43 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 08:51:22 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CD43 0
575 B 109ms
53ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv2GGpfzExpOQbQRaGmJbm4rrc94CaXesUS0Fify1KZRoodajaf9xUUA8QARH4TMfm19SgksjLd58ixcH2v2AcpNOVey7hhd4lIlYpXkRlfGs4iuEszHV0dXcA0V8LBasCxIibOwhNDAy8Bygzkra8oQa04CuuMtA&sig=Cg0ArKJSzBuGGvNBiFZMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220810.08626&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CD43 41 KB
15 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 17:19:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 315137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Aug 2023 17:19:05 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CD43 7 KB
6 KB 28ms
28ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20220810/r20110914/xfa/sodar_loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8633c389bc6d1793bb2223ccc419f603c4656799be9ab0f86cf93b1afd3ab2df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5697
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 629B 22 KB
8 KB 15ms
14ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 315136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 11 Aug 2022 17:19:06 GMT
expires: Fri, 11 Aug 2023 17:19:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CD43 0
63 B 52ms
52ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 15 Aug 2022 08:51:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CD43 17 KB
6 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20220810/r20110914/xfa/sodar_loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:51:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 Aug 2022 08:51:22 GMT

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 629B 36 KB
14 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 20:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 14 Aug 2023 20:10:22 GMT

GET
H3 200 KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js Show response
pagead2.googlesyndication.com/bg/ Frame 1811 36 KB
14 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b0017894202085bdaa7072b328cd5cae82afd6c78611ea6ddcdba732306c8f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 06:34:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14174
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 06:34:41 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 629B 0
20 B 52ms
52ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BUMcVCgn6YpCJMdfd7_UP9eiQkAYAAAAAOAHgBAI&bg=!U1ClUBTNAAa4hXTbmIU7ACkAdvg8WvPPw5yNHqXpmOP4fmXeV3dLwBzYAMokz397lYv0mgWb-a1KqQIAAABDUgAAAAFoAQeZA1WsSB_K834XX_Q4126hEZ98ai0cYRzFBb_BR5zbVzgJMH7hhgzRomSGkPwW7Xlry1yKK0mi1_RK-PI2OInJf8oBiQ0nF208koKL4JKhQwyakA1b4NKZr_OrrR-MrfC8KS9lbUyTf-kWe8XLiRRmQam-xilnXe0yEZKairXLqeY15wC5vShoTzKwpbg2w7jOXslkRopXtBDi20u8soa0K8ek1Sn7A6K-im6ee_Cu-JStnggmFMTp97taspEtd262hVcJloo8fT557iQYsdCu5yB25v9YT6D-Vfsdodbdb6Iu70Pxc_ux7Z8ERxe9mozk8BLGkoUew76H_8RJo3LCXmzkZkRuFrik98PcdhaQuJ10VHc0AuTix_No40Q9XGkr02C7O9AUsDpdyL7TzeX0DqefcM61xIFLMGGq0I5_CsJCA42DVnoLKOsakLiszQfT8-zlAaW11prOBpHWw4pFpDtBTTL1vQOrLtCI-Y0pah64hpHN2xMCVf2guNDMjpw4DL4bbyi_Pjob0TQsCgjQRk9vnQsPTwS2dgeFZRowg2z6qxJh5xc96D6qu5NVDrOvrJVxn_irwpNfR0v2VT2vvq7MF616lBPZ_XcozrcVU3Mn2VWT7Qz1A-uwPy0Y77NOMlnKjWw8rWD6whPl_YwkP58sC-L57WebbCxcBvUn9earYQ_OJ57ZhMwujH7ceOE25jlJBEF0QEmdbecKIzE_y96qGp1ob2XLH5NflmuQ03Rtq-Zj_3r1aVohun5Ezhkg7yzCzF8pw9WMUVyL_YGK-2_3Y18R3F2yLASenHAJNiXecJrXmk9kKFblPw_G2Y9Mp8eOMDW2q1j8QoolXEcNrfseVjPsHlsdJce7ElkvtNiKdeymLRk4FrKoZbex9qqn15FYJY9SLeCDg620iORhPUSE6Q_SrxZ0zcZWEVQPJUkXAELdshFTV2tRJt8a6MrYXIXpkUNUFv-nTAflniWWUYpX-0fPgK3uxw3qhA3SdEypJyKcK7ST-JuvaX-plCqkAc75ShWzR3PRpH0qMenwIXb9Xh_CDSG5D-LK1aIy8asbTC5SSJZ9mOlsP9Z87XQRBBdgckc4ClQwcHpFghCZeaGZ12QiJA9igOsogltlvoDM6wCu4D10

Requested by

Host: ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
URL: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 37A2 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst8eaYGLqPy1NJMC0kMLKrWkjzkztC7I3rtbK5Nd5JGNz67NFWx6AoS7NElg3uWE8HH3R3Fuh2dmrH0WJYBbfPFjWScN_zkQmE50L0IsH_31KxijbwyjmFjGm1YhLndKkVqFmihpq4osO7z&sai=AMfl-YSFCKiunVEdkHQGfqzNOBxQ7CHAcPZymFlFmIIAVMLzuh8ZqrV8uChqYL0jdTS3qE4jDJ5hnktoTMkk4CrnzDqnPLWbee2A7kSdmy2_YiHbQc3pab-qFdf813k&sig=Cg0ArKJSzJAEwQLS0GIMEAE&cid=CAASJORo0FGj4HNt-yrjRlv7mewf4qdT5W-GZ4EBj7DGwC-mDTIEDQ&id=lidar2&mcvt=1000&p=0,0,604,120&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220810&bin=7&avms=nio&bs=0,0&mc=0.75&if=1&app=0&itpl=20&adk=798583804&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660553482220&rpt=554&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CD43 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssuh5-fcjVwqyTmdRkKu3gEzGf-LjGlMdAt2nJuyc9XYKnUdlvgjYNVojVWy-Nr5n0VhVfnOjwog08RzteuMFJ2-l-VAhTG&sig=Cg0ArKJSzLygXlFZwdMEEAE&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20220810&bin=7&avms=nio&bs=0,0&mc=0.56&if=1&vu=1&app=0&itpl=33&adk=754613076&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660553482746&rpt=186&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 08:51:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvpPnHw7WEzmrPKNiDsjt4wXgz8-OF67rTqFOiYpMuj5d89iJwAT8mLU1tbszBsaGtrbmFJp6i2hBY6F9iSQwDy8OYSe_NoSdo5jXmZydEJJWOsorA-&sig=Cg0ArKJSzGh-Jq0IzZQPEAE&id=lidartos&mcvt=0&p=0,0,0,0&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20220810&bin=7&avms=nio&bs=0,0&mc=0&if=1&vu=1&app=0&itpl=19&adk=798583804&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=3&r=b&rst=1660553480875&rpt=120&ec=0&met=ce&wmsd=0

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssBToZwlir6gHalvc899Priaz7CrIm60rLFxz2jKIu-qJB69UXJPcien3lgzbdJXgJsClwimJNPRLK7-CzZxvgxCRewtscTqJ_QDCXyziwAj_lCcUUV&sig=Cg0ArKJSzJmdmAKpa0sSEAE&id=lidartos&mcvt=0&p=0,0,0,0&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20220810&bin=7&avms=nio&bs=0,0&mc=0&if=1&vu=1&app=0&itpl=19&adk=798583804&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=3&r=b&rst=1660553481301&rpt=64&ec=0&met=ce&wmsd=0

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsti-u4-g-PoJfg8AWwFybcyWVfCSdUY-CEBzxUDXwYHY9Sa-oTFRmOYpkmX0mi7uPr0OF_4sdKdfcpp_7QWWj1dkL5eMMC7aboLtapOd26NhAmvNzXtIsN1haZCMwmzpv9cxbwTBJbwDqZbk7RUGqHNZXfiui_eBRhLmuTelEUTLhzlglHEyro6-atPnCUZrZFAM6SKIggXU_Lu5UaXm2wxcS45l11yegsR21Xf8l7bun8_HFkto0bD-y_bfPDScINVQ0qH-aXSdtC5JnZE6RDkCoD-OFA2V00inWTMFSUThnYj4w7bU-irO0E_O8u7hMi3ocBR8MvO15ssVDyXNcFUdgarnljdYvEp2trDckX73B5FoBs&sai=AMfl-YSzAVpX-ez1IqTJPP8lcZ-kusfcLWyODRZWNng9wrje3Tepud5LKmnlwY64Gpbyh0A95fClG6AON93v3JfU2WN8rx7d-wV3l_MvWTequ6JqqgrGNIHacCcOSrxbDg&sig=Cg0ArKJSzHVLaTbU7iQJEAE&id=lidartos&mcvt=0&p=0,0,0,0&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20220810&bin=7&avms=nio&bs=0,0&mc=0&if=1&vu=1&app=0&itpl=19&adk=798583804&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=3&r=b&rst=1660553481765&rpt=65&ec=0&met=ce&wmsd=0

Verdicts & Comments Add Verdict or Comment

336 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.online2pdf.com/	1969-12-31 23:59:59	Name: SETTINGS_ID Value: 7491f6d87d48dfa451c15806b80de8d0
.online2pdf.com/	1970-01-20 14:01:29	Name: U Value: 8b0830eba1cee42358f510af897f8e8b
.online2pdf.com/	1969-12-31 23:59:59	Name: SESSID Value: 80l4ote6h8p1emdntg61q1p95k
online2pdf.com/	1970-01-20 14:01:29	Name: disable_privacy_msg Value: 1
.online2pdf.com/	1970-01-20 14:51:53	Name: language Value: de
cdn.fuseplatform.net/	1970-01-20 05:59:05	Name: akacd_online2pdf Value: 1663145479~rv=13~id=99494f8a7eeae62e1c94fef3997a27b8
.adnxs.com/	1970-01-20 07:25:29	Name: icu Value: ChkIq_GBARAKGAEgASgBMIiS6JcGOAFAAUgBEIiS6JcGGAA.
.adnxs.com/	1970-01-20 07:25:29	Name: uuid2 Value: 346903164033834203
.rubiconproject.com/	1970-01-20 14:01:29	Name: khaos Value: L6UIO1KV-W-M2HJ
.rubiconproject.com/	1970-01-20 14:01:29	Name: audit Value: 1\|naVuGyos1qo63lfPWKlrtSAkF7RiBdb4AgvEG2sPPZp0kTU4st2MuZ9yY313WIxlec3G2UPUlSnkeWyM+uUsHiL5hAXvaZVpn6lrSsNekyw=
.prebid.a-mo.net/	1970-01-20 14:01:29	Name: __amc Value: 1_1660553480_1660553480
.doubleclick.net/	1970-01-20 14:37:29	Name: IDE Value: AHWqTUkQM60ySFexzaaW_wsk4W2k4cZt-kZlkmJ6ihd895hU96cAP2ISk5vBBFREd7U
.seadform.net/	1970-01-20 06:00:31	Name: C Value: 1
.online2pdf.com/	1970-01-20 14:37:29	Name: __gads Value: ID=405da4680dbb7af2:T=1660553480:S=ALNI_MZo14LWtS43SGp__NnDGPSlpQ7nlQ
.criteo.com/	1970-01-20 14:37:29	Name: uid Value: 931450f4-a22d-4c0c-a7d2-fe796c5cc9fc
.online2pdf.com/	1970-01-20 14:37:29	Name: cto_bundle Value: XSskvl9YJTJGNXE5clhHaW5CeCUyRnJMZk42UVFOVzZaeUZaRmMlMkJ5ZHVBSmpGcndxeHQzQlhUM21Ed0JjRkJ3d2VVN3VmR1FpSEY3ejdWZWtmM2s4ZnZSZzBnbyUyRiUyRnJldTRxJTJGNDZTazNjV1JoeTB6TlBXUFdkRkFWJTJCNmZIU2pzTjRzS0RIcG9vV3U3bnppJTJCQWVXMjZ6Z3BTTHolMkJNbUElM0QlM0Q
.adnxs.com/	1970-01-20 07:25:29	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C$KfgFGQ!]tbPl1M>e)ZlrFUfJ+tGXxp)FuHg'IGRBkZKZ(ZX!BN)<T7d[_=`%?]v'dbpRzqF1`b_%[*%KZy
.casalemedia.com/	1970-01-20 07:25:29	Name: CMPS Value: 5170
.casalemedia.com/	1970-01-20 14:01:29	Name: CMID Value: YvoJCgfP4J3M9ZjYqsVNHQAA
.casalemedia.com/	1970-01-20 07:25:29	Name: CMPRO Value: 5170
.casalemedia.com/	1970-01-20 07:25:29	Name: CMTS Value: 5171
.travelaudience.com/	1970-01-20 14:46:07	Name: _tracker Value: %7B%22UUID%22%3A%22191B7185-C462-4445-B676-F54FBFC10BB9%22%7D
.adform.net/	1970-01-20 06:00:31	Name: C Value: 1
.adform.net/	1970-01-20 06:42:17	Name: uid Value: 9007438998316809014
.yahoo.com/	1970-01-20 14:01:51	Name: A3 Value: d=AQABBAsJ-mICEAmRgQwpEJO6S39bh6XenXQFEgEBAQFa-2IDYwAAAAAA_eMAAA&S=AQAAAh4PRjLrXmf1wzMdOZ4ZUWc
.analytics.yahoo.com/	1970-01-20 14:01:29	Name: IDSYNC Value: 18yx~26lk

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.googletagservices.com/dcm/impl_v90.js(Line 88) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v90.js(Line 100) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3aab3d8de967cbf0815b7a25104ea05f.safeframe.googlesyndication.com
ad-delivery.net
ad.doubleclick.net
ads.online2pdf.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
api.btloader.com
bidder.criteo.com
btloader.com
c.amazon-adsystem.com
c1.adform.net
cdn.doubleverify.com
cdn.fuseplatform.net
cm.g.doubleclick.net
dclk-match.dotomi.com
ddf62e7773838afb5be3dbc4d55d0c3e.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.connectad.io
ib.adnxs.com
mug.criteo.com
online2pdf.com
pagead2.googlesyndication.com
prebid.a-mo.net
prg8.smartadserver.com
publift-com.videoplayerhub.com
publift-d.openx.net
rtb0.doubleverify.com
s.ad.smaato.net
s0.2mdn.net
s1.seadform.net
securepubads.g.doubleclick.net
ssc.33across.com
static.criteo.net
tlx.3lift.com
tpc.googlesyndication.com
tps.doubleverify.com
track.seadform.net
ups.analytics.yahoo.com
www.google.com
www.googletagservices.com
pagead2.googlesyndication.com
104.18.18.126
104.18.19.126
13.224.195.78
130.211.23.194
142.250.181.226
142.250.185.162
142.250.185.198
142.250.185.98
145.40.88.5
178.250.2.131
185.64.190.77
185.86.137.113
213.254.244.112
2600:9000:20eb:9800:1b:5138:8a40:93a1
2602:803:c003:200::61
2606:4700:10::ac43:8ae
2606:4700:20::681a:246
2606:4700:20::681a:78b
2606:4700:20::681a:932
2a00:1450:4001:802::2001
2a00:1450:4001:806::2002
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:812::2002
2a00:1450:4001:813::2001
2a00:1450:4001:813::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::2006
2a00:1450:400e:80c::200a
2a02:2638:1::3
2a02:2638::1c
2a02:26f0:1500::5c7b:d549
2a02:26f0:3500:58b::4469
2a02:fa8:8806:13::1370
3.121.203.249
34.149.20.76
35.190.0.66
35.244.159.8
37.157.2.237
37.157.5.72
37.157.6.247
37.252.173.22
54.175.87.114
74.119.119.139
92.42.142.174
92.42.142.175
025b6f80b0784d0ecb031a02df7b0ee7048ffec09b71a7269be5cf008412a87b
02fb31270eb75cb2bae6139a3ccb228c44b1cb46edc2299e99c04b094433bfa8
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
055becebc9958298fa38f2b894e61c381a59bb56f2068f2ff2e3ab340f24e3de
060ffcd79e610c3c1d28296fc009ae767fdd2168eaaa509e15b540ce82804b77
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
129fd31d9148b4e7cf9cdf6b99db533ca7f1a62f7ad98a764272fd943f3a0052
160a20bb1f82b7851d7d063b20ecf4ce8af251867e1c112a27a8825e76097f4c
17889fbe0a5a0e77b4f58973bdfd8feb6fa534352e9be69cd831b31649a71c91
1b97323ecf0a41f85d34ef3b38b6140521b9c74bd82e2a5ea88643cd3f91949d
1c7823652162a495cfbecff5a898d83b409fac9c03b837de7a9c9810e08485da
1d5ac3c4948de140e1100106a6258787a16f10fa5673ff12db208cdd24c6ff83
1e866177b20c63918d3eee2557ea041d676b3bc6b7f44cba812fad7d7cbc4272
204c3361b4063d7d3c5017455d87516838b2bf2a11f0cdeef39abcea55221e9e
2332a4979816a8f9f4fe2261d2277d5dd75e849f7c1601acf40c3443a60c78df
250952133a6dac078436b58494dfea0ea7a0f9565be355a0a0348018fbc5e3c6
2722c954a8ba72763a8b76c7f4ff1dea2c543c3a1ff14837dea2a9fe789a8942
2a40641661b54c304ebe64ce944b1261fd061962a6f2b86558f3b3d98237ca0a
2b0017894202085bdaa7072b328cd5cae82afd6c78611ea6ddcdba732306c8f2
3134ead8cde3b183908742311737674a75dd44b201fd269ea20c7df28a38c7d7
380071f7bce78fce7dea7acb9d2c465584295889205c26c5be3ed55d1d60e71b
4075e4e380188626166832e49f139f780a4d7a98a12cd8d83ef1aac70fc57489
4126dfd320a683caf3dec4d47ae01c9a4c613572357f295629812574cd8d2b6d
41da6d9bd0ca1e07d9b58bbad215dcac1facdedf35d504b318aad27060c9850b
442f60e4415f60a20f1296e6b9214a01910545b417c09a2b6d54c370524e6129
46900a82215d1cf8cef04df5a6f371efdc01c21dd319ca4837d715ab50d8d5b3
48df9398efd700f0d26c6e62aa56898eab4f484f407f27e6208193ff32ff6945
4a68b17866cc125378f37d90b56c4ac5ecd36ea37f1be71e12681eaca4831039
4a6a9091297d86c3d40e17c33b76dcda3bc20fc059522c3eb046db923d0e681a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c9997ff71353207a2e1e9ebb5d4459bf7f70d89c3f78181d4be9437e65a5add
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
507add04d1c6597d1eaca7599452be07bd58c4fca04d195808df2909d610d9e3
517d69e9ba18ba94dc1d595b01a4a6253d127e07a2e5b3c8d50072c35f86be77
519ec9de08db7a8e50fad24a010028f1618b1201a2ea76c2ce0adbc214eeade3
51b64d295549b8ec4848952b647a9093299133bef0900736ec931e682fd8d471
51d126fda82a5e01424fdc8f428264d586a0bb080169727f0de2805b8642488f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56d931bf96702e70241697108fba12f1fe673bd849e55af582f6f7bee5ccbc1a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
5a68ef8b63c5914e354aa61e913e48452bb44f8f06262483b27717cdbac83eb1
5e552fdeff03b091c23869902aedbc4ff39bb3c58c1b7a2d1dfd29c5d0f71bd9
60eb12486bd244f9b2c77d851a209c7f1cf81a9a82bce5662efb019b50b6f56c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
643942a00b0c0700ad1d39d440c61776f2cb6d3d1267830dc128637e15ecf9fd
657a6270acd4d75e521ead362617cadcaaddea44b685e2974d2edcf632e6e1d3
67a0cd3879eb0b17424177823ebc4d20069197e97bb483fe63f2a629b3f4e138
67cf9b4bc639937fbbd4d3e5d1a9a43ebffce2577ff3bb0a9b3def6b4088a68e
6c8e8e9a1a49698bba91f4f99ce5e520bd25bc53a2558735dee5f4d0d2a61b17
6ca3c3b408e842f1d30e443ec9d7588f371fc2c3e50c02f51d506651c439b703
6f0552daf770cff2789f4951a83a8913c2eafaa082785f1ba0a29700ce64ab87
71c77b11affd8a8f825dce30164019fcbd612b0cfabaf91f1f73cdff3562f731
730f8076b0de7120b1a302aac1256ab376b6637edb87485590dc9413daa27554
731fa3d6dcc73971dbb4c6c49223076a744d3e8eab66f86ce1ab83dd45cfa0bb
737cc4ec5816fcee5916c2e3a8f99bc83ce92d994e37f8267806d63c4c151926
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338
79d9d0cb995a45ed1d63a59cc6d7ee01ed1e2e01d54c1fd6da7bde3c786e69d4
7a024b3a515404415c303d7919b04405dac6994811c1e6af29b0a936cfa714ff
7bcf2bac32babb6a03adea909582627f60c69b35b617c6a2bafdc964474ba843
7cb1bf030680b75275f9941c6a2afaf9002aecca78b7d58f0832fc770d5ec481
822ca33fd3327e591efb7df27161328ff3b035a19f03218c3c5de686fca5e2bc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83afa0a7a3ed44befb6e2c53b69be58d040463f0dafac394bfe3df0d882d03b7
853df1cf4198a8cdb0b49e241027710087162052787c4203cec09dc82cf36e53
8633c389bc6d1793bb2223ccc419f603c4656799be9ab0f86cf93b1afd3ab2df
874e545a5055f7c8602c30ffd711768e8105bb75c87045a794f934d9cffa30c6
8774fc2d7df2f003b97bb7faf6170572f8b80c6d2e7c2d1ed883b5078f014acf
89b41f25cc4a5d2672857d6038ab85e975f71b54e056cc8598963b8f8cfd7c5d
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b5f43a98e4a9b8d03d599594db018b3df4e3681eadb1ddcf7d21c0d13ae3ff4
8e69d5b37fade9258cc077f5e205a840c12a461220fe0dc1e6eac75d08fe7168
8fe4a2e48384878e2fde5256bc624846dcf88c6a4c99a135fcc391b69a6b5b01
8fe958140956e46fe97220f508de9e588ea2c33bc30f92e4d6aeda2b71d99f4d
93af25a5d3c24d7d17b3e4b44453be93abd3f54c836ae6e7b99a718561dd8d2e
94851f470921dead8767d5d7ad0249b722ae03fbf5a3810c472a3e608ebc249f
9a3993918629dfd6a59c4563e9b4d464152b51d4113957ab8ebfbdcbcdc7f536
9a675ea5f409c66886094320441c46a00e85e7ba76201df0046f3712be427959
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a040eccd56269b4b1cff436d49f3328a673c968517fcf6c6da0f46d9ae5e4743
a27d9175457bbf67a00b3b2c6ce70e6c80aafe05558e6f0a950c6acced196951
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a643e3b28d0dab5d1a015ffb03b60e790bfa2d111475b9b624da23996b43cc33
a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aafbe63767b52106445fc908e63387cf0c3064c6f9b9545d70b77b123f626cc6
ae58f0762dfe3c0f1beee43115fbaa6eb133fe22d4a67139e4160d8e52f5f470
aeb925bb204a686701ed5795fc9a381422a479fca1cacbe35de200ac65319988
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b460fb43c0d18b583b113c5fbb8eaf6f317db3df4ade6b2898f44971190cc4e6
b493e2e2fc6205daea36c1339205681e5cbaf2c816401d9d52baf9c30e19c17b
b65bc26802e2597a6a5d734c9c02b65ce9addfc7254a3d89e8e1273e0a9679de
b7eeadc317a496e1de4fee39506d782aa7279cb5cb0de186bcff680b2f84fee8
b95939599754deb2250672a0ecba1494e7af2352a3598695df9684d77f953d73
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bf3f98017b277064d325789b391f88c47f5668fc852258bdd7f276db542481e7
c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619
c558d2c2f86b94d74442397a88c53c5bf27e812b165926f50b7dd07ba069e802
c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f
c96d5a358aa7aae42526bf6031bbe3df52294151e2ea88907686f79c327aa762
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3d6498e9829a788ca3d572159ca1a9f9941d4d3287cbe1cfc79186cdc90565f
d5ce4ea56dcebba22aa104344763baf784401ad477ec9c5a935a77eebb6b5bd1
d64d69e7dcf31e33e8ff0ca402114db859a13e8514ee0777a964430e8dfc8900
d9272902467388c0b7b6387712e6ea04286462e652f0112273b435efab1c31af
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
da2b63fefed1687611db88864450bdc8162f0b3a6c11d0b0cb1472821e48eeb9
dee9cc2ae9b94346af4eaf91a2e7ae9de7b1cc912df1c0ca2ca46d8a278e2fcc
e30aaafd4c7dd534259b8e35db4af9af5913b5dc7734364ac0e232c677d1f2e4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4fd699d785da5ba9b6cc4de5686c4c2220fb0dcb726cd80c879aa3798b5e888
e505786a78ea38e9b5a3030dcbc7fa2d386880e21680dddf8b5ca0ea4fcdd598
e618a577f0277d37fa43eaa36bcde1a98e6698356705294205887f6ace5134d7
eacea388d593b25ed247ec1f6c94b68e266a5f9b9ead59bf3a0b2a32b6f414d5
eb87d6943cde131a0710f9c48fa641b4f65866455668ce3439052cbd3234d109
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6f9331a30ebe5adfbccc4aacf53fdbb5c6fd74edcc0fb64bac144b5a46d2b
efd2fe255e4154630d6cfba7635156bee870a053148dfee8618fe28d31703639
f20d4b0a4399ede8c79186f15221344753f304f0c56532704294445c2387ef95
f47e1908774417e324ba48098e7bdd6fd0d05280c224629d2adf48282a695a1c
f6b66c9f9cb0f019c53f8dfaf188b74ff7f4e86c886cd34cc9e5aa4d1a1ade0c
faebf2994a921cb025d5301f3dba240663e6d6bf137d1424f800d9363ac5f929
fb88fd8b1c6da5a5596e484dfc2698ede30654596bd081f9558e25d20578ca06
fe6ff0fd7b06ad1f45c4d303ee01d7df20e1b7438b08356a164d23ba89b291a9
fe7d221e7ccf2543f75855d55d8052df7876bcf6a8b7a372f900d5d2ab7f58ee

online2pdf.com Open in urlscan Pro 92.42.142.174 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

205 Requests

93 %HTTPS

46 %IPv6

33 Domains

49 Subdomains

42 IPs

10 Countries

2140 kBTransfer

6010 kBSize

26 Cookies

6 Outgoing links

Redirected requests

205 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

online2pdf.com Open in urlscan Pro
92.42.142.174 Public Scan

Screenshot
Live screenshot

Full Image

205
Requests

93 %
HTTPS

46 %
IPv6

33
Domains

49
Subdomains

42
IPs

10
Countries

2140 kB
Transfer

6010 kB
Size

26
Cookies

205 HTTP transactions
5 data transactions